use clan facts for syncthing
This commit is contained in:
parent
4a5c162641
commit
f7b7637396
4 changed files with 142 additions and 49 deletions
105
flake.lock
105
flake.lock
|
@ -142,6 +142,28 @@
|
|||
"url": "https://git.clan.lol/clan/clan-core"
|
||||
}
|
||||
},
|
||||
"clan-fact-generators": {
|
||||
"inputs": {
|
||||
"clan-core": [
|
||||
"clan-core"
|
||||
],
|
||||
"flake-parts": "flake-parts",
|
||||
"nixpkgs": "nixpkgs"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1717333086,
|
||||
"narHash": "sha256-tCxNISnHTsW8ie9Q7ZUmKpgvrZQ3yrM1OH2qiZz8h1Q=",
|
||||
"owner": "mrvandalo",
|
||||
"repo": "clan-fact-generators",
|
||||
"rev": "9ebc512d865d157050b81c4d15e41403197dc447",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "mrvandalo",
|
||||
"repo": "clan-fact-generators",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"disko": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
|
@ -202,6 +224,24 @@
|
|||
}
|
||||
},
|
||||
"flake-parts": {
|
||||
"inputs": {
|
||||
"nixpkgs-lib": "nixpkgs-lib"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1715865404,
|
||||
"narHash": "sha256-/GJvTdTpuDjNn84j82cU6bXztE0MSkdnTWClUCRub78=",
|
||||
"owner": "hercules-ci",
|
||||
"repo": "flake-parts",
|
||||
"rev": "8dc45382d5206bd292f9c2768b8058a8fd8311d9",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "hercules-ci",
|
||||
"repo": "flake-parts",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-parts_2": {
|
||||
"inputs": {
|
||||
"nixpkgs-lib": [
|
||||
"nixpkgs"
|
||||
|
@ -221,7 +261,7 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-parts_2": {
|
||||
"flake-parts_3": {
|
||||
"inputs": {
|
||||
"nixpkgs-lib": [
|
||||
"nixos-anywhere",
|
||||
|
@ -343,7 +383,7 @@
|
|||
},
|
||||
"home-manager": {
|
||||
"inputs": {
|
||||
"nixpkgs": "nixpkgs"
|
||||
"nixpkgs": "nixpkgs_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1717052710,
|
||||
|
@ -404,7 +444,7 @@
|
|||
"landingpage": {
|
||||
"inputs": {
|
||||
"flake-utils": "flake-utils",
|
||||
"nixpkgs": "nixpkgs_2"
|
||||
"nixpkgs": "nixpkgs_3"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1709213960,
|
||||
|
@ -454,10 +494,10 @@
|
|||
"nixos-anywhere": {
|
||||
"inputs": {
|
||||
"disko": "disko_2",
|
||||
"flake-parts": "flake-parts_2",
|
||||
"flake-parts": "flake-parts_3",
|
||||
"nixos-images": "nixos-images_2",
|
||||
"nixos-stable": "nixos-stable",
|
||||
"nixpkgs": "nixpkgs_3",
|
||||
"nixpkgs": "nixpkgs_4",
|
||||
"treefmt-nix": "treefmt-nix_2"
|
||||
},
|
||||
"locked": {
|
||||
|
@ -576,11 +616,11 @@
|
|||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1716509168,
|
||||
"narHash": "sha256-4zSIhSRRIoEBwjbPm3YiGtbd8HDWzFxJjw5DYSDy1n8=",
|
||||
"lastModified": 1716948383,
|
||||
"narHash": "sha256-SzDKxseEcHR5KzPXLwsemyTR/kaM9whxeiJohbL04rs=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "bfb7a882678e518398ce9a31a881538679f6f092",
|
||||
"rev": "ad57eef4ef0659193044870c731987a6df5cf56b",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -670,7 +710,35 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-lib": {
|
||||
"locked": {
|
||||
"lastModified": 1714640452,
|
||||
"narHash": "sha256-QBx10+k6JWz6u7VsohfSw8g8hjdBZEf8CFzXH1/1Z94=",
|
||||
"type": "tarball",
|
||||
"url": "https://github.com/NixOS/nixpkgs/archive/50eb7ecf4cd0a5756d7275c8ba36790e5bd53e33.tar.gz"
|
||||
},
|
||||
"original": {
|
||||
"type": "tarball",
|
||||
"url": "https://github.com/NixOS/nixpkgs/archive/50eb7ecf4cd0a5756d7275c8ba36790e5bd53e33.tar.gz"
|
||||
}
|
||||
},
