use clan facts for syncthing

2024-06-02 20:50:17 +02:00 · 2024-06-02 20:50:17 +02:00 · f7b7637396
parent 4a5c162641
commit f7b7637396
4 changed files with 142 additions and 49 deletions
--- a/flake.lock
+++ b/flake.lock
@ -142,6 +142,28 @@
        "url": "https://git.clan.lol/clan/clan-core"
      }
    },
+    "clan-fact-generators": {
+      "inputs": {
+        "clan-core": [
+          "clan-core"
+        ],
+        "flake-parts": "flake-parts",
+        "nixpkgs": "nixpkgs"
+      },
+      "locked": {
+        "lastModified": 1717333086,
+        "narHash": "sha256-tCxNISnHTsW8ie9Q7ZUmKpgvrZQ3yrM1OH2qiZz8h1Q=",
+        "owner": "mrvandalo",
+        "repo": "clan-fact-generators",
+        "rev": "9ebc512d865d157050b81c4d15e41403197dc447",
+        "type": "github"
+      },
+      "original": {
+        "owner": "mrvandalo",
+        "repo": "clan-fact-generators",
+        "type": "github"
+      }
+    },
    "disko": {
      "inputs": {
        "nixpkgs": [
@ -202,6 +224,24 @@
      }
    },
    "flake-parts": {
+      "inputs": {
+        "nixpkgs-lib": "nixpkgs-lib"
+      },
+      "locked": {
+        "lastModified": 1715865404,
+        "narHash": "sha256-/GJvTdTpuDjNn84j82cU6bXztE0MSkdnTWClUCRub78=",
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "rev": "8dc45382d5206bd292f9c2768b8058a8fd8311d9",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "type": "github"
+      }
+    },
+    "flake-parts_2": {
      "inputs": {
        "nixpkgs-lib": [
          "nixpkgs"
@ -221,7 +261,7 @@
        "type": "github"
      }
    },
-    "flake-parts_2": {
+    "flake-parts_3": {
      "inputs": {
        "nixpkgs-lib": [
          "nixos-anywhere",
@ -343,7 +383,7 @@
    },
    "home-manager": {
      "inputs": {
-        "nixpkgs": "nixpkgs"
+        "nixpkgs": "nixpkgs_2"
      },
      "locked": {
        "lastModified": 1717052710,
@ -404,7 +444,7 @@
    "landingpage": {
      "inputs": {
        "flake-utils": "flake-utils",
-        "nixpkgs": "nixpkgs_2"
+        "nixpkgs": "nixpkgs_3"
      },
      "locked": {
        "lastModified": 1709213960,
@ -454,10 +494,10 @@
    "nixos-anywhere": {
      "inputs": {
        "disko": "disko_2",
-        "flake-parts": "flake-parts_2",
+        "flake-parts": "flake-parts_3",
        "nixos-images": "nixos-images_2",
        "nixos-stable": "nixos-stable",
-        "nixpkgs": "nixpkgs_3",
+        "nixpkgs": "nixpkgs_4",
        "treefmt-nix": "treefmt-nix_2"
      },
      "locked": {
@ -576,11 +616,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1716509168,
-        "narHash": "sha256-4zSIhSRRIoEBwjbPm3YiGtbd8HDWzFxJjw5DYSDy1n8=",
+        "lastModified": 1716948383,
+        "narHash": "sha256-SzDKxseEcHR5KzPXLwsemyTR/kaM9whxeiJohbL04rs=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "bfb7a882678e518398ce9a31a881538679f6f092",
+        "rev": "ad57eef4ef0659193044870c731987a6df5cf56b",
        "type": "github"
      },
      "original": {
@ -670,7 +710,35 @@
        "type": "github"
      }
    },
+    "nixpkgs-lib": {
+      "locked": {
+        "lastModified": 1714640452,
+        "narHash": "sha256-QBx10+k6JWz6u7VsohfSw8g8hjdBZEf8CFzXH1/1Z94=",
+        "type": "tarball",
+        "url": "https://github.com/NixOS/nixpkgs/archive/50eb7ecf4cd0a5756d7275c8ba36790e5bd53e33.tar.gz"
+      },
+      "original": {
+        "type": "tarball",
