use clan facts for syncthing

This commit is contained in:
Ingolf Wagner 2024-06-02 20:50:17 +02:00
parent 4a5c162641
commit f7b7637396
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B
4 changed files with 142 additions and 49 deletions

View file

@ -142,6 +142,28 @@
"url": "https://git.clan.lol/clan/clan-core"
}
},
"clan-fact-generators": {
"inputs": {
"clan-core": [
"clan-core"
],
"flake-parts": "flake-parts",
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1717333086,
"narHash": "sha256-tCxNISnHTsW8ie9Q7ZUmKpgvrZQ3yrM1OH2qiZz8h1Q=",
"owner": "mrvandalo",
"repo": "clan-fact-generators",
"rev": "9ebc512d865d157050b81c4d15e41403197dc447",
"type": "github"
},
"original": {
"owner": "mrvandalo",
"repo": "clan-fact-generators",
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": [
@ -202,6 +224,24 @@
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1715865404,
"narHash": "sha256-/GJvTdTpuDjNn84j82cU6bXztE0MSkdnTWClUCRub78=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "8dc45382d5206bd292f9c2768b8058a8fd8311d9",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": [
"nixpkgs"
@ -221,7 +261,7 @@
"type": "github"
}
},
"flake-parts_2": {
"flake-parts_3": {
"inputs": {
"nixpkgs-lib": [
"nixos-anywhere",
@ -343,7 +383,7 @@
},
"home-manager": {
"inputs": {
"nixpkgs": "nixpkgs"
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1717052710,
@ -404,7 +444,7 @@
"landingpage": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs_2"
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1709213960,
@ -454,10 +494,10 @@
"nixos-anywhere": {
"inputs": {
"disko": "disko_2",
"flake-parts": "flake-parts_2",
"flake-parts": "flake-parts_3",
"nixos-images": "nixos-images_2",
"nixos-stable": "nixos-stable",
"nixpkgs": "nixpkgs_3",
"nixpkgs": "nixpkgs_4",
"treefmt-nix": "treefmt-nix_2"
},
"locked": {
@ -576,11 +616,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1716509168,
"narHash": "sha256-4zSIhSRRIoEBwjbPm3YiGtbd8HDWzFxJjw5DYSDy1n8=",
"lastModified": 1716948383,
"narHash": "sha256-SzDKxseEcHR5KzPXLwsemyTR/kaM9whxeiJohbL04rs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "bfb7a882678e518398ce9a31a881538679f6f092",
"rev": "ad57eef4ef0659193044870c731987a6df5cf56b",
"type": "github"
},
"original": {
@ -670,7 +710,35 @@
"type": "github"
}
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1714640452,
"narHash": "sha256-QBx10+k6JWz6u7VsohfSw8g8hjdBZEf8CFzXH1/1Z94=",
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/50eb7ecf4cd0a5756d7275c8ba36790e5bd53e33.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/50eb7ecf4cd0a5756d7275c8ba36790e5bd53e33.tar.gz"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1716509168,
"narHash": "sha256-4zSIhSRRIoEBwjbPm3YiGtbd8HDWzFxJjw5DYSDy1n8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "bfb7a882678e518398ce9a31a881538679f6f092",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1645527175,
"narHash": "sha256-WeewqaO48sCctiN+iwgZZEJRU29Si7vHHoLCINAvuk8=",
@ -685,7 +753,7 @@
"type": "github"
}
},
"nixpkgs_3": {
"nixpkgs_4": {
"locked": {
"lastModified": 1702310776,
"narHash": "sha256-T2KJpsNjAytMsP6+xrhXfAb2KTG6Yt2D4hTTugpsJFo=",
@ -701,7 +769,7 @@
"type": "github"
}
},
"nixpkgs_4": {
"nixpkgs_5": {
"locked": {
"lastModified": 1716769173,
"narHash": "sha256-7EXDb5WBw+d004Agt+JHC/Oyh/KTUglOaQ4MNjBbo5w=",
@ -717,7 +785,7 @@
"type": "github"
}
},
"nixpkgs_5": {
"nixpkgs_6": {
"locked": {
"lastModified": 1701263465,
"narHash": "sha256-lNXUIlkfyDyp9Ox21hr+wsEf/IBklLvb6bYcyeXbdRc=",
@ -733,7 +801,7 @@
"type": "github"
}
},
"nixpkgs_6": {
"nixpkgs_7": {
"locked": {
"lastModified": 1632855891,
"narHash": "sha256-crW76mt9/kbUBiKy/KiSnsQ9JEYgD3StDuYAMVkTbM0=",
@ -747,7 +815,7 @@
"type": "indirect"
}
},
"nixpkgs_7": {
"nixpkgs_8": {
"locked": {
"lastModified": 1716968199,
"narHash": "sha256-vYbYTeWF4YMKYu6lHLQH+OagpubB9aZ1+V630h6qJr4=",
@ -766,7 +834,7 @@
"overviewer": {
"inputs": {
"flake-utils": "flake-utils_2",
"nixpkgs": "nixpkgs_5",
"nixpkgs": "nixpkgs_6",
"pandoc_template": "pandoc_template"
},
"locked": {
@ -823,7 +891,7 @@
"polygon-art": {
"inputs": {
"flake-utils": "flake-utils_3",
"nixpkgs": "nixpkgs_6"
"nixpkgs": "nixpkgs_7"
},
"locked": {
"lastModified": 1688766095,
@ -871,14 +939,15 @@
"root": {
"inputs": {
"clan-core": "clan-core",
"flake-parts": "flake-parts",
"clan-fact-generators": "clan-fact-generators",
"flake-parts": "flake-parts_2",
"home-manager": "home-manager",
"home-manager-utils": "home-manager-utils",
"kmonad": "kmonad",
"landingpage": "landingpage",
"nixos-anywhere": "nixos-anywhere",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_4",
"nixpkgs": "nixpkgs_5",
"nixpkgs-legacy_2105": "nixpkgs-legacy_2105",
"nixpkgs-legacy_2205": "nixpkgs-legacy_2205",
"nixpkgs-legacy_2211": "nixpkgs-legacy_2211",
@ -938,7 +1007,7 @@
},
"srvos": {
"inputs": {
"nixpkgs": "nixpkgs_7"
"nixpkgs": "nixpkgs_8"
},
"locked": {
"lastModified": 1717058062,

