From 64d6abda8855578d534a3184c4e8e7259b2d5d59 Mon Sep 17 00:00:00 2001
From: Ingolf Wagner <contact@ingolf-wagner.de>
Date: Tue, 4 Jun 2024 09:13:35 +0200
Subject: [PATCH] use tmpfiles for file permission

---
 nixos/components/network/syncthing.nix | 24 +++++++++++++-----------
 1 file changed, 13 insertions(+), 11 deletions(-)

diff --git a/nixos/components/network/syncthing.nix b/nixos/components/network/syncthing.nix
index 168ba6c..60ec0bd 100644
--- a/nixos/components/network/syncthing.nix
+++ b/nixos/components/network/syncthing.nix
@@ -4,28 +4,30 @@ with lib; {
   networking.firewall.interfaces."gummybears".allowedTCPPorts = [ 8384 ];
 
   clanCore.facts.services.syncthing = factsGenerator.syncthing { };
-  tmpfiles.settings.syncthing.d = {
-    "/run/facts/syncthing" = {
-      type = "d";
-      user = config.services.syncthing.user;
-      group = config.services.syncthing.group;
-      mode = "400";
-    };
-    "/run/facts/syncthing.key" = {
+
+  # todo : use tmpfiles.rules
+  systemd.tmpfiles.settings.syncthing = {
+    "/run/facts/syncthing.key".C = {
       type = "C";
       user = config.services.syncthing.user;
       group = config.services.syncthing.group;
       mode = "400";
       argument = config.clanCore.facts.services.syncthing.secret."syncthing.key".path;
     };
+    "/run/facts/syncthing.cert".C = {
+      type = "C";
+      user = config.services.syncthing.user;
+      group = config.services.syncthing.group;
+      mode = "400";
+      argument = config.clanCore.facts.services.syncthing.secret."syncthing.cert".path;
+    };
   };
 
   services.syncthing = {
     guiAddress = lib.mkDefault "${config.networking.hostName}.${ config.clan.static-hosts.topLevelDomain }:8384";
     overrideDevices = lib.mkDefault true;
-    key = config.clanCore.facts.services.syncthing.secret."syncthing.key".path;
-    cert = config.clanCore.facts.services.syncthing.secret."syncthing.cert".path;
-
+    key = "/run/facts/syncthing.key";
+    cert = "/run/facts/syncthing.cert";
     settings.devices =
       let
         machineDir = "${config.clanCore.clanDir}/machines";