syncthing: Run service as system user 'syncthing'

- Enabled Apache LDAP authentication for Syncthing.

actions/syncthing

@@ -39,6 +39,12 @@ def parse_arguments():
     return parser.parse_args()
 
 
+def subcommand_pre_setup(_):
+    """Actions to be performed before installing Syncthing"""
+    subprocess.check_call(
+        ['adduser', '--system', '--disabled-login', 'syncthing'])
+
+
 def subcommand_setup(_):
     """Setup Syncthing configuration."""
     subprocess.check_call(
@@ -49,12 +55,13 @@ def subcommand_setup(_):
 
 def service_enable():
     """Start the Syncthing service as plinth user"""
-    subprocess.check_call(['systemctl', 'start', 'syncthing@plinth.service'])
+    subprocess.check_call(
+        ['systemctl', 'start', 'syncthing@syncthing.service'])
 
 
 def service_disable():
     """Stop the Syncthing service as plinth user"""
-    subprocess.check_call(['systemctl', 'stop', 'syncthing@plinth.service'])
+    subprocess.check_call(['systemctl', 'stop', 'syncthing@syncthing.service'])
 
 
 def subcommand_enable(_):

data/etc/apache2/conf-available/syncthing-plinth.conf

@@ -1,5 +1,14 @@
 ProxyPass /syncthing/ http://localhost:8384/
+
 <Location /syncthing/>
     ProxyPassReverse http://localhost:8384/
-    Require all granted
-</Location>
+    AuthType basic
+    AuthName "FreedomBox Login"
+    AuthBasicProvider ldap
+    AuthLDAPUrl "ldap:///ou=users,dc=thisbox?uid"
+    AuthLDAPGroupAttribute memberUid
+    AuthLDAPGroupAttributeIsDN off
+    Require valid-user
+</Location>
+
+

plinth/modules/syncthing/__init__.py

@@ -72,6 +72,7 @@ def init():
 
 def setup(helper, old_version=None):
     """Install and configure the module."""
+    helper.call('pre', actions.superuser_run, 'syncthing', ['pre-setup'])
     helper.install(managed_packages)
     helper.call('post', actions.superuser_run, 'syncthing', ['setup'])
     global service