From 2c7f498d4265c6e5f25898919dc78709c2d954bf Mon Sep 17 00:00:00 2001 From: Henri Dohmen Date: Tue, 13 Jan 2026 20:55:39 +0100 Subject: [PATCH] better syncthing setup --- host/fw/default.nix | 1 - host/fw/syncthing.nix | 8 -------- host/roam/syncthing.nix | 5 +++++ host/solo/default.nix | 6 ++++++ mod/desktop/default.nix | 1 + mod/desktop/syncthing.nix | 29 +++++++++++++++++++++++++++++ mod/syncthing.nix | 34 +++++++++------------------------- var/syncthing.nix | 7 ++++++- 8 files changed, 56 insertions(+), 35 deletions(-) delete mode 100644 host/fw/syncthing.nix create mode 100644 mod/desktop/syncthing.nix diff --git a/host/fw/default.nix b/host/fw/default.nix index cd57dee..60af631 100644 --- a/host/fw/default.nix +++ b/host/fw/default.nix @@ -21,7 +21,6 @@ inputs.lanzaboote.nixosModules.lanzaboote ./disko.nix ./hardware-configuration.nix - ./syncthing.nix ]; # https://github.com/NixOS/nixos-hardware/issues/1603 diff --git a/host/fw/syncthing.nix b/host/fw/syncthing.nix deleted file mode 100644 index dd0c768..0000000 --- a/host/fw/syncthing.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ ... }: -{ - services.syncthing = { - enable = true; - user = "hd"; - configDir = "/home/hd/.config/syncthing"; - }; -} diff --git a/host/roam/syncthing.nix b/host/roam/syncthing.nix index 4d5e129..8242e0c 100644 --- a/host/roam/syncthing.nix +++ b/host/roam/syncthing.nix @@ -6,6 +6,11 @@ in services.syncthing = { enable = true; inherit guiAddress; + + settings.folders.sync = { + path = "/data/sync/documents-hd"; + type = "receiveencrypted"; + }; }; services.nginx = { diff --git a/host/solo/default.nix b/host/solo/default.nix index 5c82724..a34233a 100644 --- a/host/solo/default.nix +++ b/host/solo/default.nix @@ -7,6 +7,12 @@ }; hd.desktop.enable = true; + services.syncthing = { + enable = true; + user = "hd"; + configDir = "/home/hd/.config/syncthing"; + }; + age.identityPaths = [ "/root/.ssh/id_ed25519" ]; diff --git a/mod/desktop/default.nix b/mod/desktop/default.nix index f9661c7..8168d23 100644 --- a/mod/desktop/default.nix +++ b/mod/desktop/default.nix @@ -109,6 +109,7 @@ with lib; ./security.nix ./services.nix ./software + ./syncthing.nix ./window-manager.nix ]; diff --git a/mod/desktop/syncthing.nix b/mod/desktop/syncthing.nix new file mode 100644 index 0000000..936cb94 --- /dev/null +++ b/mod/desktop/syncthing.nix @@ -0,0 +1,29 @@ +{ lib, var, ... }: +{ + services.syncthing = { + enable = lib.mkDefault true; + user = "hd"; + settings.folders = { + sync = { + path = "/home/hd/Sync"; + type = "sendreceive"; + }; + supernote-note = rec { + id = "supernote-note"; + path = "/home/hd/Sync/Dokumente/Supernote/Notizen"; + type = "sendreceive"; + devices = var.syncthing.device-names.desktops ++ [ "supernote" ]; + versioning = { + type = "simple"; + params.keep = "10"; + }; + }; + }; + }; + + systemd.tmpfiles.rules = [ + "d /home/hd/Sync 0755 hd users - -" + "L+ /home/hd/Documents - - - - /home/hd/Sync/Dokumente" + "L+ /home/hd/Desktop - - - - /home/hd/Sync/Desktop" + ]; +} diff --git a/mod/syncthing.nix b/mod/syncthing.nix index 93cfc43..ced8615 100644 --- a/mod/syncthing.nix +++ b/mod/syncthing.nix @@ -12,20 +12,16 @@ let is-managed = var.syncthing.managed ? ${this}; is-server = this == "roam"; - devices = lib.attrNames var.syncthing.all; - desktop-devices = (lib.intersectLists var.nixos-desktops devices); + folders = { + sync = { + id = "documents-hd"; # don't change ID + path = lib.mkDefault (builtins.throw "You must set services.syncthing.folders.sync.path!!!"); + type = lib.mkDefault (builtins.throw "You must set services.syncthing.folders.sync.type!!!"); - folders = folders-all // (if config.hd.desktop.enable then folders-desktop else { }); - - folders-all = { - documents = { - id = "documents-hd"; - path = if is-server then "/data/sync/documents-hd" else "/home/hd/Sync"; - type = if is-server then "receiveencrypted" else "sendreceive"; # all clients (desktops + servers) that have are a synthing peer but # with untrusted servers devices = - desktop-devices + var.syncthing.device-names.desktops ++ ( if this != "roam" then [ @@ -43,19 +39,6 @@ let }; }; }; - - folders-desktop = { - supernote-note = rec { - id = "supernote-note"; - path = if is-server then "/data/sync/${id}" else "/home/hd/Sync/Dokumente/Supernote/Notizen"; - type = "sendreceive"; - devices = desktop-devices ++ [ "supernote" ]; - versioning = { - type = "simple"; - params.keep = "10"; - }; - }; - }; in { age.secrets.syncthing-password = lib.mkIf (cfg.enable && !is-server) { @@ -73,11 +56,12 @@ in }; services.syncthing = lib.mkIf cfg.enable ( - assert lib.assertMsg (builtins.elem this devices) "${this} is not in devices in mod/syncthing.nix"; + assert lib.assertMsg (builtins.elem this var.syncthing.device-names.all) + "${this} is not in devices in mod/syncthing.nix"; { settings = { inherit folders; - devices = var.syncthing.all; + devices = var.syncthing.devices; }; key = lib.optionalAttrs is-managed config.age.secrets.syncthing-key.path; cert = lib.optionalAttrs is-managed "${../pki/syncthing + "/${this}.cert"}"; diff --git a/var/syncthing.nix b/var/syncthing.nix index 6604b69..064dc99 100644 --- a/var/syncthing.nix +++ b/var/syncthing.nix @@ -17,5 +17,10 @@ assert ( ); rec { managed = builtins.mapAttrs (_: v: { id = v; }) hashes; - all = unmanaged // managed; + devices = unmanaged // managed; + + device-names = rec { + all = lib.attrNames devices; + desktops = (lib.intersectLists var.nixos-desktops all); + }; }