Add syncthing key and cert in packer image, plus fix mount ownership

prod/syncthing-packer/.gitignore

@@ -1 +1,3 @@
 packer/syncthing-config.xml
+packer/syncthing-cert.pem
+packer/syncthing-key.pem

prod/syncthing-packer/packer/Makefile

@@ -5,3 +5,9 @@ packer: syncthing-config.xml syncthing.json
 
 syncthing-config.xml: syncthing-config.xml.template
 	sigil -p -f syncthing-config.xml.template > syncthing-config.xml
+
+syncthing-cert.pem: syncthing-cert.pem.template
+	sigil -p -f syncthing-cert.pem.template > syncthing-cert.pem
+
+syncthing-key.pem: syncthing-key.pem.template
+	sigil -p -f syncthing-key.pem.template > syncthing-key.pem

prod/syncthing-packer/packer/syncthing-cert.pem.template

@@ -0,0 +1 @@
+${SYNCTHING_CERT_PEM:?}

prod/syncthing-packer/packer/syncthing-config.xml.template

@@ -1,5 +1,5 @@
 <configuration version="30">
-    <folder id="default" label="Default Folder" path="/mnt/syncthing-volume/Sync" type="sendreceive" rescanIntervalS="3600" fsWatcherEnabled="true" fsWatcherDelayS="10" ignorePerms="false" autoNormalize="true">
+    <folder id="default" label="Default Folder" path="/home/syncthing/syncthing-volume/Sync" type="sendreceive" rescanIntervalS="3600" fsWatcherEnabled="true" fsWatcherDelayS="10" ignorePerms="false" autoNormalize="true">
         <filesystemType>basic</filesystemType>
         <device id="UW7FOJM-POJIOL5-JRHZ3BP-BOWBHKY-VY3B5UH-MO2QNKB-4HBSNR6-DD6RIQL" introducedBy=""></device>
         <device id="U7CQRH7-7CG4M2R-QOGYHBJ-ZJZ35GA-KZR2JE5-7OLJZ7R-FRKT2RG-UMYUHQM" introducedBy=""></device>
@@ -30,7 +30,7 @@
         <disableFsync>false</disableFsync>
         <blockPullOrder>standard</blockPullOrder>
     </folder>
-    <device id="UW7FOJM-POJIOL5-JRHZ3BP-BOWBHKY-VY3B5UH-MO2QNKB-4HBSNR6-DD6RIQL" name="jdormit-syncthing" compression="metadata" introducer="false" skipIntroductionRemovals="false" introducedBy="">
+    <device id="DU4PIUR-4MIPB4W-D2Z377I-TN5B2CL-GAKW2FA-UMW7W5U-AYUVESS-FVULWAV" name="jdormit-syncthing" compression="metadata" introducer="false" skipIntroductionRemovals="false" introducedBy="">
         <address>dynamic</address>
         <paused>false</paused>
         <autoAcceptFolders>false</autoAcceptFolders>

prod/syncthing-packer/packer/syncthing-key.pem.template

@@ -0,0 +1 @@
+${SYNCTHING_KEY_PEM:?}

prod/syncthing-packer/packer/syncthing.json

@@ -17,6 +17,7 @@
         "sudo mkdir -p /mnt/syncthing-volume",
         "sudo chown syncthing:syncthing /mnt/syncthing-volume",
         "sudo echo \"/dev/disk/by-label/syncthing-volume /mnt/syncthing-volume ext4 defaults,nofail,discard,noatime 0 2\" >> /etc/fstab",
+        "sudo echo \"/mnt/syncthing-volume /home/syncthing/syncthing-volume fuse.bindfs force-user=syncthing,force-group=syncthing 0 0\"",
         "sudo findmnt --verify --verbose"
       ]
     },
@@ -30,6 +31,16 @@
       "source": "syncthing-config.xml",
       "destination": "/tmp/syncthing-config.xml"
     },
+    {
+      "type": "file",
+      "source": "syncthing-cert.pem",
+      "destination": "/tmp/syncthing-cert.pem"
+    },
+    {
+      "type": "file",
+      "source": "syncthing-key.pem",
+      "destination": "/tmp/syncthing-key.pem"
+    },
     {
       "type": "shell",
       "inline": [
@@ -39,6 +50,8 @@
         "sudo apt-get install -y syncthing",
         "sudo mkdir -p /home/syncthing/.config/syncthing",
         "sudo mv /tmp/syncthing-config.xml /home/syncthing/.config/syncthing/config.xml",
+        "sudo mv /tmp/syncthing-cert.pem /home/syncthing/.config/syncthing/cert.pem",
+        "sudo mv /tmp/syncthing-key.pem /home/syncthing/.config/syncthing/key.pem",
         "sudo chown -R syncthing:syncthing /home/syncthing/.config/syncthing",
         "sudo mv /tmp/syncthing@.service /etc/systemd/system/syncthing@.service",
         "sudo systemctl daemon-reload",

prod/syncthing-packer/terraform/main.tf

@@ -5,7 +5,7 @@ provider "digitalocean" {
 }
 
 data "digitalocean_image" "syncthing" {
-  name = "syncthing-packer-1609271401"
+  name = "syncthing-packer-1609384536"
 }
 
 data "terraform_remote_state" "do_ssh_keys" {