caspervk/nixos
1
0
Fork 0
Code Actions Activity

syncthing

Browse source
This commit is contained in:
Casper V. Kristensen 2024-05-10 20:34:38 +02:00
parent a1855c9b1f
commit d5b9bef71d
10 changed files with 129 additions and 44 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
hosts/omega/default.nix
View file

@ -4,10 +4,10 @@
../../modules/base
../../modules/desktop
../../modules/games.nix
../../modules/syncthing.nix
./hardware.nix
./borg.nix
./hardware.nix
./sway.nix
./syncthing.nix
];
networking.hostName = "omega";

31
hosts/omega/syncthing.nix Normal file
View file

@ -0,0 +1,31 @@
{
config,
secrets,
...
}: {
# NOTE: General syncthing configuration is in modules/base/syncthing.nix.
services.syncthing = {
enable = true;
# https://wiki.nixos.org/wiki/Syncthing#Declarative_node_IDs
cert = config.age.secrets.syncthing-omega-cert.path;
key = config.age.secrets.syncthing-omega-key.path;
settings = {
devices = secrets.modules.syncthing.omega.devices;
folders = secrets.modules.syncthing.omega.folders;
};
};
age.secrets.syncthing-omega-cert = {
file = "${secrets}/secrets/syncthing-omega-cert.age";
mode = "400";
owner = "caspervk";
group = "syncthing";
};
age.secrets.syncthing-omega-key = {
file = "${secrets}/secrets/syncthing-omega-key.age";
mode = "400";
owner = "caspervk";
group = "syncthing";
};
}

1
hosts/sigma/default.nix
View file

@ -15,6 +15,7 @@
./network.nix
./samba.nix
./sonarr.nix
./syncthing.nix
];
networking.hostName = "sigma";

8
hosts/sigma/network.nix
View file

@ -145,6 +145,7 @@
1234 # ad hoc
1337 # ad hoc
139 # Samba
22000 # syncthing
22 # SSH
25 # Mail SMTP
443 # Caddy
@ -157,6 +158,8 @@
];
allowedUDPPorts = [
139 # Samba
21027 # syncthing
22000 # syncthing
445 # Samba
];
};
@ -164,6 +167,7 @@
allowedTCPPorts = [
1234 # ad hoc
1337 # ad hoc
22000 # syncthing
22 # SSH
25 # Mail SMTP
443 # Caddy
@ -173,6 +177,10 @@
80 # Caddy
993 # Mail IMAPS
];
allowedUDPPorts = [
21027 # syncthing
22000 # syncthing
];
};
"wg-sigma-p2p" = {
allowedTCPPorts = [

31
hosts/sigma/syncthing.nix Normal file
View file

@ -0,0 +1,31 @@
{
config,
secrets,
...
}: {
# NOTE: General syncthing configuration is in modules/base/syncthing.nix.
services.syncthing = {
enable = true;
# https://wiki.nixos.org/wiki/Syncthing#Declarative_node_IDs
cert = config.age.secrets.syncthing-sigma-cert.path;
key = config.age.secrets.syncthing-sigma-key.path;
settings = {
devices = secrets.modules.syncthing.sigma.devices;
folders = secrets.modules.syncthing.sigma.folders;
};
};
age.secrets.syncthing-sigma-cert = {
file = "${secrets}/secrets/syncthing-sigma-cert.age";
mode = "400";
owner = "caspervk";
group = "syncthing";
};
age.secrets.syncthing-sigma-key = {
file = "${secrets}/secrets/syncthing-sigma-key.age";
mode = "400";
owner = "caspervk";
group = "syncthing";
};
}

4
hosts/zeta/default.nix
View file

@ -3,10 +3,10 @@
../../overlays
../../modules/base
../../modules/desktop
../../modules/syncthing.nix
./hardware.nix
./borg.nix
./hardware.nix
./sway.nix
./syncthing.nix
];
networking.hostName = "zeta";

31
hosts/zeta/syncthing.nix Normal file
View file

@ -0,0 +1,31 @@
{
config,
secrets,
...
}: {
# NOTE: General syncthing configuration is in modules/base/syncthing.nix.
services.syncthing = {
enable = true;
# https://wiki.nixos.org/wiki/Syncthing#Declarative_node_IDs
cert = config.age.secrets.syncthing-zeta-cert.path;
key = config.age.secrets.syncthing-zeta-key.path;
settings = {
devices = secrets.modules.syncthing.zeta.devices;
folders = secrets.modules.syncthing.zeta.folders;
};
};
age.secrets.syncthing-zeta-cert = {
file = "${secrets}/secrets/syncthing-zeta-cert.age";
mode = "400";
owner = "caspervk";
group = "syncthing";
};
age.secrets.syncthing-zeta-key = {
file = "${secrets}/secrets/syncthing-zeta-key.age";
mode = "400";
owner = "caspervk";
group = "syncthing";
};
}

1
modules/base/default.nix
View file

@ -15,6 +15,7 @@
./ripgrep.nix
./ssh.nix
./sudo.nix
./syncthing.nix
./users.nix
./vim
];

22
modules/base/syncthing.nix Normal file
View file

@ -0,0 +1,22 @@
{...}: {
# Syncthing is a continuous file synchronization program. It synchronizes
# files between two or more computers in real time. It's basically a
# self-hosted Dropbox for Linux users, but without FTP, curlftpfs, and SVN.
# https://wiki.nixos.org/wiki/Syncthing
#
# Access server's WebUI from desktop:
# > ssh -L 9999:localhost:8384 sigma
services.syncthing = {
# NOTE: syncthing is enabled and further configured in
# hosts/*/syncthing.nix.
openDefaultPorts = true;
user = "caspervk";
dataDir = "/home/caspervk";
settings = {
options = {
# Don't submit anonymous usage data
urAccepted = -1;
};
};
};
}

40
modules/syncthing.nix
View file

@ -1,40 +0,0 @@
{...}: {
# Syncthing is a continuous file synchronization program. It synchronizes
# files between two or more computers in real time. It's basically a
# self-hosted Dropbox for Linux users, but without FTP, curlftpfs, and SVN.
# https://nixos.wiki/wiki/Syncthing
services.syncthing = {
enable = true;
user = "caspervk";
group = "users";
# The directory where synchronised directories will exist
dataDir = "/home/caspervk";
settings = {
# Devices ignore their own IDs, allowing for a single configuration.
# TODO: Syncthing generates a private key and ID the first time it is
# started. On first install, add the devices' ID here and apply to the
# other ones. When we get a proper secret management scheme, such as
# agenix, the private keys should be managed declaratively as well.
devices = {
"android" = {id = "IBP6YKY-KGWYPCH-J3CHAQ5-GKCIQ3U-X2L7S7V-BH635EE-ZEDQHN2-ZB4CBAP";};
"lambda" = {
id = "WES3JH4-S34HTC5-42YZHUJ-MX3Z6PA-PFO72KA-YIJMDOB-GQWZXZ3-I7BBTAS";
addresses = ["tcp://lambda.caspervk.net"];
};
"omega" = {id = "EZIQ7SI-Y6BBLUY-QI4EEYU-UNIXPSG-R6X5E77-AA2UC7S-VRV2LKQ-RNBOGQT";};
"zeta" = {id = "GQRNHAQ-MMRQYMD-P4RCA6I-5DJ3HXO-J2N2GVP-UGI55YR-HD3EYSO-ERU5QQV";};
};
folders = {
"keepass" = {
path = "~/keepass";
devices = ["android" "lambda" "omega" "zeta"];
};
"sync" = {
path = "~/sync";
devices = ["lambda" "omega" "zeta"];
};
};
};
};
}