nixos-config/nixos/components/network/syncthing.nix

{ config, lib, pkgs, factsGenerator, ... }:
with lib; {

  networking.firewall.interfaces."gummybears".allowedTCPPorts = [ 8384 ];

  clanCore.facts.services.syncthing = factsGenerator.syncthing { };

  # todo : use tmpfiles.rules
  systemd.tmpfiles.settings.syncthing = {
    "/run/facts/syncthing.key".C = {
      type = "C";
      user = config.services.syncthing.user;
      group = config.services.syncthing.group;
      mode = "400";
      argument = config.clanCore.facts.services.syncthing.secret."syncthing.key".path;
    };
    "/run/facts/syncthing.cert".C = {
      type = "C";
      user = config.services.syncthing.user;
      group = config.services.syncthing.group;
      mode = "400";
      argument = config.clanCore.facts.services.syncthing.secret."syncthing.cert".path;
    };
  };

  services.syncthing = {
    enable = lib.mkForce false;
    guiAddress = lib.mkDefault "${config.networking.hostName}.${ config.clan.static-hosts.topLevelDomain }:8384";
    overrideDevices = lib.mkDefault true;
    key = "/run/facts/syncthing.key";
    cert = "/run/facts/syncthing.cert";
    settings.devices =
      let
        machineDir = "${config.clanCore.clanDir}/machines";
        #machinesFileSet = builtins.readDir machineDir;
        #machines = lib.mapAttrsToList (name: _: name) machinesFileSet;
        syncthingPub = machine:
          lib.removeSuffix "\n"
            (builtins.readFile "${machineDir}/${machine}/facts/syncthing.pub");
        zerotierIp = machine: (builtins.readFile "${machineDir}/${machine}/facts/zerotier-ip");

        clanDevice = machine: {
          "${machine}" = {
            name = machine;
            id = syncthingPub machine;
            addresses = [ "tcp://[${zerotierIp machine}]:22000" ];
          };
        };

        device = name: id: {
          "${name}" = {
            name = name;
            id = id;
            addresses = [ "tcp://${name}.private:22000" ];
          };
        };
      in
      { }
      #{
      #  "orbi" = {
      #    name = "orbi";
      #    id = "5U5ZP6R-SUQO5SY-WICWWLZ-HPHQBM5-P27YSU6-66TWIBK-XLX4X5N-4O6TVAC";
      #    addresses = [ "tcp://95.216.66.212:22000" ];
      #  };
      #}

      #// (device "mobi" )
      #// (device "bobi" )
      // (clanDevice "orbi")
      // (clanDevice "cream")
      // (clanDevice "cherry")
      // (clanDevice "chungus")


      // (device "iPhone" "APFS6SA-VVTARXU-3WHHRZG-TE5N3T4-X4IC76V-T67EKZ6-NLGP3TW-EZYXYAH")
      // (device "iPad" "JDDNVYD-H3WMSSS-WZ745KL-7QEGN6O-ZSGQLQU-YBR2L42-7FO7KJ4-BXPYDA5")
      // {
        bumba = {
          name = "windows-bumba";
          id = "JS7PWTO-VKFGBUP-GNFLSWP-MGFJ2KH-HLO2LKW-V3RPCR6-PCB5SQC-42FCKQZ";
        };
      };

