palo/nixos-config
palo/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

use tmpfiles for file permission

Browse source
This commit is contained in:
Ingolf Wagner 2024-06-04 09:13:35 +02:00
parent e72f2c6375
commit 64d6abda88
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B
1 changed files with 13 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
nixos/components/network/syncthing.nix
View file

@ -4,28 +4,30 @@ with lib; {
networking.firewall.interfaces."gummybears".allowedTCPPorts = [ 8384 ]; networking.firewall.interfaces."gummybears".allowedTCPPorts = [ 8384 ];
clanCore.facts.services.syncthing = factsGenerator.syncthing { }; clanCore.facts.services.syncthing = factsGenerator.syncthing { };
tmpfiles.settings.syncthing.d = {
"/run/facts/syncthing" = { # todo : use tmpfiles.rules
type = "d"; systemd.tmpfiles.settings.syncthing = {
user = config.services.syncthing.user; "/run/facts/syncthing.key".C = {
group = config.services.syncthing.group;
mode = "400";
};
"/run/facts/syncthing.key" = {
type = "C"; type = "C";
user = config.services.syncthing.user; user = config.services.syncthing.user;
group = config.services.syncthing.group; group = config.services.syncthing.group;
mode = "400"; mode = "400";
argument = config.clanCore.facts.services.syncthing.secret."syncthing.key".path; argument = config.clanCore.facts.services.syncthing.secret."syncthing.key".path;
}; };
"/run/facts/syncthing.cert".C = {
type = "C";
user = config.services.syncthing.user;
group = config.services.syncthing.group;
mode = "400";
argument = config.clanCore.facts.services.syncthing.secret."syncthing.cert".path;
};
}; };
services.syncthing = { services.syncthing = {
guiAddress = lib.mkDefault "${config.networking.hostName}.${ config.clan.static-hosts.topLevelDomain }:8384"; guiAddress = lib.mkDefault "${config.networking.hostName}.${ config.clan.static-hosts.topLevelDomain }:8384";
overrideDevices = lib.mkDefault true; overrideDevices = lib.mkDefault true;
key = config.clanCore.facts.services.syncthing.secret."syncthing.key".path; key = "/run/facts/syncthing.key";
cert = config.clanCore.facts.services.syncthing.secret."syncthing.cert".path; cert = "/run/facts/syncthing.cert";
settings.devices = settings.devices =
let let
machineDir = "${config.clanCore.clanDir}/machines"; machineDir = "${config.clanCore.clanDir}/machines";