|
||||
"nixpkgs_2": {
|
||||
"locked": {
|
||||
"lastModified": 1716509168,
|
||||
"narHash": "sha256-4zSIhSRRIoEBwjbPm3YiGtbd8HDWzFxJjw5DYSDy1n8=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "bfb7a882678e518398ce9a31a881538679f6f092",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixos-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_3": {
|
||||
"locked": {
|
||||
"lastModified": 1645527175,
|
||||
"narHash": "sha256-WeewqaO48sCctiN+iwgZZEJRU29Si7vHHoLCINAvuk8=",
|
||||
|
@ -685,7 +753,7 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_3": {
|
||||
"nixpkgs_4": {
|
||||
"locked": {
|
||||
"lastModified": 1702310776,
|
||||
"narHash": "sha256-T2KJpsNjAytMsP6+xrhXfAb2KTG6Yt2D4hTTugpsJFo=",
|
||||
|
@ -701,7 +769,7 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_4": {
|
||||
"nixpkgs_5": {
|
||||
"locked": {
|
||||
"lastModified": 1716769173,
|
||||
"narHash": "sha256-7EXDb5WBw+d004Agt+JHC/Oyh/KTUglOaQ4MNjBbo5w=",
|
||||
|
@ -717,7 +785,7 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_5": {
|
||||
"nixpkgs_6": {
|
||||
"locked": {
|
||||
"lastModified": 1701263465,
|
||||
"narHash": "sha256-lNXUIlkfyDyp9Ox21hr+wsEf/IBklLvb6bYcyeXbdRc=",
|
||||
|
@ -733,7 +801,7 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_6": {
|
||||
"nixpkgs_7": {
|
||||
"locked": {
|
||||
"lastModified": 1632855891,
|
||||
"narHash": "sha256-crW76mt9/kbUBiKy/KiSnsQ9JEYgD3StDuYAMVkTbM0=",
|
||||
|
@ -747,7 +815,7 @@
|
|||
"type": "indirect"
|
||||
}
|
||||
},
|
||||
"nixpkgs_7": {
|
||||
"nixpkgs_8": {
|
||||
"locked": {
|
||||
"lastModified": 1716968199,
|
||||
"narHash": "sha256-vYbYTeWF4YMKYu6lHLQH+OagpubB9aZ1+V630h6qJr4=",
|
||||
|
@ -766,7 +834,7 @@
|
|||
"overviewer": {
|
||||
"inputs": {
|
||||
"flake-utils": "flake-utils_2",
|
||||
"nixpkgs": "nixpkgs_5",
|
||||
"nixpkgs": "nixpkgs_6",
|
||||
"pandoc_template": "pandoc_template"
|
||||
},
|
||||
"locked": {
|
||||
|
@ -823,7 +891,7 @@
|
|||
"polygon-art": {
|
||||
"inputs": {
|
||||
"flake-utils": "flake-utils_3",
|
||||
"nixpkgs": "nixpkgs_6"
|
||||
"nixpkgs": "nixpkgs_7"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1688766095,
|
||||
|
@ -871,14 +939,15 @@
|
|||
"root": {
|
||||
"inputs": {
|
||||
"clan-core": "clan-core",
|
||||
"flake-parts": "flake-parts",
|
||||
"clan-fact-generators": "clan-fact-generators",
|
||||
"flake-parts": "flake-parts_2",
|
||||
"home-manager": "home-manager",
|
||||
"home-manager-utils": "home-manager-utils",
|
||||
"kmonad": "kmonad",
|
||||
"landingpage": "landingpage",
|
||||
"nixos-anywhere": "nixos-anywhere",
|
||||
"nixos-hardware": "nixos-hardware",
|
||||
"nixpkgs": "nixpkgs_4",
|
||||
"nixpkgs": "nixpkgs_5",
|
||||
"nixpkgs-legacy_2105": "nixpkgs-legacy_2105",
|
||||
"nixpkgs-legacy_2205": "nixpkgs-legacy_2205",
|
||||
"nixpkgs-legacy_2211": "nixpkgs-legacy_2211",
|
||||
|
@ -938,7 +1007,7 @@
|
|||
},
|
||||
"srvos": {
|
||||
"inputs": {
|
||||
"nixpkgs": "nixpkgs_7"
|
||||
"nixpkgs": "nixpkgs_8"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1717058062,
|
||||
|
|
11
flake.nix
11
flake.nix
|
@ -9,7 +9,10 @@
|
|||
flake-parts.url = "github:hercules-ci/flake-parts";
|
||||
flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs";
|
||||
|
||||
clan-fact-generators.url = "github:mrvandalo/clan-fact-generators";
|
||||
clan-fact-generators = {
|
||||
url = "github:mrvandalo/clan-fact-generators";
|
||||
inputs.clan-core.follows = "clan-core";
|
||||
};
|
||||
|
||||
clan-core = {
|
||||
url = "git+https://git.clan.lol/clan/clan-core";