+        "url": "https://github.com/NixOS/nixpkgs/archive/50eb7ecf4cd0a5756d7275c8ba36790e5bd53e33.tar.gz"
+      }
+    },
    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1716509168,
+        "narHash": "sha256-4zSIhSRRIoEBwjbPm3YiGtbd8HDWzFxJjw5DYSDy1n8=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "bfb7a882678e518398ce9a31a881538679f6f092",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_3": {
      "locked": {
        "lastModified": 1645527175,
        "narHash": "sha256-WeewqaO48sCctiN+iwgZZEJRU29Si7vHHoLCINAvuk8=",
@ -685,7 +753,7 @@
        "type": "github"
      }
    },
-    "nixpkgs_3": {
+    "nixpkgs_4": {
      "locked": {
        "lastModified": 1702310776,
        "narHash": "sha256-T2KJpsNjAytMsP6+xrhXfAb2KTG6Yt2D4hTTugpsJFo=",
@ -701,7 +769,7 @@
        "type": "github"
      }
    },
-    "nixpkgs_4": {
+    "nixpkgs_5": {
      "locked": {
        "lastModified": 1716769173,
        "narHash": "sha256-7EXDb5WBw+d004Agt+JHC/Oyh/KTUglOaQ4MNjBbo5w=",
@ -717,7 +785,7 @@
        "type": "github"
      }
    },
-    "nixpkgs_5": {
+    "nixpkgs_6": {
      "locked": {
        "lastModified": 1701263465,
        "narHash": "sha256-lNXUIlkfyDyp9Ox21hr+wsEf/IBklLvb6bYcyeXbdRc=",
@ -733,7 +801,7 @@
        "type": "github"
      }
    },
-    "nixpkgs_6": {
+    "nixpkgs_7": {
      "locked": {
        "lastModified": 1632855891,
        "narHash": "sha256-crW76mt9/kbUBiKy/KiSnsQ9JEYgD3StDuYAMVkTbM0=",
@ -747,7 +815,7 @@
        "type": "indirect"
      }
    },
-    "nixpkgs_7": {
+    "nixpkgs_8": {
      "locked": {
        "lastModified": 1716968199,
        "narHash": "sha256-vYbYTeWF4YMKYu6lHLQH+OagpubB9aZ1+V630h6qJr4=",
@ -766,7 +834,7 @@
    "overviewer": {
      "inputs": {
        "flake-utils": "flake-utils_2",
-        "nixpkgs": "nixpkgs_5",
+        "nixpkgs": "nixpkgs_6",
        "pandoc_template": "pandoc_template"
      },
      "locked": {
@ -823,7 +891,7 @@
    "polygon-art": {
      "inputs": {
        "flake-utils": "flake-utils_3",
-        "nixpkgs": "nixpkgs_6"
+        "nixpkgs": "nixpkgs_7"
      },
      "locked": {
        "lastModified": 1688766095,
@ -871,14 +939,15 @@
    "root": {
      "inputs": {
        "clan-core": "clan-core",
-        "flake-parts": "flake-parts",
+        "clan-fact-generators": "clan-fact-generators",
+        "flake-parts": "flake-parts_2",
        "home-manager": "home-manager",
        "home-manager-utils": "home-manager-utils",
        "kmonad": "kmonad",
        "landingpage": "landingpage",
        "nixos-anywhere": "nixos-anywhere",
        "nixos-hardware": "nixos-hardware",
-        "nixpkgs": "nixpkgs_4",
+        "nixpkgs": "nixpkgs_5",
        "nixpkgs-legacy_2105": "nixpkgs-legacy_2105",
        "nixpkgs-legacy_2205": "nixpkgs-legacy_2205",
        "nixpkgs-legacy_2211": "nixpkgs-legacy_2211",
@ -938,7 +1007,7 @@
    },
    "srvos": {
      "inputs": {
-        "nixpkgs": "nixpkgs_7"
+        "nixpkgs": "nixpkgs_8"
      },
      "locked": {
        "lastModified": 1717058062,
--- a/flake.nix
+++ b/flake.nix
@ -9,7 +9,10 @@
    flake-parts.url = "github:hercules-ci/flake-parts";
    flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs";

-    clan-fact-generators.url = "github:mrvandalo/clan-fact-generators";
+    clan-fact-generators = {
+      url = "github:mrvandalo/clan-fact-generators";
+      inputs.clan-core.follows = "clan-core";
+    };

    clan-core = {
      url = "git+https://git.clan.lol/clan/clan-core";