View file

@ -9,7 +9,10 @@
flake-parts.url = "github:hercules-ci/flake-parts";
flake-parts.inputs.nixpkgs-lib.follows = "nixpkgs";
clan-fact-generators.url = "github:mrvandalo/clan-fact-generators";
clan-fact-generators = {
url = "github:mrvandalo/clan-fact-generators";
inputs.clan-core.follows = "clan-core";
};
clan-core = {
url = "git+https://git.clan.lol/clan/clan-core";
@ -183,7 +186,7 @@
imports = modules ++ defaultModules ++ [
./nixos/machines/${name}/configuration.nix
# clan core configuration
({ pkgs, ... }: {
({ pkgs, lib, ... }: {
imports = [
# this magically adds all my machines in the zero tier network
# and makes the controller accept them.
@ -194,7 +197,9 @@
# generate ssh host keys with facts
inputs.clan-core.clanModules.sshd
];
clan.static-hosts.topLevelDomain = "gummybear";
documentation.nixos.enable = true;
clan.static-hosts.topLevelDomain = "bear";
clan.static-hosts.excludeHosts = lib.mkForce [ ];
environment.systemPackages = [
clan-core.packages.${pkgs.system}.clan-cli
];

View file

@ -1,11 +1,34 @@
{ config, lib, pkgs, ... }:
{ config, lib, pkgs, factsGenerator, ... }:
with lib; {
networking.firewall.interfaces."gummybears".allowedTCPPorts = [ 8384 ];
clanCore.facts.services.syncthing = factsGenerator.syncthing { };
services.syncthing = {
guiAddress = lib.mkDefault "${config.networking.hostName}.private:8384";
guiAddress = lib.mkDefault "${config.networking.hostName}.${ config.clan.static-hosts.topLevelDomain }:8384";
overrideDevices = lib.mkDefault true;
key = config.clanCore.facts.services.syncthing.secret."syncthing.key".path;
cert = config.clanCore.facts.services.syncthing.secret."syncthing.cert".path;
settings.devices =
let
machineDir = "${config.clanCore.clanDir}/machines";
#machinesFileSet = builtins.readDir machineDir;
#machines = lib.mapAttrsToList (name: _: name) machinesFileSet;
syncthingPub = machine:
lib.removeSuffix "\n"
(builtins.readFile "${machineDir}/${machine}/facts/syncthing.pub");
zerotierIp = machine: (builtins.readFile "${machineDir}/${machine}/facts/zerotier-ip");
clanDevice = machine: {
"${machine}" = {
name = machine;
id = syncthingPub machine;
addresses = [ "tcp://[${zerotierIp machine}]:22000" ];
};
};
device = name: id: {
"${name}" = {
name = name;
@ -14,23 +37,23 @@ with lib; {
};
};
in
{
"robi" = {
name = "robi";
id = "B6P22RF-5BC2LTZ-6GHVWRZ-5D3OLXC-D66E45Y-JEB3WYT-ZQ442WZ-5FFAMQ7";
addresses = [ "tcp://144.76.13.147:22000" ];
};
"orbi" = {
name = "orbi";
id = "5U5ZP6R-SUQO5SY-WICWWLZ-HPHQBM5-P27YSU6-66TWIBK-XLX4X5N-4O6TVAC";
addresses = [ "tcp://95.216.66.212:22000" ];
