diff --git a/README.md b/README.md index 7f2de21..25f16ed 100644 --- a/README.md +++ b/README.md @@ -60,11 +60,11 @@ After the hub and at least one spoke are set up, run `syncthing.sh` on either de ``` The typical pairing flow: -1. Run option 1 (Show This Device's ID) on the spoke — copy the ID -2. Run option 4 (Add Device) on the hub — paste the spoke's ID -3. Run option 1 (Show This Device's ID) on the hub — copy the ID -4. Run option 4 (Add Device) on the spoke — paste the hub's ID -5. On both devices, run option 7 (Add Folder) or option 9 (Share Folder with Device) to share folders between them +1. Run option 0 (Show This Device's ID) on the spoke — copy the ID +2. Run option 3 (Add Device) on the hub — paste the spoke's ID +3. Run option 0 (Show This Device's ID) on the hub — copy the ID +4. Run option 3 (Add Device) on the spoke — paste the hub's ID +5. On both devices, run option 6 (Add Folder) or option 8 (Share Folder with Device) to share folders between them --- @@ -162,13 +162,24 @@ Run as root on a new hub server. Handles: Run as the hub user after a spoke connects. Handles: - SSH key generation and deployment to spoke - rclone remote configuration (with trailing newline guard) +- Optional union remote setup with configurable upstream access mode (none, `:ro`, `:nc`, `:writeback`) - Spoke registration in `~/.config/tinyboard/spokes` +#### Union Remote +During onboarding, the user is optionally prompted to add the spoke to an rclone union remote for redundancy. If multiple spokes share the same files (via Syncthing), a union remote merges them into a single path so that if one spoke goes offline, the other can serve the files. Each upstream can be configured with an access mode: +- `none` — full read/write (default) +- `:ro` — read only +- `:nc` — no create (read/write existing files, no new files) +- `:writeback` — writeback cache + +The union remote is automatically updated when a spoke is offboarded. + ### `hub/offboard-spoke.sh` Run as the hub user to remove a spoke. Handles: - Unmounting the spoke filesystem - Crontab backup (timestamped to `~/.config/tinyboard/`) then entry removal - Removing the rclone remote +- Removing the spoke from any union remotes in `rclone.conf` - Optionally removing the hub SSH key - Removing from the spoke registry @@ -208,6 +219,7 @@ Restore hints are printed to the terminal after each backup. - Netplan changes verified with a 30-second connectivity check before being made permanent - Spoke names validated against `^[a-zA-Z0-9._-]+$` to prevent injection into hostnames and container names - Syncthing admin UI bound to `127.0.0.1:8384` only (not exposed on the network) +- Syncthing config and certs stored in a Docker-managed named volume, separate from the data directory ---