created syncthing module

2025-10-02 14:58:57 -06:00 · 2025-10-02 14:58:57 -06:00 · 2e42d1ebfd
commit 2e42d1ebfd
parent 6ceabf32f5
4 changed files with 122 additions and 100 deletions
--- a/config/jawz.nix
+++ b/config/jawz.nix
@ -23,9 +23,6 @@ in
      jawz-password.neededForUsers = true;
      "private_keys/${hostName}" = keyConfig "${baseDir}_${hostName}";
      "git_private_keys/${hostName}" = keyConfig "${baseDir}_git";
-      "syncthing_keys/${hostName}" = keyConfig ".config/syncthing/key.pem";
-      "syncthing_certs/${hostName}" = keyConfig ".config/syncthing/cert.pem";
-      "syncthing_password".sopsFile = ../secrets/keys.yaml;
    }
  );
  home-manager.users.jawz = {
@ -48,103 +45,6 @@ in
      };
    };
  };
-  services.syncthing = lib.mkIf config.my.secureHost {
-    enable = true;
-    user = "jawz";
-    group = "users";
-    overrideDevices = true;
-    overrideFolders = true;
-    openDefaultPorts = true;
-    key = config.sops.secrets."syncthing_keys/${hostName}".path;
-    cert = config.sops.secrets."syncthing_certs/${hostName}".path;
-    guiAddress = "${config.my.ips."${hostName}"}:8384";
-    settings = {
-      options = {
-        natEnabled = false;
-        relaysEnabled = false;
-        globalAnnounceEnabled = false;
-      };
-      gui = {
-        user = "jawz";
-        password = config.sops.secrets.syncthing_password.path;
-      };
-      devices = {
-        server.id = "BG6PF7S-KATABWO-7WAZFMX-6YO7IS3-WQTMR3M-VSOSV7V-HFFMNNH-BFX2EQ4";
-        miniserver.id = "HDYEGIR-GFU7ONK-MOOJUFH-N3L3XHX-SXWN3FI-O23K6LD-BJENQK5-VIPV2AT";
-        workstation.id = "4E4KJ6M-MSTNBVF-D7CNHDW-DUTB3VR-SXKZ4NH-ZKAOMF5-V24JECJ-4STSZAA";
-        galaxy.id = "UAZ5YDV-YUFBXOY-QMS6S6R-WPIIKZI-4OPPW5L-G4OVUPO-YW5KFYY-YASRAAV";
-        phone.id = "OSOX2VZ-AO2SA3C-BFB6NKF-K6CR6WX-64TDBKW-RRKEKJ4-FKZE5CV-J2RGJAJ";
-        wg-friend1 = {
-          id = "XBIYCD4-EFKS5SK-WFF73CU-P37GXVH-OMWEIA4-6KC5F3L-U5UQWSF-SYNNRQF";
-          addresses = [ "tcp://${config.my.ips.wg-friend1}:22000" ];
-          introducer = false;
-          autoAcceptFolders = false;
-          paused = false;
-        };
-      };
-      folders =
-        let
-          isMainHost = hostName == "workstation";
-          mkMobile =
-            path:
-            lib.mkIf isMainHost {
-              inherit path;
-              ignorePerms = false;
-              devices = [
-                "galaxy"
-                "phone"
-              ];
-            };
-        in
-        {
-          cache = mkMobile "~/Downloads/cache/";
-          friends = mkMobile "~/Pictures/artist/friends/";
-          forme = mkMobile "~/Pictures/art for me/";
-          comfy = mkMobile "~/Development/AI/ComfyUI/output/";
-          gdl = {
-            path = "~/.config/jawz/";
-            ignorePerms = false;
-            devices = [
-              "server"
-              "miniserver"
-              "workstation"
-            ];
-          };
-          librewolf = {
-            path = "~/.librewolf/";
-            ignorePerms = false;
-            copyOwnershipFromParent = true;
-            type = if isMainHost then "sendonly" else "receiveonly";
-            devices = [
-              "server"
-              "miniserver"
-              "workstation"
-            ];
-          };
-          notes = {
-            path = "~/Documents/Notes";
-            ignorePerms = false;
-            devices = [
-              "galaxy"
-              "phone"
-              "server"
-              "miniserver"
-              "workstation"
-            ];
-          };
-          friend_share = {
-            path = "~/Pictures/encrypted/friends";
-            ignorePerms = false;
-            type = "sendreceive";
-            devices = [
-              "server"
-              "workstation"
-              "wg-friend1"
-            ];
-          };
-        };
-    };
-  };
  users.users.jawz = {
    uid = 1000;
    linger = true;
--- a/hosts/server/toggles.nix
+++ b/hosts/server/toggles.nix
@ -27,6 +27,7 @@ in
  services = enableList mkEnabled [
    "network"
    "nvidia"
+    "syncthing"
  ];
  dev = enableList mkEnabled [
    "nix"
--- a/hosts/workstation/toggles.nix
