How to Connect Both for Increased Functionality

I described Nextcloud in a previous article. It’s great at syncing contacts and calendars. It uses the standard CardDAV/CalDAV protocols. Files can be directly editted on the Nextcloud web interface, similar to Google Drive. However we want file syncing to be instant after edits. We’ve been spoiled by using Syncthing.

My previous article on Syncthing praised it for it’s superior sync ability. It’s technology can detect file changes in realtime. It then pushes these changes to synced devices. Following Unix philosophy, Syncthing does this one thing really well.

So integrating the two seems like an obvious pairing. Once you’ve got and set up, the next thing to do is combine them. This allows us to utilize the powerful, realtime, Syncthing sync protocol along with the user friendly frontend of NextCloud. In addition to the features they both offer individually, there is added benefit for integrating the two. For example, by integrating the two, we’ll be able to create share links with others. This will allow us to provide anyone who has the link with read access to specific Syncthing files. All while preventing access to the entire Syncthing network.

File Permissions

For this to work, both programs must be running on the same server. (Remember, for our purposes server is just a fancy word for computer.) The trick is ensuring NextCloud has read/write permissions to the Syncthing folders.

As can be seen below, on my Linux computer, this was not the case.

root@DietPi:/mnt/dietpi_userdata# ls -l
drwxrwxr-x 2 dietpi   dietpi   3488 Dec 27 16:50 downloads
drwxrwxr-x 2 dietpi   dietpi   3488 Dec 27 16:50 Music
drwxr-xr-x 5 mysql    mysql    3488 Dec 27 18:55 mysql
drwxrwx--- 6 www-data www-data 3488 Dec 27 21:43 nextcloud_data
drwxrwxr-x 2 dietpi   dietpi   3488 Dec 27 16:50 Pictures
drwx------ 3 dietpi   dietpi   3488 Dec 28 09:14 syncthing
drwx------ 4 dietpi   dietpi   3488 Dec 27 22:01 syncthing_data
drwxrwxr-x 2 dietpi   dietpi   3488 Dec 27 16:50 Video

Nextcloud was running through the webserver as the www-data user, while Syncthing was running as the dietpi user. This created folders that could not be written to by both programs.

Initially, I tried changing the group and permissions of the syncthing folder, so that NextCloud could write to it.

chown -R :www-data syncthing_data
chmod -R 775 syncthing data

drwxrwxr-x 4 dietpi   www-data 3488 Dec 27 22:01 syncthing_data

This worked at first, but any new files from Syncthing were created with the dietpi:dietpi user and group. I then tried changing the folder user and group.

chown -R www-data:www-data syncthing_data

drwxrwxr-x 4 www-data www-data 3488 Dec 27 22:01 syncthing_data

Honestly… I don’t know why I thought this would work. It resulted in the same issue as previously…

Chaning the Syncthing User

I realized it would be a little more involved than that, so I did some research. What I really needed was for Syncthing to run as www-data, instead of dietpi, and thus create new files as the www-data:www-data user/group. The method to accomplish this may vary depending on operating system and distribution. For instance, your web server may use a different user such as apache. Consult Syncthing and your distro’s documentation to determine how to run syncthing as a different user.

I accomplished this on DietPi, which is a Raspberry Pi linux distro based on Debian. The first thing to do was to determine the location of the systemd service file.

root@DietPi:/etc/systemd/system# ls -l
-rw-r--r-- 1 root root  246 Dec 27 17:40 syncthing.service

We need to edit this file. However, if we edit the service file directly, the changes will be overwritten the next time there’s an update. Instead, let’s create a copy. Naming it with @www-data will ensure it runs with the www-data user.

root@DietPi:/etc/systemd/system# cp syncthing.service syncthing@www-data.service
root@DietPi:/etc/systemd/system# ls -l
-rw-r--r-- 1 root root  246 Dec 27 17:40 syncthing.service
-rw-r--r-- 1 root root  260 Dec 28 09:31 syncthing@www-data.service

Then edit the file and change the user to www-data. You may also need to change the location or permissions on the configuration directory specified by -home= in the ExecStart= directive. This is how my file looked in the end:

root@DietPi:/etc/systemd/system# cat syncthing@www-data.service 
[Unit]
Description=Syncthing (Nextcloud-compatible)
After=network.target

[Service]
User=www-data
ExecStart=/etc/syncthing/syncthing -logfile=/var/log/syncthing/syncthing.log -logflags=3 -home=/mnt/dietpi_userdata/syncthing_nextcloud

[Install]
WantedBy=multi-user.target

Note: Some users may have issue with dashes in the username. If this is the case, escape the dash in both file name, and in the User= attribute. This is accomplished by using the name www\-data.

After creating the new service, disable the original service from autostarting on boot, enable the new service autostart, then start the service.

root@DietPi:/mnt/dietpi_userdata# systemctl disable syncthing.service
root@DietPi:/mnt/dietpi_userdata# systemctl enable syncthing@www-data.service
root@DietPi:/mnt/dietpi_userdata# systemctl start syncthing@www-data.service

The new folder should appear with the correct owner and permissions.

root@DietPi:/mnt/dietpi_userdata# ls -l
total 35
drwxrwxr-x 2 dietpi   dietpi   3488 Dec 27 16:50 downloads
drwxrwxr-x 2 dietpi   dietpi   3488 Dec 27 16:50 Music
drwxr-xr-x 5 mysql    mysql    3488 Dec 27 18:55 mysql
drwxrwx--- 6 www-data www-data 3488 Dec 27 21:43 nextcloud_data
drwxrwxr-x 2 dietpi   dietpi   3488 Dec 27 16:50 Pictures
drwx------ 3 dietpi   dietpi   3488 Dec 28 09:14 syncthing
drwxrwxr-x 4 dietpi   dietpi   3488 Dec 27 22:01 syncthing_data
drwx------ 3 www-data www-data 3488 Dec 28 10:24 syncthing_nextcloud
drwxr-xr-x 4 www-data www-data 3488 Dec 28 09:56 syncthing_nextcloud_data
drwxrwxr-x 2 dietpi   dietpi   3488 Dec 27 16:50 Video

Syncthing Folders

Go ahead and set up Syncthing like normal. These are the folders I’ve synced, that I’ll add to NextCloud.

Syncthing GUI

You can see the correct owner has been set after syncthing the new folders:

root@DietPi:/mnt/dietpi_userdata# ls -l syncthing_nextcloud_data/
total 7
drwxr-xr-x 3 www-data www-data 3488 Dec 28 10:23 default
drwxr-xr-x 9 www-data www-data 3488 Dec 28 10:23 Journal

Nextcloud Configuration

All that’s left now is to add the folder to NextCloud. If not already done, enable the “External Storage” function from the App menu. Enable Nextcloud External Storage

Then go to Settings > Administration > External Storage. Add the Syncthing folder with External Storage type as “local”. Don’t forget to save. Enable Nextcloud External Storage

As you can see on the left, the Syncthing folder we created is available. And on the right, the contents of the Syncthing folder being synced. Enable Nextcloud External Storage

Conclusion

In the end we created a self hosted Google Drive alternative. We already had Nexcloud syncing our contacts and Calendars. We can now edit our files directly on the Nextcloud web gui. These changes will then sync to all connected devices. This much needed solution helps us take one more step to being completly in control of our own data.