From ee9ff1306d679fcacea3b4fa490db46904ecd7f2 Mon Sep 17 00:00:00 2001 From: Ingolf Wagner Date: Tue, 28 Dec 2021 19:48:14 +0100 Subject: [PATCH] add syncthing --- flake.lock | 2 +- nixos/configs/robi/configuration.nix | 9 +- nixos/configs/robi/syncthing.nix | 151 ++++++++++------------ nixos/configs/workhorse/configuration.nix | 2 +- nixos/system/all/syncthing.nix | 27 ++-- nixos/system/all/tinc.nix | 2 +- 6 files changed, 96 insertions(+), 97 deletions(-) diff --git a/flake.lock b/flake.lock index d23ad78..30d960b 100644 --- a/flake.lock +++ b/flake.lock @@ -62,7 +62,7 @@ "secrets": { "flake": false, "locked": { - "narHash": "sha256-9cKMk8P56Jy5X1Hk5gpisJAHZCAYuwiUNfs2diRWdws=", + "narHash": "sha256-nl0nvXupyQ5mIdc9pVd0quWZwDJNcudUcbusp8Im+cM=", "path": "/home/palo/dev/secrets", "type": "path" }, diff --git a/nixos/configs/robi/configuration.nix b/nixos/configs/robi/configuration.nix index 24e7e5b..67da02d 100644 --- a/nixos/configs/robi/configuration.nix +++ b/nixos/configs/robi/configuration.nix @@ -10,9 +10,10 @@ ./packages.nix ./tinc.nix + ./syncthing.nix - #./syncthing.nix #../../system/server + #./hardware-configuration.nix #./mail-fetcher.nix #./transmission.nix @@ -48,6 +49,12 @@ fsType = "ext4"; }; + fileSystems."/media" = + { + device = "/dev/vg/media"; + fsType = "ext4"; + }; + } diff --git a/nixos/configs/robi/syncthing.nix b/nixos/configs/robi/syncthing.nix index c7a369a..370a48d 100644 --- a/nixos/configs/robi/syncthing.nix +++ b/nixos/configs/robi/syncthing.nix @@ -1,126 +1,111 @@ { config, pkgs, lib, ... }: { - custom.samba-share = { - enable = true; - folders = { - movies = config.services.syncthing.declarative.folders.movies.path; - series = config.services.syncthing.declarative.folders.series.path; - samples = config.services.syncthing.declarative.folders.samples.path; - music = config.services.syncthing.declarative.folders.music-library.path; - books = config.services.syncthing.declarative.folders.books.path; - }; - }; - + imports = [ ../../system/all/syncthing.nix ]; sops.secrets.syncthing_cert = { }; sops.secrets.syncthing_key = { }; + networking.firewall.allowedTCPPorts = [ 22000 ]; + networking.firewall.allowedUDPPorts = [ 22000 ]; + services.syncthing = { enable = true; openDefaultPorts = false; - dataDir = "/home/syncthing"; - configDir = "/home/syncthing"; + dataDir = "/media/syncthing"; + configDir = "/media/syncthing"; declarative = { + overrideDevices = true; + overrideFolders = true; cert = toString config.sops.secrets.syncthing_cert.path; key = toString config.sops.secrets.syncthing_key.path; - overrideFolders = true; folders = { # on encrypted hard drive # ----------------------- - private = { - enable = true; - path = "/home/syncthing/private"; - }; - desktop = { - enable = true; - path = "/home/syncthing/desktop"; - }; - finance = { - enable = true; - path = "/home/syncthing/finance"; - }; - fotos = { - enable = true; - path = "/home/syncthing/fotos"; - }; - lost-fotos = { - enable = true; - path = "/home/syncthing/lost-fotos.ct"; - }; - zettlr = { - enable = true; - path = "/home/syncthing/zettlr"; - }; + #private = { + # enable = true; + # path = "/home/syncthing/private"; + #}; + #desktop = { + # enable = true; + # path = "/home/syncthing/desktop"; + #}; + #finance = { + # enable = true; + # path = "/home/syncthing/finance"; + #}; + #fotos = { + # enable = true; + # path = "/home/syncthing/fotos"; + #}; + #lost-fotos = { + # enable = true; + # path = "/home/syncthing/lost-fotos.ct"; + #}; + #zettlr = { + # enable = true; + # path = "/home/syncthing/zettlr"; + #}; # on media hard drive (not encrypted) # ----------------------------------- - borg-mirror = { - enable = true; - path = "/media/syncthing/borg"; - rescanInterval = 36 * 3600; - type = "sendonly"; - }; - video-material = { - enable = true; - path = "/home/syncthing/video-material"; - }; - music-library-free = { - enable = true; - path = "/media/syncthing/music-library-free"; - rescanInterval = 8 * 3600; - }; + #borg-mirror = { + # enable = true; + # path = "/media/syncthing/borg"; + # rescanInterval = 36 * 3600; + # type = "sendonly"; + #}; + #video-material = { + # enable = true; + # path = "/home/syncthing/video-material"; + #}; + #music-library-free = { + # enable = true; + # path = "/media/syncthing/music-library-free"; + # rescanInterval = 8 * 3600; + #}; books = { enable = true; path = "/media/syncthing/books"; - rescanInterval = 8 * 3600; }; samples = { enable = true; path = "/media/syncthing/samples"; - rescanInterval = 8 * 3600; }; movies = { enable = true; path = "/media/syncthing/movies"; - rescanInterval = 8 * 3600; - }; - # todo : no need to place it on encrypted drive - music-projects = { - enable = true; - path = "/home/syncthing/music-projects"; - }; - music-library = { - enable = true; - path = "/media/syncthing/music-library"; - rescanInterval = 8 * 3600; }; series = { enable = true; path = "/media/syncthing/series"; - rescanInterval = 8 * 3600; - }; - smartphone-folder = { - enable = true; - path = "/media/syncthing/smartphone-folder"; - rescanInterval = 8 * 3600; - }; - processing = { - enable = true; - path = "/media/syncthing/sketchbook"; - rescanInterval = 8 * 3600; }; + # todo : no need to place it on encrypted drive + #music-projects = { + # enable = true; + # path = "/home/syncthing/music-projects"; + #}; + #music-library = { + # enable = true; + # path = "/media/syncthing/music-library"; + # rescanInterval = 8 * 3600; + #}; + #smartphone-folder = { + # enable = true; + # path = "/media/syncthing/smartphone-folder"; + # rescanInterval = 8 * 3600; + #}; + #processing = { + # enable = true; + # path = "/media/syncthing/sketchbook"; + # rescanInterval = 8 * 3600; + #}; }; }; }; - system.permown."/home/syncthing" = { - owner = "syncthing"; - group = "syncthing"; - umask = "0022"; - }; system.permown."