+++ b/hosts/workstation/toggles.nix
@ -38,6 +38,7 @@ in
    "nvidia"
    "printing"
    "sound"
+    "syncthing"
  ];
  scripts = enableList mkEnabled [
    "tasks"
--- a/modules/services/syncthing.nix
+++ b/modules/services/syncthing.nix
@ -0,0 +1,120 @@
+{ config, lib, ... }:
+let
+  inherit (config.networking) hostName;
+  isMainHost = hostName == "workstation";
+  mkMobile =
+    path:
+    lib.mkIf isMainHost {
+      inherit path;
+      ignorePerms = false;
+      devices = [
+        "galaxy"
+        "phone"
+      ];
+    };
+in
+{
+  options.my.services.syncthing.enable = lib.mkEnableOption "Syncthing file synchronization";
+  config = lib.mkIf (config.my.services.syncthing.enable && config.my.secureHost) {
+    sops.secrets = {
+      "syncthing_keys/${hostName}" = {
+        sopsFile = ../../secrets/keys.yaml;
+        owner = config.users.users.jawz.name;
+        inherit (config.users.users.jawz) group;
+        path = "/home/jawz/.config/syncthing/key.pem";
+      };
+      "syncthing_certs/${hostName}" = {
+        sopsFile = ../../secrets/keys.yaml;
+        owner = config.users.users.jawz.name;
+        inherit (config.users.users.jawz) group;
+        path = "/home/jawz/.config/syncthing/cert.pem";
+      };
+      "syncthing_password" = {
+        sopsFile = ../../secrets/keys.yaml;
+      };
+    };
+    services.syncthing = {
+      enable = true;
+      user = "jawz";
+      group = "users";
+      overrideDevices = true;
+      overrideFolders = true;
+      openDefaultPorts = true;
+      key = config.sops.secrets."syncthing_keys/${hostName}".path;
+      cert = config.sops.secrets."syncthing_certs/${hostName}".path;
+      guiAddress = "${config.my.ips."${hostName}"}:8384";
+      settings = {
+        options = {
+          natEnabled = false;
+          relaysEnabled = false;
+          globalAnnounceEnabled = false;
+        };
+        gui = {
+          user = "jawz";
+          password = config.sops.secrets.syncthing_password.path;
+        };
+        devices = {
+          server.id = "BG6PF7S-KATABWO-7WAZFMX-6YO7IS3-WQTMR3M-VSOSV7V-HFFMNNH-BFX2EQ4";
+          miniserver.id = "HDYEGIR-GFU7ONK-MOOJUFH-N3L3XHX-SXWN3FI-O23K6LD-BJENQK5-VIPV2AT";
+          workstation.id = "4E4KJ6M-MSTNBVF-D7CNHDW-DUTB3VR-SXKZ4NH-ZKAOMF5-V24JECJ-4STSZAA";
+          galaxy.id = "UAZ5YDV-YUFBXOY-QMS6S6R-WPIIKZI-4OPPW5L-G4OVUPO-YW5KFYY-YASRAAV";
+          phone.id = "OSOX2VZ-AO2SA3C-BFB6NKF-K6CR6WX-64TDBKW-RRKEKJ4-FKZE5CV-J2RGJAJ";
+          wg-friend1 = {
+            id = "XBIYCD4-EFKS5SK-WFF73CU-P37GXVH-OMWEIA4-6KC5F3L-U5UQWSF-SYNNRQF";
+            addresses = [ "tcp://${config.my.ips.wg-friend1}:22000" ];
+            introducer = false;
+            autoAcceptFolders = false;
+            paused = false;
+          };
+        };
+        folders = {
+          cache = mkMobile "~/Downloads/cache/";
+          friends = mkMobile "~/Pictures/artist/friends/";
+          forme = mkMobile "~/Pictures/art for me/";
+          comfy = mkMobile "~/Development/AI/ComfyUI/output/";
+          gdl = {
+            path = "~/.config/jawz/";
+            ignorePerms = false;
+            devices = [
+              "server"
+              "miniserver"
+              "workstation"
+            ];
+          };
+          librewolf = {
+            path = "~/.librewolf/";
+            ignorePerms = false;
+            copyOwnershipFromParent = true;
+            type = if isMainHost then "sendonly" else "receiveonly";
+            devices = [
+              "server"
+              "miniserver"
+              "workstation"
+            ];
+          };
+          notes = {
+            path = "~/Documents/Notes";
+            ignorePerms = false;
+            devices = [
+              "galaxy"
+              "phone"
+              "server"
+              "miniserver"
+              "workstation"
+            ];
+          };
+          friend_share = {
+            path = "~/Pictures/encrypted/friends";
+            ignorePerms = false;
+            type = "sendreceive";
+            devices = [
+              "server"
+              "workstation"
+              "wg-friend1"
+            ];
+          };
+        };
+      };
+    };
+  };
+}