hd/cfg
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

better syncthing setup

Browse source
This commit is contained in:
Henri Dohmen 2026-01-13 20:55:39 +01:00
parent 9f9a4d0377
commit 2c7f498d42
Signed by: hd
GPG key ID: AB79213B044674AE
8 changed files with 56 additions and 35 deletions
Download patch file Download diff file Expand all files Collapse all files

1
host/fw/default.nix
View file

@ -21,7 +21,6 @@
inputs.lanzaboote.nixosModules.lanzaboote inputs.lanzaboote.nixosModules.lanzaboote
./disko.nix ./disko.nix
./hardware-configuration.nix ./hardware-configuration.nix
./syncthing.nix
]; ];
# https://github.com/NixOS/nixos-hardware/issues/1603 # https://github.com/NixOS/nixos-hardware/issues/1603

8
host/fw/syncthing.nix
View file

@ -1,8 +0,0 @@
{ ... }:
{
services.syncthing = {
enable = true;
user = "hd";
configDir = "/home/hd/.config/syncthing";
};
}

5
host/roam/syncthing.nix
View file

@ -6,6 +6,11 @@ in
services.syncthing = { services.syncthing = {
enable = true; enable = true;
inherit guiAddress; inherit guiAddress;
settings.folders.sync = {
path = "/data/sync/documents-hd";
type = "receiveencrypted";
};
}; };
services.nginx = { services.nginx = {

6
host/solo/default.nix
View file

@ -7,6 +7,12 @@
}; };
hd.desktop.enable = true; hd.desktop.enable = true;
services.syncthing = {
enable = true;
user = "hd";
configDir = "/home/hd/.config/syncthing";
};
age.identityPaths = [ age.identityPaths = [
"/root/.ssh/id_ed25519" "/root/.ssh/id_ed25519"
]; ];

1
mod/desktop/default.nix
View file

@ -109,6 +109,7 @@ with lib;
./security.nix ./security.nix
./services.nix ./services.nix
./software ./software
./syncthing.nix
./window-manager.nix ./window-manager.nix
]; ];

29
mod/desktop/syncthing.nix Normal file
View file

@ -0,0 +1,29 @@
{ lib, var, ... }:
{
services.syncthing = {
enable = lib.mkDefault true;
user = "hd";
settings.folders = {
sync = {
path = "/home/hd/Sync";
type = "sendreceive";
};
supernote-note = rec {
id = "supernote-note";
path = "/home/hd/Sync/Dokumente/Supernote/Notizen";
type = "sendreceive";
devices = var.syncthing.device-names.desktops ++ [ "supernote" ];
versioning = {
type = "simple";
params.keep = "10";
};
};
};
};
systemd.tmpfiles.rules = [
"d /home/hd/Sync 0755 hd users - -"
"L+ /home/hd/Documents - - - - /home/hd/Sync/Dokumente"
"L+ /home/hd/Desktop - - - - /home/hd/Sync/Desktop"
];
}

34
mod/syncthing.nix
View file

@ -12,20 +12,16 @@ let
is-managed = var.syncthing.managed ? ${this}; is-managed = var.syncthing.managed ? ${this};
is-server = this == "roam"; is-server = this == "roam";
devices = lib.attrNames var.syncthing.all; folders = {
desktop-devices = (lib.intersectLists var.nixos-desktops devices); sync = {
id = "documents-hd"; # don't change ID
path = lib.mkDefault (builtins.throw "You must set services.syncthing.folders.sync.path!!!");
type = lib.mkDefault (builtins.throw "You must set services.syncthing.folders.sync.type!!!");
folders = folders-all // (if config.hd.desktop.enable then folders-desktop else { });
folders-all = {
documents = {
id = "documents-hd";
path = if is-server then "/data/sync/documents-hd" else "/home/hd/Sync";
type = if is-server then "receiveencrypted" else "sendreceive";
# all clients (desktops + servers) that have are a synthing peer but # all clients (desktops + servers) that have are a synthing peer but
# with untrusted servers # with untrusted servers
devices = devices =
desktop-devices var.syncthing.device-names.desktops
++ ( ++ (
if this != "roam" then if this != "roam" then
[ [
@ -43,19 +39,6 @@ let
}; };
}; };
}; };
folders-desktop = {
supernote-note = rec {
id = "supernote-note";
path = if is-server then "/data/sync/${id}" else "/home/hd/Sync/Dokumente/Supernote/Notizen";
type = "sendreceive";
devices = desktop-devices ++ [ "supernote" ];
versioning = {
type = "simple";
params.keep = "10";
};
};
};
in in
{ {
age.secrets.syncthing-password = lib.mkIf (cfg.enable && !is-server) { age.secrets.syncthing-password = lib.mkIf (cfg.enable && !is-server) {
@ -73,11 +56,12 @@ in
}; };
services.syncthing = lib.mkIf cfg.enable ( services.syncthing = lib.mkIf cfg.enable (
assert lib.assertMsg (builtins.elem this devices) "${this} is not in devices in mod/syncthing.nix"; assert lib.assertMsg (builtins.elem this var.syncthing.device-names.all)
"${this} is not in devices in mod/syncthing.nix";
{ {
settings = { settings = {
inherit folders; inherit folders;
devices = var.syncthing.all; devices = var.syncthing.devices;
}; };
key = lib.optionalAttrs is-managed config.age.secrets.syncthing-key.path; key = lib.optionalAttrs is-managed config.age.secrets.syncthing-key.path;
cert = lib.optionalAttrs is-managed "${../pki/syncthing + "/${this}.cert"}"; cert = lib.optionalAttrs is-managed "${../pki/syncthing + "/${this}.cert"}";

7
var/syncthing.nix
View file

@ -17,5 +17,10 @@ assert (
); );
rec { rec {
managed = builtins.mapAttrs (_: v: { id = v; }) hashes; managed = builtins.mapAttrs (_: v: { id = v; }) hashes;
all = unmanaged // managed; devices = unmanaged // managed;
device-names = rec {
all = lib.attrNames devices;
desktops = (lib.intersectLists var.nixos-desktops all);
};
} }