@ -183,7 +186,7 @@
          imports = modules ++ defaultModules ++ [
            ./nixos/machines/${name}/configuration.nix
            # clan core configuration
-            ({ pkgs, ... }: {
+            ({ pkgs, lib, ... }: {
              imports = [
                # this magically adds all my machines in the zero tier network
                # and makes the controller accept them.
@ -194,7 +197,9 @@
                # generate ssh host keys with facts
                inputs.clan-core.clanModules.sshd
              ];
-              clan.static-hosts.topLevelDomain = "gummybear";
+              documentation.nixos.enable = true;
+              clan.static-hosts.topLevelDomain = "bear";
+              clan.static-hosts.excludeHosts = lib.mkForce [ ];
              environment.systemPackages = [
                clan-core.packages.${pkgs.system}.clan-cli
              ];
--- a/nixos/components/network/syncthing.nix
+++ b/nixos/components/network/syncthing.nix
@ -1,11 +1,34 @@
-{ config, lib, pkgs, ... }:
+{ config, lib, pkgs, factsGenerator, ... }:
 with lib; {

+  networking.firewall.interfaces."gummybears".allowedTCPPorts = [ 8384 ];
+
+  clanCore.facts.services.syncthing = factsGenerator.syncthing { };
+
  services.syncthing = {
-    guiAddress = lib.mkDefault "${config.networking.hostName}.private:8384";
+    guiAddress = lib.mkDefault "${config.networking.hostName}.${ config.clan.static-hosts.topLevelDomain }:8384";
    overrideDevices = lib.mkDefault true;
+    key = config.clanCore.facts.services.syncthing.secret."syncthing.key".path;
+    cert = config.clanCore.facts.services.syncthing.secret."syncthing.cert".path;
+
    settings.devices =
      let
+        machineDir = "${config.clanCore.clanDir}/machines";
+        #machinesFileSet = builtins.readDir machineDir;
+        #machines = lib.mapAttrsToList (name: _: name) machinesFileSet;
+        syncthingPub = machine:
+          lib.removeSuffix "\n"
+            (builtins.readFile "${machineDir}/${machine}/facts/syncthing.pub");
+        zerotierIp = machine: (builtins.readFile "${machineDir}/${machine}/facts/zerotier-ip");
+
+        clanDevice = machine: {
+          "${machine}" = {
+            name = machine;
+            id = syncthingPub machine;
+            addresses = [ "tcp://[${zerotierIp machine}]:22000" ];
+          };
+        };
+
        device = name: id: {
          "${name}" = {
            name = name;
@ -14,23 +37,23 @@ with lib; {
          };
        };
      in
-      {
-        "robi" = {
-          name = "robi";
-          id = "B6P22RF-5BC2LTZ-6GHVWRZ-5D3OLXC-D66E45Y-JEB3WYT-ZQ442WZ-5FFAMQ7";
-          addresses = [ "tcp://144.76.13.147:22000" ];
-        };
-        "orbi" = {
-          name = "orbi";
-          id = "5U5ZP6R-SUQO5SY-WICWWLZ-HPHQBM5-P27YSU6-66TWIBK-XLX4X5N-4O6TVAC";
-          addresses = [ "tcp://95.216.66.212:22000" ];
-        };
-      }
-      // (device "mobi" "NGI7UN6-MR2YPYI-L7DGN3I-JFZU2N3-RJBJV6K-2VZVQSJ-PWLZYOK-PXZYRAF")
