nixos-config/nixos/machines/pepe/syncthing.nix

{ config, pkgs, lib, ... }: {

  users.groups."syncthing".members = [ "mpd" "syncthing" "upload" ];

  custom.samba-share = {
    enable = true;
    folders = {
      #media = config.services.syncthing.folders.media.path;
      media = "/media/syncthing/media";
    };
    private.upload = {
      folder = "/media/upload";
      users = "upload";
    };
  };

  users.users.upload = {
    isNormalUser = true;
    group = "upload";
  };

  users.groups.upload = { };

  sops.secrets.syncthing_cert = { };
  sops.secrets.syncthing_key = { };

  services.syncthing = {
    enable = true;
    openDefaultPorts = true;
    cert = toString config.sops.secrets.syncthing_cert.path;
    key = toString config.sops.secrets.syncthing_key.path;

    overrideFolders = true;
    folders = {

      # on encrypted drive
      # ------------------
      private = {
        enable = true;
        path = "/home/syncthing/private";
      };
      art = {
        enable = true;
        path = "/home/syncthing/art";
      };
      password-store = {
        enable = true;
        path = "/home/syncthing/password-store";
      };
      desktop = {
        enable = true;
        path = "/home/syncthing/desktop";
      };
      finance = {
        enable = true;
        path = "/home/syncthing/finance";
      };
      fotos = {
        enable = true;
        path = "/home/syncthing/fotos";
      };

      # no need to be encrypted
      # -----------------------
      books = {
        enable = true;
        path = "/media/syncthing/books";
        rescanInterval = 40 * 24 * 3600;
      };
      lost-fotos = {
        enable = true;
        path = "/media/syncthing/lost-fotos.ct";
        rescanInterval = 5 * 31 * 24 * 3600;
      };
      #media = {
      #  enable = true;
      #  path = "/media/syncthing/media";
      #  rescanInterval = 30 * 24 * 3600;
      #  type = "receiveonly";
      #  versioning = {
      #    type = "simple";
      #    params.keep = "3";
      #  };
      #};
      music-projects = {
        enable = true;
        path = "/media/syncthing/music-projects";
        rescanInterval = 8 * 3600;
      };
      nextcloud_backup = {
        enable = true;
        path = "/media/syncthing/nextcloud_backup";
        rescanInterval = 8 * 3600;
      };
    };
  };

  services.permown."/home/syncthing" = {
    owner = "syncthing";
    group = "syncthing";
  };
  services.permown."/media/syncthing" = {
    owner = "syncthing";
    group = "syncthing";
  };
  systemd.services."permown._media_syncthing" = {
    bindsTo = [ "media.mount" ];
    after = [ "media.mount" ];
  };
  systemd.services."syncthing" = {
    bindsTo = [ "media.mount" ];
    after = [ "media.mount" ];
  };

  backup.dirs = [
    config.services.syncthing.folders.finance.path
  ];

}