};
}
// (device "mobi" "NGI7UN6-MR2YPYI-L7DGN3I-JFZU2N3-RJBJV6K-2VZVQSJ-PWLZYOK-PXZYRAF")
// (device "bobi" "FOJ3D27-W5OJMQR-7S77A3V-AS5BCG2-CIGWVMP-UBSVQNN-QZLHAIZ-IO7GKAE")
// (device "cream" "MQVKATH-THTPET5-KYAT7XX-BOIIIBA-P7OOF7Y-IWAUN53-S2VNVOY-BZWTGQK")
// (device "cherry" "WX2HZQ7-WAOL6YR-QJYFS2L-SVUJQB4-SKHZHVE-J7XCWLQ-6GRATXX-VJUMOAH")
// (device "chungus" "GZGW2YW-6RRUPDN-LFAOATC-56FS7LH-YC7R32N-LVA5JUX-3LSBYOX-BFR67QZ")
{ }
#{
# "orbi" = {
# name = "orbi";
# id = "5U5ZP6R-SUQO5SY-WICWWLZ-HPHQBM5-P27YSU6-66TWIBK-XLX4X5N-4O6TVAC";
# addresses = [ "tcp://95.216.66.212:22000" ];
# };
#}
#// (device "mobi" )
#// (device "bobi" )
// (clanDevice "orbi")
// (clanDevice "cream")
// (clanDevice "cherry")
// (clanDevice "chungus")
// (device "iPhone" "APFS6SA-VVTARXU-3WHHRZG-TE5N3T4-X4IC76V-T67EKZ6-NLGP3TW-EZYXYAH")
// (device "iPad" "JDDNVYD-H3WMSSS-WZ745KL-7QEGN6O-ZSGQLQU-YBR2L42-7FO7KJ4-BXPYDA5")
// {
@ -52,7 +75,7 @@ with lib; {
books = {
enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/books";
devices = [ "chungus" "robi" "cream" "cherry" ];
devices = [ "chungus" "cream" "cherry" ];
versioning = {
type = "simple";
params.keep = "2";
@ -61,12 +84,12 @@ with lib; {
desktop = {
enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/desktop";
devices = [ "chungus" "cream" "mobi" "bobi" "cherry" ];
devices = [ "chungus" "cream" "cherry" ];
};
finance = {
enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/finance";
devices = [ "chungus" "cream" "mobi" "bobi" "cherry" ];
devices = [ "chungus" "cream" "cherry" ];
versioning = {
type = "simple";
params.keep = "10";
@ -95,7 +118,7 @@ with lib; {
password-store = {
enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/password-store";
devices = [ "chungus" "cream" "mobi" "bobi" "cherry" ];
devices = [ "chungus" "cream" "cherry" ];
versioning = {
type = "simple";
params.keep = "10";
@ -105,7 +128,7 @@ with lib; {
#nextcloud_backup = {
# enable = lib.mkDefault false;
# path = lib.mkDefault "/tmp/lost-fotos";
# devices = [ "chungus" "robi" ];
# devices = [ "chungus" ];
# versioning = {
# type = "simple";
# params.keep = "2";

View file

@ -1,7 +1,5 @@
{ config, pkgs, lib, ... }: {
#sops.secrets.syncthing_cert = { };
#sops.secrets.syncthing_key = { };
services.syncthing = {
enable = true;
@ -9,8 +7,6 @@
user = "palo";
dataDir = "/home/palo/.syncthing";
configDir = "/home/palo/.syncthing";
#cert = toString config.sops.secrets.syncthing_cert.path;
#key = toString config.sops.secrets.syncthing_key.path;
overrideFolders = true;
settings.folders = {