diff options
| author | azahi <azat@bahawi.net> | 2025-02-17 02:21:56 +0300 |
|---|---|---|
| committer | azahi <azat@bahawi.net> | 2025-02-17 02:21:56 +0300 |
| commit | 59180328cda59817d71cd58c8f48ead047375064 (patch) | |
| tree | 2cdd7d1bfa309839ef624c19daf283f510aacf69 /modules/syncthing.nix | |
| parent | 2025-02-05 (diff) | |
2025-02-17
Diffstat (limited to '')
| -rw-r--r-- | modules/syncthing.nix | 247 |
1 files changed, 124 insertions, 123 deletions
diff --git a/modules/syncthing.nix b/modules/syncthing.nix index d239aa4..af5754b 100644 --- a/modules/syncthing.nix +++ b/modules/syncthing.nix @@ -6,156 +6,157 @@ this, ... }: -with lib; let cfg = config.nixfiles.modules.syncthing; in { options.nixfiles.modules.syncthing = { - enable = mkEnableOption "Syncthing"; + enable = lib.mkEnableOption "Syncthing"; - port = mkOption { + port = lib.mkOption { description = "Port."; - type = with types; port; + type = lib.types.port; default = 8384; }; - domain = mkOption { + domain = lib.mkOption { description = "Domain name sans protocol scheme."; - type = with types; str; + type = lib.types.str; default = "syncthing.${config.networking.fqdn}"; }; }; - config = mkIf cfg.enable (mkMerge [ - { - secrets = { - "syncthing-cert-${this.hostname}" = with config.services.syncthing; { - file = "${inputs.self}/secrets/syncthing-cert-${this.hostname}"; - owner = user; - inherit group; - }; + config = lib.mkIf cfg.enable ( + lib.mkMerge [ + { + secrets = { + "syncthing-cert-${this.hostname}" = with config.services.syncthing; { + file = "${inputs.self}/secrets/syncthing-cert-${this.hostname}"; + owner = user; + inherit group; + }; - "syncthing-key-${this.hostname}" = with config.services.syncthing; { - file = "${inputs.self}/secrets/syncthing-key-${this.hostname}"; - owner = user; - inherit group; + "syncthing-key-${this.hostname}" = with config.services.syncthing; { + file = "${inputs.self}/secrets/syncthing-key-${this.hostname}"; + owner = user; + inherit group; + }; }; - }; - services.syncthing = { - enable = true; + services.syncthing = { + enable = true; - user = my.username; - inherit (config.my) group; + user = lib.my.username; + inherit (config.my) group; - dataDir = "${config.dirs.config}/syncthing"; - configDir = config.services.syncthing.dataDir; + dataDir = "${config.dirs.config}/syncthing"; + configDir = config.services.syncthing.dataDir; - guiAddress = "127.0.0.1:${toString cfg.port}"; + guiAddress = "127.0.0.1:${toString cfg.port}"; - cert = config.secrets."syncthing-cert-${this.hostname}".path; - key = config.secrets."syncthing-key-${this.hostname}".path; + cert = config.secrets."syncthing-cert-${this.hostname}".path; + key = config.secrets."syncthing-key-${this.hostname}".path; - overrideDevices = false; - overrideFolders = false; + overrideDevices = false; + overrideFolders = false; - settings = { - options = { - announceLANAddresses = false; - autoUpgradeIntervalH = 0; - crashReportingEnabled = false; - globalAnnounceEnabled = false; - relaysEnabled = false; - setLowPriority = this.isHeadful; - stunKeepaliveStartS = 0; - urAccepted = -1; - }; + settings = { + options = { + announceLANAddresses = false; + autoUpgradeIntervalH = 0; + crashReportingEnabled = false; + globalAnnounceEnabled = false; + relaysEnabled = false; + setLowPriority = this.isHeadful; + stunKeepaliveStartS = 0; + urAccepted = -1; + }; - gui = { - insecureAdminAccess = this.isHeadless; - insecureSkipHostcheck = this.isHeadless; - }; + gui = { + insecureAdminAccess = this.isHeadless; + insecureSkipHostcheck = this.isHeadless; + }; - devices = mapAttrs ( - name: attr: - mkIf (hasAttr "syncthing" attr && hasAttr "wireguard" attr) { - inherit (attr.syncthing) id; - compression = "always"; - introducer = false; - addresses = [ - "quic://${name}.