{ config, pkgs, lib, ... }: { sops.secrets.syncthing_cert = { }; sops.secrets.syncthing_key = { }; services.syncthing = { enable = true; openDefaultPorts = false; user = "palo"; dataDir = "/home/palo/.syncthing"; configDir = "/home/palo/.syncthing"; cert = toString config.sops.secrets.syncthing_cert.path; key = toString config.sops.secrets.syncthing_key.path; overrideFolders = true; folders = { # on encrypted drive # ------------------ password-store = { enable = true; path = "/home/palo/.password-store"; }; private = { enable = true; path = "/home/palo/private"; }; art = { enable = true; path = "/home/palo/art"; }; desktop = { enable = true; path = "/home/palo/desktop"; }; finance = { enable = true; path = "/home/palo/finance"; }; # no need to be encrypted # ----------------------- books = { enable = true; path = "/home/palo/books"; }; music-library = { enable = true; path = "/home/palo/music-library"; }; music-projects = { enable = true; path = "/home/palo/music-projects"; }; }; }; system.permown."/home/palo/music-library" = { owner = "palo"; group = "users"; }; system.permown."/home/palo/finance" = { owner = "palo"; group = "syncthing"; }; }