diff options
Diffstat (limited to 'modules/nixos/syncthing.nix')
| -rw-r--r-- | modules/nixos/syncthing.nix | 162 |
1 files changed, 0 insertions, 162 deletions
diff --git a/modules/nixos/syncthing.nix b/modules/nixos/syncthing.nix deleted file mode 100644 index 74d4afe..0000000 --- a/modules/nixos/syncthing.nix +++ /dev/null @@ -1,162 +0,0 @@ -{ - config, - inputs, - lib, - libNginx, - this, - ... -}: -with lib; -let - cfg = config.nixfiles.modules.syncthing; -in -{ - options.nixfiles.modules.syncthing = { - enable = mkEnableOption "Syncthing"; - - port = mkOption { - description = "Port."; - type = with types; port; - default = 8384; - }; - - domain = mkOption { - description = "Domain name sans protocol scheme."; - type = with types; str; - default = "syncthing.${config.networking.fqdn}"; - }; - }; - - config = mkIf cfg.enable (mkMerge [ - { - secrets = { - "syncthing-cert-${this.hostname}" = with config.services.syncthing; { - file = "${inputs.self}/secrets/syncthing-cert-${this.hostname}"; - owner = user; - inherit group; - }; - - "syncthing-key-${this.hostname}" = with config.services.syncthing; { - file = "${inputs.self}/secrets/syncthing-key-${this.hostname}"; - owner = user; - inherit group; - }; - }; - - services.syncthing = { - enable = true; - - user = my.username; - inherit (config.my) group; - - dataDir = "${config.dirs.config}/syncthing"; - configDir = config.services.syncthing.dataDir; - - guiAddress = "127.0.0.1:${toString cfg.port}"; - - cert = config.secrets."syncthing-cert-${this.hostname}".path; - key = config.secrets."syncthing-key-${this.hostname}".path; - - overrideDevices = false; - overrideFolders = false; - - settings = { - options = { - autoUpgradeIntervalH = 0; - crashReportingEnabled = false; - globalAnnounceEnabled = false; - relaysEnabled = false; - setLowPriority = this.isHeadless; - stunKeepaliveStartS = 0; - urAccepted = -1; - }; - - gui = { - insecureAdminAccess = true; - insecureSkipHostcheck = this.isHeadless; - }; - - devices = mapAttrs ( - name: attr: - mkIf (attr.syncthing.id != null && hasAttr "wireguard" attr) { - inherit (attr.syncthing) id; - compression = "metadata"; - introducer = false; - address = "tcp://${name}.${config.networking.domain}:22000"; - autoAcceptFolders = true; - untrusted = false; - } - ) my.configurations; - - folders = - let - filterDevices = - f: - attrNames ( - filterAttrs ( - _: attr: (attr.hostname != this.hostname) && (attr.syncthing.id != null) && f attr - ) my.configurations - ); - all = filterDevices (_: true); - notHeadless = filterDevices (attr: !attr.isHeadless); - notOther = filterDevices (attr: !attr.isOther); - - simple = { - type = "simple"; - params.keep = "5"; - }; - trashcan = { - type = "trashcan"; - params.cleanoutDays = "7"; - }; - in - with config.hm.xdg.userDirs; - { - share = { - path = publicShare; - devices = notHeadless; - versioning = trashcan; - }; - pass = { - path = config.hm.programs.password-store.settings.PASSWORD_STORE_DIR; - devices = notOther; - versioning = trashcan; - }; - org = { - path = "${documents}/org"; - devices = all; - versioning = simple; - }; - roam = { - path = "${documents}/roam"; - devices = notOther; - versioning = simple; - }; - elfeed = { - path = "${config.my.home}/.elfeed"; - devices = notOther; - versioning = trashcan; - }; - books = { - path = "${documents}/books"; - devices = notOther; - versioning = trashcan; - }; - }; - }; - }; - - systemd.services.syncthing.environment.STNODEFAULTFOLDER = "yes"; - } - (mkIf this.isHeadless { - nixfiles.modules.nginx = { - enable = true; - upstreams.syncthing.servers.${config.services.syncthing.guiAddress} = { }; - virtualHosts.${cfg.domain} = { - locations."/".proxyPass = "http://syncthing"; - extraConfig = libNginx.config.internalOnly; - }; - }; - }) - ]); -} |