2024-04-21

author: Azat Bahawi <azat@bahawi.net> 2024-04-21 02:15:42 +0300
committer: Azat Bahawi <azat@bahawi.net> 2024-04-21 02:15:42 +0300
commit: e6ed60548397627bf10f561f9438201dbba0a36e (patch)
tree: f9a84c5957d2cc4fcd148065ee9365a0c851ae1c /modules/syncthing.nix
parent: 9ac64328603d44bd272175942d3ea3eaadcabd04 (diff)
1 files changed, 162 insertions, 0 deletions
diff --git a/modules/syncthing.nix b/modules/syncthing.nix
new file mode 100644
index 0000000..74d4afe
--- /dev/null
+++ b/modules/syncthing.nix
@@ -0,0 +1,162 @@
+{
+  config,
+  inputs,
+  lib,
+  libNginx,
+  this,
+  ...
+}:
+with lib;
+let
+  cfg = config.nixfiles.modules.syncthing;
+in
+{
+  options.nixfiles.modules.syncthing = {
+    enable = mkEnableOption "Syncthing";
+
+    port = mkOption {
+      description = "Port.";
+      type = with types; port;
+      default = 8384;
+    };
+
+    domain = mkOption {
+      description = "Domain name sans protocol scheme.";
+      type = with types; str;
+      default = "syncthing.${config.networking.fqdn}";
+    };
+  };
+
+  config = mkIf cfg.enable (mkMerge [
+    {
+      secrets = {
+        "syncthing-cert-${this.hostname}" = with config.services.syncthing; {
+          file = "${inputs.self}/secrets/syncthing-cert-${this.hostname}";
+          owner = user;
+          inherit group;
+        };
+
+        "syncthing-key-${this.hostname}" = with config.services.syncthing; {
+          file = "${inputs.self}/secrets/syncthing-key-${this.hostname}";
+          owner = user;
+          inherit group;
+        };
+      };
+
+      services.syncthing = {
+        enable = true;
+
+        user = my.username;
+        inherit (config.my) group;
+
+        dataDir = "${config.dirs.config}/syncthing";
+        configDir = config.services.syncthing.dataDir;
+
+        guiAddress = "127.0.0.1:${toString cfg.port}";
+
+        cert = config.secrets."syncthing-cert-${this.hostname}".path;
+        key = config.secrets."syncthing-key-${this.hostname}".path;
+
+        overrideDevices = false;
+        overrideFolders = false;
+
+        settings = {
+          options = {
+            autoUpgradeIntervalH = 0;
+            crashReportingEnabled = false;
+            globalAnnounceEnabled = false;
+            relaysEnabled = false;
+            setLowPriority = this.isHeadless;
+            stunKeepaliveStartS = 0;
+            urAccepted = -1;
+          };
+
+          gui = {
+            insecureAdminAccess = true;
+            insecureSkipHostcheck = this.isHeadless;
+          };
+
+          devices = mapAttrs (
+            name: attr:
+            mkIf (attr.syncthing.id != null && hasAttr "wireguard" attr) {
+              inherit (attr.syncthing) id;
+              compression = "metadata";
+              introducer = false;
+              address = "tcp://${name}.${config.networking.domain}:22000";
+              autoAcceptFolders = true;
+              untrusted = false;
+            }
+          ) my.configurations;
+
+          folders =
+            let
+              filterDevices =
+                f:
+                attrNames (
+                  filterAttrs (
+                    _: attr: (attr.hostname != this.hostname) && (attr.syncthing.id != null) && f attr
+                  ) my.configurations
+                );
+              all = filterDevices (_: true);
+              notHeadless = filterDevices (attr: !attr.isHeadless);
+              notOther = filterDevices (attr: !attr.isOther);
+
+              simple = {
+                type = "simple";
+                params.keep = "5";
+              };
+              trashcan = {
+                type = "trashcan";
+                params.cleanoutDays = "7";
+              };
+            in
+            with config.hm.xdg.userDirs;
+            {
+              share = {
+                path = publicShare;
+                devices = notHeadless;
+                versioning = trashcan;
+              };
+              pass = {
+                path = config.hm.programs.password-store.settings.PASSWORD_STORE_DIR;
+                devices = notOther;
+                versioning = trashcan;
+              };
+              org = {
+                path = "${documents}/org";
+                devices = all;
+                versioning = simple;
+              };
+              roam = {
+                path = "${documents}/roam";
+                devices = notOther;
+                versioning = simple;
+              };
+              elfeed = {
+                path = "${config.my.home}/.elfeed";
+                devices = notOther;
+                versioning = trashcan;
+              };
+              books = {
+                path = "${documents}/books";
+                devices = notOther;
+                versioning = trashcan;
+              };
+            };
+        };
+      };
+
+      systemd.services.syncthing.environment.STNODEFAULTFOLDER = "yes";
+    }
+    (mkIf this.isHeadless {
+      nixfiles.modules.nginx = {
+        enable = true;
+        upstreams.syncthing.servers.${config.services.syncthing.guiAddress} = { };
+        virtualHosts.${cfg.domain} = {
+          locations."/".proxyPass = "http://syncthing";
+          extraConfig = libNginx.config.internalOnly;
+        };
+      };
+    })
+  ]);
+}
author	Azat Bahawi <azat@bahawi.net>	2024-04-21 02:15:42 +0300
committer	Azat Bahawi <azat@bahawi.net>	2024-04-21 02:15:42 +0300
commit	e6ed60548397627bf10f561f9438201dbba0a36e (patch)
tree	f9a84c5957d2cc4fcd148065ee9365a0c851ae1c /modules/syncthing.nix
parent	9ac64328603d44bd272175942d3ea3eaadcabd04 (diff)