hd/cfg
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

improve syncthing config

Browse source
This commit is contained in:
Henri Dohmen 2025-12-30 14:49:21 +01:00
parent 72c6b7ce88
commit 6461102325
Signed by: hd
GPG key ID: AB79213B044674AE
5 changed files with 52 additions and 31 deletions
Download patch file Download diff file Expand all files Collapse all files

12
flake.nix
View file

@ -48,12 +48,18 @@
}@inputs: }@inputs:
let let
inherit (nixpkgs) lib; inherit (nixpkgs) lib;
lib' = import ./lib.nix { inherit lib; }; var = import ./var { inherit lib; };
lib' = import ./lib.nix { inherit lib var; };
pkgs_25-05 = import nixpkgs_25-05 { system = "x86_64-linux"; }; pkgs_25-05 = import nixpkgs_25-05 { system = "x86_64-linux"; };
specialArgs = rec { specialArgs = rec {
inherit inputs lib' pkgs_25-05; inherit
var = import ./var { inherit lib; }; inputs
lib'
pkgs_25-05
var
;
secrets = lib'.walk-dir ./secrets; secrets = lib'.walk-dir ./secrets;
}; };
overlays = _: { overlays = _: {

5
lib.nix
View file

@ -1,4 +1,4 @@
{ lib, ... }: { lib, var, ... }:
with builtins; with builtins;
rec { rec {
walk-dir = walk-dir =
@ -16,4 +16,7 @@ rec {
else else
throw "Items of type ${value} are unsupported."; throw "Items of type ${value} are unsupported.";
}) dir; }) dir;
is-desktop = x: builtins.elem x var.desktops;
is-server = x: builtins.elem x var.servers;
} }

49
mod/syncthing.nix
View file

@ -9,44 +9,47 @@ let
cfg = config.services.syncthing; cfg = config.services.syncthing;
this = config.networking.hostName; this = config.networking.hostName;
is-managed = builtins.elem this var.syncthing-managed-clients.managed_clients; is-managed = var.syncthing.managed ? ${this};
is-server = this == "roam"; is-server = this == "roam";
devices = [ devices = lib.attrNames var.syncthing.all;
"roam" desktop-devices = (lib.intersectLists var.desktops devices);
"fw"
];
devices-without-this = lib.remove this devices; folders = folders-all // (if config.hd.desktop.enable then folders-desktop else { });
type-encrypt = if is-server then "receiveencrypted" else "sendreceive";
devices-encrypt =
if is-server then
devices-without-this
else
lib.remove "roam" devices-without-this
++ [
{
name = "roam";
encryptionPasswordFile = config.age.secrets.syncthing-password.path;
}
];
folders = { folders-all = {
documents = { documents = {
id = "documents-hd"; id = "documents-hd";
path = if is-server then "/data/sync/documents-hd" else "/home/hd/Documents"; path = if is-server then "/data/sync/documents-hd" else "/home/hd/Documents";
type = type-encrypt; type = if is-server then "receiveencrypted" else "sendreceive";
devices = devices-encrypt; # all clients (desktops + servers) that have are a synthing peer but
# with untrusted servers
devices =
desktop-devices
++ (
if this != "roam" then
[
{
name = "roam";
encryptionPasswordFile = config.age.secrets.syncthing-password.path;
}
]
else
[ ]
);
versioning = { versioning = {
type = "simple"; type = "simple";
params.keep = "10"; params.keep = "10";
}; };
}; };
};
folders-desktop = {
supernote-note = rec { supernote-note = rec {
id = "supernote-note"; id = "supernote-note";
path = if is-server then "/data/sync/${id}" else "/home/hd/Documents/Supernote/Notizen"; path = if is-server then "/data/sync/${id}" else "/home/hd/Documents/Supernote/Notizen";
type = "sendreceive"; type = "sendreceive";
devices = devices-without-this ++ [ "supernote" ]; devices = desktop-devices ++ [ "supernote" ];
versioning = { versioning = {
type = "simple"; type = "simple";
params.keep = "10"; params.keep = "10";
@ -74,7 +77,7 @@ in
{ {
inherit folders; inherit folders;
settings = { settings = {
devices = var.syncthing; devices = var.syncthing.all;
}; };
key = lib.optionalAttrs is-managed config.age.secrets.syncthing-key.path; key = lib.optionalAttrs is-managed config.age.secrets.syncthing-key.path;
cert = lib.optionalAttrs is-managed "${../pki/syncthing + "/${this}.cert"}"; cert = lib.optionalAttrs is-managed "${../pki/syncthing + "/${this}.cert"}";

10
var/default.nix
View file

@ -9,12 +9,18 @@ let
}; };
load-var = x: import x inputs'; load-var = x: import x inputs';
# watch out for cycles # watch out for cycles
outputs = { outputs = rec {
"lan-dns" = load-var ./lan-dns.nix; "lan-dns" = load-var ./lan-dns.nix;
"ssh-keys" = load-var ./ssh-keys.nix; "ssh-keys" = load-var ./ssh-keys.nix;
"wg" = load-var ./wg.nix; "wg" = load-var ./wg.nix;
"syncthing" = load-var ./syncthing.nix; "syncthing" = load-var ./syncthing.nix;
"syncthing-managed-clients" = lib'.importJSON ./syncthing-managed-clients.json; desktops = [
"c2"
"fw"
"solo"
];
servers = [ "roam" ];
clients = desktops ++ servers;
}; };
in in
outputs outputs

7
var/syncthing.nix
View file

@ -1,6 +1,6 @@
{ var, lib, ... }: { var, lib, ... }:
let let
inherit (var.syncthing-managed-clients) managed_clients hashes; inherit (lib.importJSON ./syncthing-managed-clients.json) managed_clients hashes;
unmanaged = { unmanaged = {
"supernote".id = "3LHXAND-FXDIDWR-7BYAIX4-3GW2BWY-IHTX7HH-LTEDI5T-W7ETGVC-BUP2NAF"; "supernote".id = "3LHXAND-FXDIDWR-7BYAIX4-3GW2BWY-IHTX7HH-LTEDI5T-W7ETGVC-BUP2NAF";
}; };
@ -15,4 +15,7 @@ assert (
[ ] == (lib.intersectLists managed_clients (builtins.attrNames unmanaged)) [ ] == (lib.intersectLists managed_clients (builtins.attrNames unmanaged))
) "Syncthing clients must either be unmanaged or declaratively configured." ) "Syncthing clients must either be unmanaged or declaratively configured."
); );
unmanaged // builtins.mapAttrs (_: v: { id = v; }) hashes rec {
managed = builtins.mapAttrs (_: v: { id = v; }) hashes;
all = unmanaged // managed;
}