|
||||
|
@ -183,7 +186,7 @@
|
|||
imports = modules ++ defaultModules ++ [
|
||||
./nixos/machines/${name}/configuration.nix
|
||||
# clan core configuration
|
||||
({ pkgs, ... }: {
|
||||
({ pkgs, lib, ... }: {
|
||||
imports = [
|
||||
# this magically adds all my machines in the zero tier network
|
||||
# and makes the controller accept them.
|
||||
|
@ -194,7 +197,9 @@
|
|||
# generate ssh host keys with facts
|
||||
inputs.clan-core.clanModules.sshd
|
||||
];
|
||||
clan.static-hosts.topLevelDomain = "gummybear";
|
||||
documentation.nixos.enable = true;
|
||||
clan.static-hosts.topLevelDomain = "bear";
|
||||
clan.static-hosts.excludeHosts = lib.mkForce [ ];
|
||||
environment.systemPackages = [
|
||||
clan-core.packages.${pkgs.system}.clan-cli
|
||||
];
|
||||
|
|
|
@ -1,11 +1,34 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
{ config, lib, pkgs, factsGenerator, ... }:
|
||||
with lib; {
|
||||
|
||||
networking.firewall.interfaces."gummybears".allowedTCPPorts = [ 8384 ];
|
||||
|
||||
clanCore.facts.services.syncthing = factsGenerator.syncthing { };
|
||||
|
||||
services.syncthing = {
|
||||
guiAddress = lib.mkDefault "${config.networking.hostName}.private:8384";
|
||||
guiAddress = lib.mkDefault "${config.networking.hostName}.${ config.clan.static-hosts.topLevelDomain }:8384";
|
||||
overrideDevices = lib.mkDefault true;
|
||||
key = config.clanCore.facts.services.syncthing.secret."syncthing.key".path;
|
||||
cert = config.clanCore.facts.services.syncthing.secret."syncthing.cert".path;
|
||||
|
||||
settings.devices =
|
||||
let
|
||||
machineDir = "${config.clanCore.clanDir}/machines";
|
||||
#machinesFileSet = builtins.readDir machineDir;
|
||||
#machines = lib.mapAttrsToList (name: _: name) machinesFileSet;
|
||||
syncthingPub = machine:
|
||||
lib.removeSuffix "\n"
|
||||
(builtins.readFile "${machineDir}/${machine}/facts/syncthing.pub");
|
||||
zerotierIp = machine: (builtins.readFile "${machineDir}/${machine}/facts/zerotier-ip");
|
||||
|
||||
clanDevice = machine: {
|
||||
"${machine}" = {
|
||||
name = machine;
|
||||
id = syncthingPub machine;
|
||||
addresses = [ "tcp://[${zerotierIp machine}]:22000" ];
|
||||
};
|
||||
};
|
||||
|
||||
device = name: id: {
|
||||
"${name}" = {
|
||||
name = name;
|
||||
|
@ -14,23 +37,23 @@ with lib; {
|
|||
};
|
||||
};
|
||||
in
|
||||
{
|
||||
"robi" = {
|
||||
name = "robi";
|
||||
id = "B6P22RF-5BC2LTZ-6GHVWRZ-5D3OLXC-D66E45Y-JEB3WYT-ZQ442WZ-5FFAMQ7";
|
||||
addresses = [ "tcp://144.76.13.147:22000" ];
|
||||
};
|
||||
"orbi" = {
|
||||
name = "orbi";
|
||||
id = "5U5ZP6R-SUQO5SY-WICWWLZ-HPHQBM5-P27YSU6-66TWIBK-XLX4X5N-4O6TVAC";
|
||||
addresses = [ "tcp://95.216.66.212:22000" ];
|
||||
};
|
||||
}
|
||||
// (device "mobi" "NGI7UN6-MR2YPYI-L7DGN3I-JFZU2N3-RJBJV6K-2VZVQSJ-PWLZYOK-PXZYRAF")
|
||||
// (device "bobi" "FOJ3D27-W5OJMQR-7S77A3V-AS5BCG2-CIGWVMP-UBSVQNN-QZLHAIZ-IO7GKAE")
|
||||
