Jack Cuthbert

Multi-user Syncthing Hub

Since setting up personal "cloud" storage on my server it became apparent that my partner could get in on this too and finally access years worth of important files without having to pay public cloud rates for the privilege. Unfortunately Syncthing is designed to be single user, so you’d have to run multiple instances on the hub to achieve what you want. What makes this even more complicated is trying to run multiple instances on one hub means you’ll have port conflicts without custom configuration and more involved client setup.

How I made it work

I have Syncthing running on its own VM with Docker, this makes the multiple instances problem go away with a bit of networking magic (it’s not really magic, I’m just not a networking guy).

Basically, we need an IP for each Syncthing instance in Docker, you can do this with the macvlan network driver. Macvlan lets you specify an IP and MAC address for each container on a single host as if it’s directly attached to the network rather than accessed via the host. No mucking about with port numbers or custom configuration beyond IP and MAC address assignments, everything just worksβ„’.

services:
  syncthing-1:
    # ...snip
    networks:
      my_network_name:
        ipv4_address: 192.168.1.100
        mac_address: 01:23:45:67:89:ab
  syncthing-2:
    # ...snip
    networks:
      my_network_name:
        ipv4_address: 192.168.1.101
        mac_address: ab:98:76:54:32:10

networks:
  my_network_name:
    driver: macvlan
    driver_opts:
      parent: ens18 # change to the interface on the host
    ipam:
      config:
        - subnet: 192.168.1.0/24 # change to the subnet for your network
          gateway: 192.168.1.1.  # your router / gateway

One small caveat with the above config. If you don't specify a MAC address, each container restart will generate a new one. Unifi will then start filling up with new devices in your client list that you'll never see again. Definitely don't ask me how I know this.

Users and storage

Syncthing has no built in way of limiting the amount of storage that can be consumed by files outside of a "% free" mechanism that defaults to 1%. I also don't expect anyone using my storage to really think in-depth about how much content they have to store and how much disk is available on the VM. Ideally I'd like them to run out first and ask me before the host VM becomes full. To solve this each user gets their own VM disk for storage, this implicitly limits how much storage can be used and it removes the risk of the VM disk becoming full. That 1% limit still applies, but at least it's configurable by the user on that instance only.

Permissions

Each storage disk has a folder owned by a non-root non-sudo capable user (useradd <username> && id <username>) that the Syncthing instance runs as. For example user-a with ID 1001 takes complete ownership of the /data and /config directories on the disk reserved for user-a. The example below shows 2 Syncthing instances with permissions set correctly (assuming you've created the directories and chown'd them to the right user).

services:
  syncthing-1:
    image: syncthing/syncthing
    environment:
      - PUID=1001 # user-a
      - PGID=1001 # user-a
    volumes:
      - /mnt/path/to/user-a/files:/var/syncthing/data
      - /mnt/path/to/user-a/config:/var/syncthing/config

  syncthing-2:
    image: syncthing/syncthing
    environment:
      - PUID=1002 # user-b
      - PGID=1002 # user-b
    volumes:
      - /mnt/path/to/user-b/files:/var/syncthing/data
      - /mnt/path/to/user-b/config:/var/syncthing/config

Backups

Backups are created daily by Proxmox Backup Server backup schedules, then replicated to my NAS and Backblaze B2. This ensures 3-2-1 backup but doesn't mean there's a fast or simple restore method. It will require rolling back a full day with PBS, or if there's a catastrophic loss, a full download from B2 which would incur egress cost. Until that becomes a concern for myself or my partner I think a robust daily backup like this is enough.

Automation

All of this is currently all manual effort if any changes need to happen. I don't usually mind this as I get a bit of enjoyment out of managing this sort of thing. If it was more than just 2 people using this then I'd consider automating things like instance, user, and disk creation but for now this is good enough.