    settings.folders = {

      # needs to be on encrypted drives
      # -------------------------------
      audiobooks = {
        enable = lib.mkDefault false;
        path = lib.mkDefault "/tmp/audiobooks";
        devices = [ "chungus" "orbi" ];
      };
      books = {
        enable = lib.mkDefault false;
        path = lib.mkDefault "/tmp/books";
        devices = [ "chungus" "cream" "cherry" ];
        versioning = {
          type = "simple";
          params.keep = "2";
        };
      };
      desktop = {
        enable = lib.mkDefault false;
        path = lib.mkDefault "/tmp/desktop";
        devices = [ "chungus" "cream" "cherry" ];
      };
      finance = {
        enable = lib.mkDefault false;
        path = lib.mkDefault "/tmp/finance";
        devices = [ "chungus" "cream" "cherry" ];
        versioning = {
          type = "simple";
          params.keep = "10";
        };
      };
      flix = {
        enable = lib.mkDefault false;
        path = lib.mkDefault "/tmp/flix";
        devices = [ "chungus" "orbi" ];
      };
      logseq = {
        enable = lib.mkDefault false;
        path = lib.mkDefault "/tmp/logseq";
        devices = [ "chungus" "cream" "cherry" "iPhone" "iPad" ];
      };
      lectures = {
        enable = lib.mkDefault false;
        path = lib.mkDefault "/tmp/lectures";
        devices = [ "chungus" "orbi" ];
      };
      oscar_cpap = {
        enable = lib.mkDefault false;
        path = lib.mkDefault "/tmp/oscar_cpap";
        devices = [ "chungus" "cream" "cherry" ];
      };
      password-store = {
        enable = lib.mkDefault false;
        path = lib.mkDefault "/tmp/password-store";
        devices = [ "chungus" "cream" "cherry" ];
        versioning = {
          type = "simple";
          params.keep = "10";
        };
      };
      # todo remove if zfs is is used
      #nextcloud_backup = {
      #  enable = lib.mkDefault false;
      #  path = lib.mkDefault "/tmp/lost-fotos";
      #  devices = [ "chungus"  ];
      #  versioning = {
      #    type = "simple";
      #    params.keep = "2";
      #  };
      #};
    };
  };

}
use clan facts for syncthing 2024-06-02 20:50:17 +02:00			`{ config, lib, pkgs, factsGenerator, ... }:`
nixfmt: reformat all files 2019-12-20 05:54:26 +01:00			`with lib; {`
init 2019-10-24 02:20:38 +02:00
use clan facts for syncthing 2024-06-02 20:50:17 +02:00			`networking.firewall.interfaces."gummybears".allowedTCPPorts = [ 8384 ];`

			`clanCore.facts.services.syncthing = factsGenerator.syncthing { };`
use tmpfiles for file permission 2024-06-04 09:13:35 +02:00
			`# todo : use tmpfiles.rules`
			`systemd.tmpfiles.settings.syncthing = {`
			`"/run/facts/syncthing.key".C = {`
			`type = "C";`
Test something 2024-06-04 09:01:01 +02:00			`user = config.services.syncthing.user;`
			`group = config.services.syncthing.group;`
			`mode = "400";`
use tmpfiles for file permission 2024-06-04 09:13:35 +02:00			`argument = config.clanCore.facts.services.syncthing.secret."syncthing.key".path;`
Test something 2024-06-04 09:01:01 +02:00			`};`
use tmpfiles for file permission 2024-06-04 09:13:35 +02:00			`"/run/facts/syncthing.cert".C = {`
Test something 2024-06-04 09:01:01 +02:00			`type = "C";`
			`user = config.services.syncthing.user;`
			`group = config.services.syncthing.group;`
			`mode = "400";`
use tmpfiles for file permission 2024-06-04 09:13:35 +02:00			`argument = config.clanCore.facts.services.syncthing.secret."syncthing.cert".path;`
Test something 2024-06-04 09:01:01 +02:00			`};`
			`};`
use clan facts for syncthing 2024-06-02 20:50:17 +02:00
20.09 update 2020-11-21 18:56:11 +01:00			`services.syncthing = {`
made wireguard work again 2024-06-05 12:51:38 +02:00			`enable = lib.mkForce false;`
use clan facts for syncthing 2024-06-02 20:50:17 +02:00			`guiAddress = lib.mkDefault "${config.networking.hostName}.${ config.clan.static-hosts.topLevelDomain }:8384";`
21.05 -> 21.11 robi 2022-01-09 19:22:12 +01:00			`overrideDevices = lib.mkDefault true;`
use tmpfiles for file permission 2024-06-04 09:13:35 +02:00			`key = "/run/facts/syncthing.key";`
			`cert = "/run/facts/syncthing.cert";`
upgrade cream 2023-12-08 22:47:37 +01:00			`settings.devices =`
21.05 -> 21.11 robi 2022-01-09 19:22:12 +01:00			`let`
use clan facts for syncthing 2024-06-02 20:50:17 +02:00			`machineDir = "${config.clanCore.clanDir}/machines";`
			`#machinesFileSet = builtins.readDir machineDir;`
			`#machines = lib.mapAttrsToList (name: _: name) machinesFileSet;`
			`syncthingPub = machine:`
			`lib.removeSuffix "\n"`
			`(builtins.readFile "${machineDir}/${machine}/facts/syncthing.pub");`
			`zerotierIp = machine: (builtins.readFile "${machineDir}/${machine}/facts/zerotier-ip");`

