Merge pull request '[#74] Syncthing mesh setup for VPS fleet' (#80) from feature/syncthing-setup into main

docs/SYNCTHING.md

@@ -0,0 +1,98 @@
+# Syncthing Mesh Setup
+
+Shared file synchronization across all Timmy VPS nodes.
+
+## Overview
+
+Syncthing provides peer-to-peer, encrypted file synchronization between all wizard VPS nodes. No central server required.
+
+## Architecture
+
+```
+┌─────────────────┐     P2P Sync      ┌─────────────────┐
+│  Allegro VPS    │ ◄──────────────► │   Ezra VPS      │
+│  143.198.27.163 │                   │ 167.99.126.228  │
+│  ~/shared/      │                   │  ~/shared/      │
+└─────────────────┘                   └─────────────────┘
+```
+
+## Quick Start
+
+### On Each VPS Node
+
+```bash
+# Run the setup script
+curl -sL https://raw.githubusercontent.com/Timmy_Foundation/timmy-home/main/scripts/setup-syncthing.sh | bash
+```
+
+Or manually:
+
+```bash
+# Download and run setup script
+wget -O /tmp/setup-syncthing.sh https://raw.githubusercontent.com/Timmy_Foundation/timmy-home/main/scripts/setup-syncthing.sh
+chmod +x /tmp/setup-syncthing.sh
+/tmp/setup-syncthing.sh <node-name>
+```
+
+## Node Status
+
+| Node | IP | Device ID | Status |
+|------|-----|-----------|--------|
+| Allegro | 143.198.27.163 | MK6G5KV-VLTY7KS-FJ6ZN63-RV5ZIRG-7C2GSRS-OSJUDWA-IC6A7UP-NIGMQAE | ✅ Running |
+| Ezra | 167.99.126.228 | TBD | ⏳ Awaiting setup |
+| Future Timmy | TBD | TBD | ⏳ Future |
+
+## Peering Nodes
+
+After setup on each node:
+
+1. Get device ID from each node:
+```bash
+syncthing --device-id
+```
+
+2. On Allegro VPS, add Ezra's device:
+```bash
+syncthing cli config devices add --device-id=<EZRA_DEVICE_ID> --name=ezra
+```
+
+3. On Ezra VPS, add Allegro's device:
+```bash
+syncthing cli config devices add --device-id=MK6G5KV-VLTY7KS-FJ6ZN63-RV5ZIRG-7C2GSRS-OSJUDWA-IC6A7UP-NIGMQAE --name=allegro
+```
+
+4. Share the `shared` folder with the peer device via web UI or CLI.
+
+## Testing Sync
+
+```bash
+# On Allegro
+echo "Test from Allegro" > ~/shared/test-allegro.txt
+
+# On Ezra (after 60 seconds)
+cat ~/shared/test-allegro.txt  # Should show "Test from Allegro"
+```
+
+## Web UI Access
+
+```bash
+# SSH tunnel to access web UI locally
+ssh -L 8384:localhost:8384 root@<vps-ip>
+# Then open http://localhost:8384 in browser
+```
+
+## Troubleshooting
+
+| Issue | Solution |
+|-------|----------|
+| Nodes not connecting | Check firewall allows port 22000/tcp |
+| Web UI not accessible | Verify bound to 127.0.0.1:8384 |
+| Files not syncing | Check folder paths match on both nodes |
+| Service not starting | Check `systemctl status syncthing@root` |
+
+## Security
+
+- Web UI bound to localhost only (no external exposure)
+- All sync traffic is encrypted
+- Device IDs required for peering (no unauthorized access)
+- No central server - direct peer-to-peer only

scripts/setup-syncthing.sh

@@ -0,0 +1,77 @@
+#!/bin/bash
+# Syncthing Setup Script for Timmy Fleet
+# Run this on each VPS node to join the sync mesh
+
+set -e
+
+NODE_NAME="${1:-$(hostname)}"
+HOME_DIR="${HOME:-/root}"
+CONFIG_DIR="$HOME_DIR/.config/syncthing"
+SHARED_DIR="$HOME_DIR/shared"
+
+export HOME="$HOME_DIR"
+
+echo "=== Syncthing Setup for $NODE_NAME ==="
+
+# Install syncthing if not present
+if ! command -v syncthing &> /dev/null; then
+    echo "Installing Syncthing..."
+    curl -sL "https://github.com/syncthing/syncthing/releases/download/v1.27.0/syncthing-linux-amd64-v1.27.0.tar.gz" | tar -xzf - -C /tmp/
+    cp /tmp/syncthing-linux-amd64-v1.27.0/syncthing /usr/local/bin/
+    chmod +x /usr/local/bin/syncthing
+fi
+
+# Create directories
+mkdir -p "$CONFIG_DIR"
+mkdir -p "$SHARED_DIR"
+
+# Generate config if not exists
+if [ ! -f "$CONFIG_DIR/config.xml" ]; then
+    echo "Generating Syncthing config..."
+    syncthing generate --config="$CONFIG_DIR"
+fi
+
+# Get device ID
+DEVICE_ID=$(syncthing --config="$CONFIG_DIR" --device-id 2>/dev/null || grep -oP '(?<=<device id=")[^"]+' "$CONFIG_DIR/config.xml" | head -1)
+echo "Device ID: $DEVICE_ID"
+
+# Modify config: change folder path and bind GUI to localhost only
+echo "Configuring Syncthing..."
+sed -i 's|path="/root/Sync"|path="/root/shared"|g' "$CONFIG_DIR/config.xml"
+sed -i 's|<address>127.0.0.1:8384</address>|<address>127.0.0.1:8384</address>|g' "$CONFIG_DIR/config.xml"
+sed -i 's|<address>0.0.0.0:8384</address>|<address>127.0.0.1:8384</address>|g' "$CONFIG_DIR/config.xml"
+
+# Create systemd service
+cat > /etc/systemd/system/syncthing@root.service << 'EOF'
+[Unit]
+Description=Syncthing - Open Source Continuous File Synchronization for %i
+Documentation=man:syncthing(1)
+After=network.target
+
+[Service]
+User=%i
+ExecStart=/usr/local/bin/syncthing -no-browser -no-restart -logflags=0
+Restart=on-failure
+RestartSec=5
+SuccessExitStatus=3 4
+RestartForceExitStatus=3 4
+Environment="HOME=/root"
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+# Enable and start service
+systemctl daemon-reload
+systemctl enable syncthing@root.service
+systemctl restart syncthing@root.service || systemctl start syncthing@root.service
+
+echo ""
+echo "=== Setup Complete ==="
+echo "Node: $NODE_NAME"
+echo "Device ID: $DEVICE_ID"
+echo "Shared folder: $SHARED_DIR"
+echo "Web UI: http://127.0.0.1:8384 (localhost only)"
+echo ""
+echo "To peer with another node, add their device ID via the web UI"
+echo "or use: syncthing cli --config=$CONFIG_DIR config devices add --device-id=<ID>"