nixos-config/nixos/components/network/syncthing.nix
2024-06-05 16:56:37 +02:00

157 lines
4.8 KiB
Nix

{ config, lib, pkgs, factsGenerator, ... }:
with lib; {
networking.firewall.interfaces."gummybears".allowedTCPPorts = [ 8384 ];
clanCore.facts.services.syncthing = factsGenerator.syncthing { };
systemd.tmpfiles.settings.syncthing = {
"/run/facts/syncthing.key".C = {
type = "C";
user = config.services.syncthing.user;
group = config.services.syncthing.group;
mode = "400";
argument = config.clanCore.facts.services.syncthing.secret."syncthing.key".path;
};
"/run/facts/syncthing.cert".C = {
type = "C";
user = config.services.syncthing.user;
group = config.services.syncthing.group;
mode = "400";
argument = config.clanCore.facts.services.syncthing.secret."syncthing.cert".path;
};
};
services.syncthing = {
enable = lib.mkForce false; # fixme: make sure zerotier works befor enabling this again.
guiAddress = lib.mkDefault "${config.networking.hostName}.${ config.clan.static-hosts.topLevelDomain }:8384";
overrideDevices = lib.mkDefault true;
key = "/run/facts/syncthing.key";
cert = "/run/facts/syncthing.cert";
settings.devices =
let
machineDir = "${config.clanCore.clanDir}/machines";
#machinesFileSet = builtins.readDir machineDir;
#machines = lib.mapAttrsToList (name: _: name) machinesFileSet;
syncthingPub = machine:
lib.removeSuffix "\n"
(builtins.readFile "${machineDir}/${machine}/facts/syncthing.pub");
zerotierIp = machine: (builtins.readFile "${machineDir}/${machine}/facts/zerotier-ip");
clanDevice = machine: {
"${machine}" = {
name = machine;
id = syncthingPub machine;
addresses = [ "tcp://[${zerotierIp machine}]:22000" ];
};
};
device = name: id: {
"${name}" = {
name = name;
id = id;
addresses = [ "tcp://${name}.private:22000" ];
};
};
in
{ }
#{
# "orbi" = {
# name = "orbi";
# id = "5U5ZP6R-SUQO5SY-WICWWLZ-HPHQBM5-P27YSU6-66TWIBK-XLX4X5N-4O6TVAC";
# addresses = [ "tcp://95.216.66.212:22000" ];
# };
#}
#// (device "mobi" )
#// (device "bobi" )
// (clanDevice "orbi")
// (clanDevice "cream")
// (clanDevice "cherry")
// (clanDevice "chungus")
// (device "iPhone" "APFS6SA-VVTARXU-3WHHRZG-TE5N3T4-X4IC76V-T67EKZ6-NLGP3TW-EZYXYAH")
// (device "iPad" "JDDNVYD-H3WMSSS-WZ745KL-7QEGN6O-ZSGQLQU-YBR2L42-7FO7KJ4-BXPYDA5")
// {
bumba = {
name = "windows-bumba";
id = "JS7PWTO-VKFGBUP-GNFLSWP-MGFJ2KH-HLO2LKW-V3RPCR6-PCB5SQC-42FCKQZ";
};
};
settings.folders = {
# needs to be on encrypted drives
# -------------------------------
audiobooks = {
enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/audiobooks";
devices = [ "chungus" "orbi" ];
};
books = {
enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/books";
devices = [ "chungus" "cream" "cherry" ];
versioning = {
type = "simple";
params.keep = "2";
};
};
desktop = {
enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/desktop";
devices = [ "chungus" "cream" "cherry" ];
};
finance = {
enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/finance";
devices = [ "chungus" "cream" "cherry" ];
versioning = {
type = "simple";
params.keep = "10";
};
};
flix = {
enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/flix";
devices = [ "chungus" "orbi" ];
};
logseq = {
enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/logseq";
devices = [ "chungus" "cream" "cherry" "iPhone" "iPad" ];
};
lectures = {
enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/lectures";
devices = [ "chungus" "orbi" ];
};
oscar_cpap = {
enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/oscar_cpap";
devices = [ "chungus" "cream" "cherry" ];
};
password-store = {
enable = lib.mkDefault false;
path = lib.mkDefault "/tmp/password-store";
devices = [ "chungus" "cream" "cherry" ];
versioning = {
type = "simple";
params.keep = "10";
};
};
# todo remove if zfs is is used
#nextcloud_backup = {
# enable = lib.mkDefault false;
# path = lib.mkDefault "/tmp/lost-fotos";
# devices = [ "chungus" ];
# versioning = {
# type = "simple";
# params.keep = "2";
# };
#};
};
};
}