			`clanDevice = machine: {`
			`"${machine}" = {`
			`name = machine;`
			`id = syncthingPub machine;`
			`addresses = [ "tcp://[${zerotierIp machine}]:22000" ];`
			`};`
			`};`

21.05 -> 21.11 robi 2022-01-09 19:22:12 +01:00			`device = name: id: {`
			`"${name}" = {`
			`name = name;`
			`id = id;`
updates to make cream work 2023-02-16 13:52:15 +01:00			`addresses = [ "tcp://${name}.private:22000" ];`
21.05 -> 21.11 robi 2022-01-09 19:22:12 +01:00			`};`
			`};`
			`in`
use clan facts for syncthing 2024-06-02 20:50:17 +02:00			`{ }`
			`#{`
			`# "orbi" = {`
			`# name = "orbi";`
			`# id = "5U5ZP6R-SUQO5SY-WICWWLZ-HPHQBM5-P27YSU6-66TWIBK-XLX4X5N-4O6TVAC";`
			`# addresses = [ "tcp://95.216.66.212:22000" ];`
			`# };`
			`#}`

			`#// (device "mobi" )`
			`#// (device "bobi" )`
			`// (clanDevice "orbi")`
			`// (clanDevice "cream")`
			`// (clanDevice "cherry")`
			`// (clanDevice "chungus")`


