66 lines
1.7 KiB
Nix
66 lines
1.7 KiB
Nix
{
|
|
var,
|
|
config,
|
|
lib,
|
|
secrets,
|
|
...
|
|
}:
|
|
let
|
|
cfg = config.services.syncthing;
|
|
this = config.networking.hostName;
|
|
|
|
is-managed = var.syncthing.managed ? ${this};
|
|
is-server = this == "roam";
|
|
|
|
folders = {
|
|
sync = {
|
|
id = "documents-hd"; # don't change ID
|
|
path = lib.mkDefault (builtins.throw "You must set services.syncthing.folders.sync.path!!!");
|
|
type = lib.mkDefault (builtins.throw "You must set services.syncthing.folders.sync.type!!!");
|
|
|
|
# all clients (desktops + servers) that have are a synthing peer but
|
|
# with untrusted servers
|
|
devices =
|
|
var.syncthing.device-names.desktops
|
|
++ (
|
|
if this != "roam" then
|
|
[
|
|
{
|
|
name = "roam";
|
|
encryptionPasswordFile = config.age.secrets.syncthing-password.path;
|
|
}
|
|
]
|
|
else
|
|
[ ]
|
|
);
|
|
versioning = {
|
|
type = "simple";
|
|
params.keep = "10";
|
|
};
|
|
};
|
|
};
|
|
in
|
|
{
|
|
age.secrets.syncthing-password = lib.mkIf (cfg.enable && !is-server) {
|
|
file = secrets."syncthing-password.age";
|
|
mode = "440";
|
|
owner = config.services.syncthing.user;
|
|
group = config.services.syncthing.group;
|
|
};
|
|
|
|
age.secrets.syncthing-key = lib.mkIf (cfg.enable && is-managed) {
|
|
file = secrets.syncthing."${this}.age";
|
|
mode = "440";
|
|
owner = config.services.syncthing.user;
|
|
group = config.services.syncthing.group;
|
|
};
|
|
|
|
services.syncthing = lib.mkIf cfg.enable ({
|
|
settings = {
|
|
inherit folders;
|
|
devices = var.syncthing.devices;
|
|
};
|
|
key = lib.optionalAttrs is-managed config.age.secrets.syncthing-key.path;
|
|
cert = lib.optionalAttrs is-managed "${../pki/syncthing + "/${this}.cert"}";
|
|
});
|
|
}
|