nixos-config/nixos/machines/robi/syncthing.nix

{ config, pkgs, lib, ... }: {

  imports = [ ../../system/all/syncthing.nix ];

  sops.secrets.syncthing_cert = { };
  sops.secrets.syncthing_key = { };

  networking.firewall.allowedTCPPorts = [ 22000 ];
  networking.firewall.allowedUDPPorts = [ 22000 ];

  services.syncthing = {
    enable = true;
    openDefaultPorts = false;
    dataDir = "/media/syncthing/config";
    configDir = "/media/syncthing/config";
    overrideDevices = true;
    overrideFolders = true;
    cert = toString config.sops.secrets.syncthing_cert.path;
    key = toString config.sops.secrets.syncthing_key.path;

    folders = {

      # on media hard drive (not encrypted)
      # -----------------------------------
      #borg-mirror = {
      #  enable = true;
      #  path = "/media/syncthing/borg";
      #  rescanInterval = 36 * 3600;
      #  type = "sendonly";
      #};
      #video-material = {
      #  enable = true;
      #  path = "/home/syncthing/video-material";
      #};
      books = {
        enable = true;
        path = "/media/syncthing/books";
      };
      lost-fotos = {
        enable = true;
        path = "/media/syncthing/lost-fotos.ct";
        rescanInterval = 40 * 24 * 3600;
      };
      movies = {
        enable = true;
        watch = true;
        path = "/media/syncthing/movies";
        rescanInterval = 16 * 3600;
      };
      music-library = {
        enable = true;
        watch = true;
        path = "/media/syncthing/music";
        rescanInterval = 2 * 24 * 3600;
      };
      music-projects = {
        enable = true;
        watch = true;
        path = "/media/syncthing/music-projects";
      };
      nextcloud_backup = {
        enable = true;
        watch = true;
        path = "/media/syncthing/nextcloud_backup";
        rescanInterval = 23 * 3600;
      };
      samples = {
        enable = true;
        watch = true;
        path = "/media/syncthing/samples";
        rescanInterval = 41 * 24 * 3600;
      };
      series = {
        enable = true;
        watch = true;
        path = "/media/syncthing/series";
        rescanInterval = 15 * 3600;
      };

    };
  };

  services.permown."/media/syncthing" = {
    owner = "syncthing";
    group = "syncthing";
    umask = "0002";
  };
  systemd.services."permown._media_syncthing" = {
    bindsTo = [ "media.mount" ];
    after = [ "media.mount" ];
  };
  systemd.services."syncthing" = {
    bindsTo = [ "media.mount" ];
    after = [ "media.mount" ];
  };

}