[syncthing] Mount only `/media`, `/share` and `/backups`

Question

[syncthing] Mount only `/media`, `/share` and `/backups`

Closed this issue 9 months ago · 10 comments

I was wondering whether we should limit the mounts (map in config.yaml) by

mounting ssl read-only, i.e. remove the :rw, or even completely removing ssl. Why does Syncthing need access to custom certs in the first place? We have Ingress for that, no?
removing addons:rw. What is the use case for Syncthing having access to local add-ons? Not even the official File editor add-on has access to addons since it's deemed confusing for non-developers.

Answer 1 · 2024-01-14T21:18:36.000Z

We should reconsider this since people actually like to sync HA-internal files, it appears. So maybe even do the opposite of the above and expose all_addon_configs:rw and homeassistant_config:rw, too?

Answer 2 · 2024-01-14T21:20:01.000Z

I would suggest that we enable the mount but add a warning in the addon Readme about the security risk.

Answer 3 · 2024-01-14T21:26:40.000Z

I would just like to second the idea of allowing exposure to /config perhaps with a warning, as I personally have been using Syncthing to edit files in /config via other devices.

Answer 4 · 2024-01-14T21:28:19.000Z

I would suggest that we enable the mount but add a warning in the addon Readme about the security risk.

That sounds reasonable.

I think that people could generally use some guidance with the different persistent directories available to Syncthing. Maybe we should just include a table similar to this one with a short explanation of each dir? Unfortunately, the official documentation about these dirs (documented under the map key) is very sparse, so just linking to it is not really an option.

Answer 5 · 2024-01-14T21:55:22.000Z

@salim-b The table is a nice idea. That would be a great thing to have.

Answer 6 · 2024-01-25T11:46:57.000Z

How to sync /config folder? I have several redundant servers that need to have up-to-date information with automatic synchronization of configuration files

Answer 7 · 2024-02-26T22:27:04.000Z

Being able to sync /config would be great indeed, that was the sole reason I looked into a syncthing add-on in the first place.

Answer 8 · 2024-02-28T17:13:39.000Z

I agree with @alucryd. I had mentioned this issue before. The /config directory is the only one I have ever used, as it lets me edit automations.yaml, configuration.yaml, etc. on other devices. I had to roll back to a previous version and turn off auto-update. I hope a future version allows us to access that directory.

Answer 9 · 2024-03-08T17:14:31.000Z

@salim-b The table is a nice idea. That would be a great thing to have.

See #467.

Answer 10 · 2024-03-08T17:32:50.000Z

Thank you @salim-b for helping to fix this issue!