-      // (device "bobi" "FOJ3D27-W5OJMQR-7S77A3V-AS5BCG2-CIGWVMP-UBSVQNN-QZLHAIZ-IO7GKAE")
-      // (device "cream" "MQVKATH-THTPET5-KYAT7XX-BOIIIBA-P7OOF7Y-IWAUN53-S2VNVOY-BZWTGQK")
-      // (device "cherry" "WX2HZQ7-WAOL6YR-QJYFS2L-SVUJQB4-SKHZHVE-J7XCWLQ-6GRATXX-VJUMOAH")
-      // (device "chungus" "GZGW2YW-6RRUPDN-LFAOATC-56FS7LH-YC7R32N-LVA5JUX-3LSBYOX-BFR67QZ")
+      { }
+      #{
+      #  "orbi" = {
+      #    name = "orbi";
+      #    id = "5U5ZP6R-SUQO5SY-WICWWLZ-HPHQBM5-P27YSU6-66TWIBK-XLX4X5N-4O6TVAC";
+      #    addresses = [ "tcp://95.216.66.212:22000" ];
+      #  };
+      #}
+
+      #// (device "mobi" )
+      #// (device "bobi" )
+      // (clanDevice "orbi")
+      // (clanDevice "cream")
+      // (clanDevice "cherry")
+      // (clanDevice "chungus")
+
+
      // (device "iPhone" "APFS6SA-VVTARXU-3WHHRZG-TE5N3T4-X4IC76V-T67EKZ6-NLGP3TW-EZYXYAH")
      // (device "iPad" "JDDNVYD-H3WMSSS-WZ745KL-7QEGN6O-ZSGQLQU-YBR2L42-7FO7KJ4-BXPYDA5")
      // {
@ -52,7 +75,7 @@ with lib; {
      books = {
        enable = lib.mkDefault false;
        path = lib.mkDefault "/tmp/books";
-        devices = [ "chungus" "robi" "cream" "cherry" ];
+        devices = [ "chungus" "cream" "cherry" ];
        versioning = {
          type = "simple";
          params.keep = "2";
@ -61,12 +84,12 @@ with lib; {
      desktop = {
        enable = lib.mkDefault false;
        path = lib.mkDefault "/tmp/desktop";
-        devices = [ "chungus" "cream" "mobi" "bobi" "cherry" ];
+        devices = [ "chungus" "cream" "cherry" ];
      };
      finance = {
        enable = lib.mkDefault false;
        path = lib.mkDefault "/tmp/finance";
-        devices = [ "chungus" "cream" "mobi" "bobi" "cherry" ];
+        devices = [ "chungus" "cream" "cherry" ];
        versioning = {
          type = "simple";
          params.keep = "10";
@ -95,7 +118,7 @@ with lib; {
      password-store = {
        enable = lib.mkDefault false;
        path = lib.mkDefault "/tmp/password-store";
-        devices = [ "chungus" "cream" "mobi" "bobi" "cherry" ];
+        devices = [ "chungus" "cream" "cherry" ];
        versioning = {
          type = "simple";
          params.keep = "10";
@ -105,7 +128,7 @@ with lib; {
      #nextcloud_backup = {
      #  enable = lib.mkDefault false;
      #  path = lib.mkDefault "/tmp/lost-fotos";
-      #  devices = [ "chungus" "robi" ];
+      #  devices = [ "chungus"  ];
      #  versioning = {
      #    type = "simple";
      #    params.keep = "2";
--- a/nixos/machines/cream/syncthing.nix
+++ b/nixos/machines/cream/syncthing.nix
@ -1,7 +1,5 @@
 { config, pkgs, lib, ... }: {

-  #sops.secrets.syncthing_cert = { };
-  #sops.secrets.syncthing_key = { };

  services.syncthing = {
    enable = true;
@ -9,8 +7,6 @@
    user = "palo";
    dataDir = "/home/palo/.syncthing";
    configDir = "/home/palo/.syncthing";
-    #cert = toString config.sops.secrets.syncthing_cert.path;
-    #key = toString config.sops.secrets.syncthing_key.path;
    overrideFolders = true;
    settings.folders = {