${config.networking.domain}:22000" - "tcp://${name}.${config.networking.domain}:22000" - ]; - autoAcceptFolders = true; - untrusted = false; - } - ) my.configurations; - - folders = - let - filterDevices = - f: - attrNames ( - filterAttrs ( - _: attr: attr.hostname != this.hostname && hasAttr "syncthing" attr && f attr - ) my.configurations - ); - all = filterDevices (_: true); - notHeadless = filterDevices (attr: !attr.isHeadless); - notOther = filterDevices (attr: !attr.isOther); - - simple = { - type = "simple"; - params.keep = "5"; - }; - trashcan = { - type = "trashcan"; - params.cleanouctDays = "7"; - }; - in - with config.hm.xdg.userDirs; - { - share = { - path = publicShare; - devices = notHeadless; - versioning = trashcan; + devices = lib.mapAttrs ( + name: attr: + lib.mkIf (lib.hasAttr "syncthing" attr && lib.hasAttr "wireguard" attr) { + inherit (attr.syncthing) id; + compression = "always"; + introducer = false; + addresses = [ + "quic://${name}.${config.networking.domain}:22000" + "tcp://${name}.${config.networking.domain}:22000" + ]; + autoAcceptFolders = true; + untrusted = false; + } + ) lib.my.configurations; + + folders = + let + filterDevices = + f: + lib.attrNames ( + lib.filterAttrs ( + _: attr: attr.hostname != this.hostname && lib.hasAttr "syncthing" attr && f attr + ) lib.my.configurations + ); + all = filterDevices (_: true); + notHeadless = filterDevices (attr: !attr.isHeadless); + notOther = filterDevices (attr: !attr.isOther); + + simple = { + type = "simple"; + params.keep = "5"; + }; + trashcan = { + type = "trashcan"; + params.cleanouctDays = "7"; + }; + in + with config.hm.xdg.userDirs; + { + share = { + path = publicShare; + devices = notHeadless; + versioning = trashcan; + }; + org = { + path = "${documents}/org"; + devices = all; + versioning = simple; + }; + roam = { + path = "${documents}/roam"; + devices = notOther; + versioning = simple; + }; + elfeed = { + path = "${config.my.home}/.elfeed"; + devices = notOther; + versioning = trashcan; + }; + books = { + path = "${documents}/books"; + devices = notOther; + versioning = trashcan; + }; }; - org = { - path = "${documents}/org"; - devices = all; - versioning = simple; - }; - roam = { - path = "${documents}/roam"; - devices = notOther; - versioning = simple; - }; - elfeed = { - path = "${config.my.home}/.elfeed"; - devices = notOther; - versioning = trashcan; - }; - books = { - path = "${documents}/books"; - devices = notOther; - versioning = trashcan; - }; - }; + }; }; - }; - - systemd.services.syncthing.environment.STNODEFAULTFOLDER = "yes"; - } - (mkIf this.isHeadless { - nixfiles.modules.nginx = { - enable = true; - upstreams.syncthing.servers.${config.services.syncthing.guiAddress} = { }; - virtualHosts.${cfg.domain} = { - locations."/".proxyPass = "http://syncthing"; - extraConfig = libNginx.config.internalOnly; + + systemd.services.syncthing.environment.STNODEFAULTFOLDER = "yes"; + } + (lib.mkIf this.isHeadless { + nixfiles.modules.nginx = { + enable = true; + upstreams.syncthing.servers.${config.services.syncthing.guiAddress} = { }; + virtualHosts.${cfg.domain} = { + locations."/".proxyPass = "http://syncthing"; + extraConfig = libNginx.config.internalOnly; + }; }; - }; - }) - ]); + }) + ] + ); } |