add iPhone and iPad to syncthing.nix 2024-04-24 17:28:41 +02:00			`// (device "iPhone" "APFS6SA-VVTARXU-3WHHRZG-TE5N3T4-X4IC76V-T67EKZ6-NLGP3TW-EZYXYAH")`
			`// (device "iPad" "JDDNVYD-H3WMSSS-WZ745KL-7QEGN6O-ZSGQLQU-YBR2L42-7FO7KJ4-BXPYDA5")`
21.05 -> 21.11 robi 2022-01-09 19:22:12 +01:00			`// {`
			`bumba = {`
			`name = "windows-bumba";`
fixing issues 2022-01-17 11:57:52 +01:00			`id = "JS7PWTO-VKFGBUP-GNFLSWP-MGFJ2KH-HLO2LKW-V3RPCR6-PCB5SQC-42FCKQZ";`
21.05 -> 21.11 robi 2022-01-09 19:22:12 +01:00			`};`
			`};`
init 2019-10-24 02:20:38 +02:00
upgrade cream 2023-12-08 22:47:37 +01:00			`settings.folders = {`
reconfigured syncthing 2019-10-25 03:03:25 +02:00
21.05 -> 21.11 robi 2022-01-09 19:22:12 +01:00			`# needs to be on encrypted drives`
			`# -------------------------------`
syncthing setup on orbi 2024-04-17 10:00:17 +02:00			`audiobooks = {`
			`enable = lib.mkDefault false;`
			`path = lib.mkDefault "/tmp/audiobooks";`
			`devices = [ "chungus" "orbi" ];`
			`};`
migrated wireguard and syncthing 2023-05-12 11:17:58 +02:00			`books = {`
			`enable = lib.mkDefault false;`
upgrade cream 2023-12-08 21:27:52 +01:00			`path = lib.mkDefault "/tmp/books";`
use clan facts for syncthing 2024-06-02 20:50:17 +02:00			`devices = [ "chungus" "cream" "cherry" ];`
various additions 2022-12-15 15:48:53 +01:00			`versioning = {`
			`type = "simple";`
			`params.keep = "2";`
			`};`
			`};`
21.05 -> 21.11 robi 2022-01-09 19:22:12 +01:00			`desktop = {`
			`enable = lib.mkDefault false;`
upgrade cream 2023-12-08 21:27:52 +01:00			`path = lib.mkDefault "/tmp/desktop";`
use clan facts for syncthing 2024-06-02 20:50:17 +02:00			`devices = [ "chungus" "cream" "cherry" ];`
21.05 -> 21.11 robi 2022-01-09 19:22:12 +01:00			`};`
			`finance = {`
			`enable = lib.mkDefault false;`
upgrade cream 2023-12-08 21:27:52 +01:00			`path = lib.mkDefault "/tmp/finance";`
use clan facts for syncthing 2024-06-02 20:50:17 +02:00			`devices = [ "chungus" "cream" "cherry" ];`
21.05 -> 21.11 robi 2022-01-09 19:22:12 +01:00			`versioning = {`
			`type = "simple";`
			`params.keep = "10";`
init 2019-10-24 02:20:38 +02:00			`};`
21.05 -> 21.11 robi 2022-01-09 19:22:12 +01:00			`};`
add flix syncthing part 2024-05-30 09:33:55 +02:00			`flix = {`
21.05 -> 21.11 robi 2022-01-09 19:22:12 +01:00			`enable = lib.mkDefault false;`
add flix syncthing part 2024-05-30 09:33:55 +02:00			`path = lib.mkDefault "/tmp/flix";`
			`devices = [ "chungus" "orbi" ];`
			`};`
			`logseq = {`
			`enable = lib.mkDefault false;`
			`path = lib.mkDefault "/tmp/logseq";`
			`devices = [ "chungus" "cream" "cherry" "iPhone" "iPad" ];`
			`};`
			`lectures = {`
			`enable = lib.mkDefault false;`
			`path = lib.mkDefault "/tmp/lectures";`
			`devices = [ "chungus" "orbi" ];`
			`};`
			`oscar_cpap = {`
			`enable = lib.mkDefault false;`
			`path = lib.mkDefault "/tmp/oscar_cpap";`
			`devices = [ "chungus" "cream" "cherry" ];`
			`};`
			`password-store = {`
			`enable = lib.mkDefault false;`
			`path = lib.mkDefault "/tmp/password-store";`
use clan facts for syncthing 2024-06-02 20:50:17 +02:00			`devices = [ "chungus" "cream" "cherry" ];`
21.05 -> 21.11 robi 2022-01-09 19:22:12 +01:00			`versioning = {`
			`type = "simple";`
add flix syncthing part 2024-05-30 09:33:55 +02:00			`params.keep = "10";`
init 2019-10-24 02:20:38 +02:00			`};`
21.05 -> 21.11 robi 2022-01-09 19:22:12 +01:00			`};`
add flix syncthing part 2024-05-30 09:33:55 +02:00			`# todo remove if zfs is is used`
			`#nextcloud_backup = {`
			`# enable = lib.mkDefault false;`
			`# path = lib.mkDefault "/tmp/lost-fotos";`
use clan facts for syncthing 2024-06-02 20:50:17 +02:00			`# devices = [ "chungus" ];`
add flix syncthing part 2024-05-30 09:33:55 +02:00			`# versioning = {`
			`# type = "simple";`
			`# params.keep = "2";`
			`# };`
			`#};`
init 2019-10-24 02:20:38 +02:00			`};`
			`};`

			`}`