// (device "cream" "MQVKATH-THTPET5-KYAT7XX-BOIIIBA-P7OOF7Y-IWAUN53-S2VNVOY-BZWTGQK")
|
||||
// (device "cherry" "WX2HZQ7-WAOL6YR-QJYFS2L-SVUJQB4-SKHZHVE-J7XCWLQ-6GRATXX-VJUMOAH")
|
||||
// (device "chungus" "GZGW2YW-6RRUPDN-LFAOATC-56FS7LH-YC7R32N-LVA5JUX-3LSBYOX-BFR67QZ")
|
||||
{ }
|
||||
#{
|
||||
# "orbi" = {
|
||||
# name = "orbi";
|
||||
# id = "5U5ZP6R-SUQO5SY-WICWWLZ-HPHQBM5-P27YSU6-66TWIBK-XLX4X5N-4O6TVAC";
|
||||
# addresses = [ "tcp://95.216.66.212:22000" ];
|
||||
# };
|
||||
#}
|
||||
|
||||
#// (device "mobi" )
|
||||
#// (device "bobi" )
|
||||
// (clanDevice "orbi")
|
||||
// (clanDevice "cream")
|
||||
// (clanDevice "cherry")
|
||||
// (clanDevice "chungus")
|
||||
|
||||
|
||||
// (device "iPhone" "APFS6SA-VVTARXU-3WHHRZG-TE5N3T4-X4IC76V-T67EKZ6-NLGP3TW-EZYXYAH")
|
||||
// (device "iPad" "JDDNVYD-H3WMSSS-WZ745KL-7QEGN6O-ZSGQLQU-YBR2L42-7FO7KJ4-BXPYDA5")
|
||||
// {
|
||||
|
@ -52,7 +75,7 @@ with lib; {
|
|||
books = {
|
||||
enable = lib.mkDefault false;
|
||||
path = lib.mkDefault "/tmp/books";
|
||||
devices = [ "chungus" "robi" "cream" "cherry" ];
|
||||
devices = [ "chungus" "cream" "cherry" ];
|
||||
versioning = {
|
||||
type = "simple";
|
||||
params.keep = "2";
|
||||
|
@ -61,12 +84,12 @@ with lib; {
|
|||
desktop = {
|
||||
enable = lib.mkDefault false;
|
||||
path = lib.mkDefault "/tmp/desktop";
|
||||
devices = [ "chungus" "cream" "mobi" "bobi" "cherry" ];
|
||||
devices = [ "chungus" "cream" "cherry" ];
|
||||
};
|
||||
finance = {
|
||||
enable = lib.mkDefault false;
|
||||
path = lib.mkDefault "/tmp/finance";
|
||||
devices = [ "chungus" "cream" "mobi" "bobi" "cherry" ];
|
||||
devices = [ "chungus" "cream" "cherry" ];
|
||||
versioning = {
|
||||
type = "simple";
|
||||
params.keep = "10";
|
||||
|
@ -95,7 +118,7 @@ with lib; {
|
|||
password-store = {
|
||||
enable = lib.mkDefault false;
|
||||
path = lib.mkDefault "/tmp/password-store";
|
||||
devices = [ "chungus" "cream" "mobi" "bobi" "cherry" ];
|
||||
devices = [ "chungus" "cream" "cherry" ];
|
||||
versioning = {
|
||||
type = "simple";
|
||||
params.keep = "10";
|
||||
|
@ -105,7 +128,7 @@ with lib; {
|
|||
#nextcloud_backup = {
|
||||
# enable = lib.mkDefault false;
|
||||
# path = lib.mkDefault "/tmp/lost-fotos";
|
||||
# devices = [ "chungus" "robi" ];
|
||||
# devices = [ "chungus" ];
|
||||
# versioning = {
|
||||
# type = "simple";
|
||||
# params.keep = "2";
|
||||
|
|
|
@ -1,7 +1,5 @@
|
|||
{ config, pkgs, lib, ... }: {
|
||||
|
||||
#sops.secrets.syncthing_cert = { };
|
||||
#sops.secrets.syncthing_key = { };
|
||||
|
||||
services.syncthing = {
|
||||
enable = true;
|
||||
|
@ -9,8 +7,6 @@
|
|||
user = "palo";
|
||||
dataDir = "/home/palo/.syncthing";
|
||||
configDir = "/home/palo/.syncthing";
|
||||
#cert = toString config.sops.secrets.syncthing_cert.path;
|
||||
#key = toString config.sops.secrets.syncthing_key.path;
|
||||
overrideFolders = true;
|
||||
settings.folders = {
|
||||
|
||||
|
|
Loading…
Reference in a new issue