/media/syncthing" = { owner = "syncthing"; group = "syncthing"; @@ -135,6 +120,6 @@ after = [ "media.mount" ]; }; - backup.dirs = [ "/home/syncthing/finance" ]; + #backup.dirs = [ "/home/syncthing/finance" ]; } diff --git a/nixos/configs/workhorse/configuration.nix b/nixos/configs/workhorse/configuration.nix index cb2c257..881d147 100644 --- a/nixos/configs/workhorse/configuration.nix +++ b/nixos/configs/workhorse/configuration.nix @@ -13,7 +13,7 @@ ./gogs.nix ./grafana.nix ./graylog.nix - ./jenkins.nix + #./jenkins.nix #./kibana.nix ./mysql.nix ./packages.nix diff --git a/nixos/system/all/syncthing.nix b/nixos/system/all/syncthing.nix index 23e937f..09aa020 100644 --- a/nixos/system/all/syncthing.nix +++ b/nixos/system/all/syncthing.nix @@ -4,7 +4,7 @@ with lib; { services.syncthing = { guiAddress = lib.mkDefault "${config.networking.hostName}.private:8384"; declarative = { - overrideDevices = true; + overrideDevices = lib.mkDefault true; devices = let device = name: id: { @@ -12,22 +12,29 @@ with lib; { name = name; id = id; addresses = - [ "tcp://${name}.private:22000" "tcp://${name}.private:21027" ]; + [ "tcp://${name}.private:22000" ]; }; }; in - (device "workhorse" + { + "robi" = { + name = "robi"; + id = "B6P22RF-5BC2LTZ-6GHVWRZ-5D3OLXC-D66E45Y-JEB3WYT-ZQ442WZ-5FFAMQ7"; + addresses = [ "tcp://144.76.13.147:22000" ]; + }; + } + // (device "workhorse" "AFSAKB6-JLH4QAS-DSRMPI3-6PVCIHF-IIAVLPC-STPNO3Y-YRDU5NW-QD445QI") // (device "pepe" "SZLXFW3-VTAC7UB-V2Z7CHE-3VZAYPL-6D72AK6-OCDMPZP-G4FPY5P-FL6ZVAG") // (device "workout" "DZOOAKG-GI2SVOS-QEVMFL7-TRHVTPQ-ADIJEVH-RH5WV3J-6M7MJHC-C53EOAC") // (device "sterni" - "ZFNNKPD-ZSOAYJQ-VROXXDB-5MD3UTJ-GDCNTSQ-G5POVV3-UZG5HFT-CCAU3AD") // { + "ZFNNKPD-ZSOAYJQ-VROXXDB-5MD3UTJ-GDCNTSQ-G5POVV3-UZG5HFT-CCAU3AD") + // { "porani" = { name = "porani"; - id = - "6YOIA4E-X52ZD5Z-FPNWPRS-77QIMMU-VDIXVZB-6BPQN7A-FFJDU4W-EXEGFAI"; + id = "6YOIA4E-X52ZD5Z-FPNWPRS-77QIMMU-VDIXVZB-6BPQN7A-FFJDU4W-EXEGFAI"; addresses = [ "tcp://porani.secret:22000" "tcp://porani.secret:21027" ]; }; @@ -120,7 +127,7 @@ with lib; { enable = lib.mkDefault false; id = "wwbvs-5lfbh"; watch = false; - devices = [ "workhorse" "pepe" "sterni" ]; + devices = [ "workhorse" "pepe" "sterni" "robi" ]; versioning = { type = "simple"; params.keep = "10"; @@ -139,7 +146,7 @@ with lib; { enable = lib.mkDefault false; id = "vatmy-c2qf4"; watch = false; - devices = [ "workhorse" "pepe" "porani" ]; + devices = [ "workhorse" "pepe" "porani" "robi" ]; versioning = { type = "simple"; params.keep = "3"; @@ -189,13 +196,13 @@ with lib; { enable = lib.mkDefault false; id = "pcgkj-tjucd"; watch = false; - devices = [ "workout" "workhorse" "sterni" "pepe" ]; + devices = [ "workhorse" "sterni" "pepe" "robi" ]; }; series = { enable = lib.mkDefault false; id = "all-series"; watch = false; - devices = [ "workhorse" "porani" "pepe" ]; + devices = [ "workhorse" "porani" "pepe" "robi" ]; versioning = { type = "simple"; params.keep = "10"; diff --git a/nixos/system/all/tinc.nix b/nixos/system/all/tinc.nix index 2365026..73bdcd2 100644 --- a/nixos/system/all/tinc.nix +++ b/nixos/system/all/tinc.nix @@ -114,7 +114,7 @@ in publicKey = lib.fileContents ../../assets/tinc/workhorse_host_file; }; robi = { - realAddress = ["144.76.13.147"]; + realAddress = [ "144.76.13.147" ]; tincIp = "10.23.42.111"; publicKey = lib.fileContents ../../assets/tinc/robi_host_file; };