# Synology Setup Guide ## Prerequisites - DSM 7.x (DSM 6.x works but Container Manager is called Docker Station) - Admin access ## Step 1 — Enable SSH DSM → Control Panel → Terminal & SNMP → Terminal tab → enable SSH service. ## Step 2 — Install Container Manager DSM → Package Center → search "Container Manager" → install. ## Step 3 — Run the setup script Fill in your values at the top of `scripts/synology-setup.sh`, then run: ```bash bash scripts/synology-setup.sh ``` This will: - Create `/volume1/backups/restic` (REST server data) - Create `/volume1/images` (monthly SD card images) - Write an htpasswd file for REST server auth - Start the `restic/rest-server` Docker container on port 8000 ## Step 4 — Configure NFS for image backups DSM → Control Panel → File Services → NFS: 1. Enable NFS service (NFSv4 recommended) 2. Go to **Shared Folder** → select (or create) the `images` folder → Edit → NFS permissions 3. Add a rule: - Hostname/IP: your Pi subnet (e.g. `192.168.1.0/24`) - Privilege: Read/Write - Squash: No mapping - Security: sys ## Step 5 — Verify ```bash # Test REST server (from any host on your network) curl http://restic:YOUR_PASSWORD@SYNOLOGY_IP:8000/ # Test NFS mount (from a Pi) sudo mount -t nfs SYNOLOGY_IP:/volume1/images /mnt/test ls /mnt/test sudo umount /mnt/test ``` ## REST Server Management ```bash # View logs ssh admin@synology "docker logs restic-rest-server" # Restart ssh admin@synology "docker restart restic-rest-server" # Check running ssh admin@synology "docker ps | grep restic" ``` ## Storage Layout ``` /volume1/ backups/ restic/ ← shared restic repo (all devices, dedup'd) .htpasswd ← REST server auth config ← restic repo metadata data/ ← deduplicated backup data index/ keys/ locks/ snapshots/ images/ pi1/ pi1-2025-01-01.img.gz pi1-2025-02-01.img.gz pi1-2025-03-01.img.gz pi2/ ... ``` ## Firewall (if enabled on Synology) Allow inbound TCP on port 8000 from your Pi VLANs. NFS uses TCP/UDP 2049 — allow from Pi subnets.