jawz/NixOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

syncthing setup

Browse Source
This commit is contained in:
Danilo Reyes
2024-10-22 00:02:09 -06:00
parent 3f769d34a0
commit bd278baa5f
2 changed files with 47 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
jawz.nix
View File

@@ -1,4 +1,7 @@
{ config, ... }:
let
hostName = config.networking.hostName;
in
{
sops.secrets =
let
@@ -6,16 +9,45 @@
sopsFile = ./secrets/keys.yaml;
owner = config.users.users.jawz.name;
inherit (config.users.users.jawz) group;
path = "/home/jawz/.ssh/${file}";
path = "/home/jawz/${file}";
};
in
{
jawz-password.neededForUsers = true;
"private_keys/age" = keyConfig "ed25519_age";
"public_keys/age" = keyConfig "ed25519_age.pub";
"private_keys/${config.networking.hostName}" = keyConfig "ed25519_${config.networking.hostName}";
"git_private_keys/${config.networking.hostName}" = keyConfig "ed25519_git";
"private_keys/age" = keyConfig ".ssh/ed25519_age";
"public_keys/age" = keyConfig ".ssh/ed25519_age.pub";
"private_keys/${hostName}" = keyConfig ".ssh/ed25519_${hostName}";
"git_private_keys/${hostName}" = keyConfig ".ssh/ed25519_git";
"syncthing_keys/${hostName}" = keyConfig ".config/syncthing/key.pem";
"syncthing_certs/${hostName}" = keyConfig ".config/syncthing/cert.pem";
};
services.syncthing = {
enable = true;
user = "jawz";
group = "users";
overrideDevices = true;
overrideFolders = true;
key = "${config.sops.secrets."syncthing_keys/${hostName}".path}";
cert = "${config.sops.secrets."syncthing_certs/${hostName}".path}";
settings = {
devices = {
server.id = "BG6PF7S-KATABWO-7WAZFMX-6YO7IS3-WQTMR3M-VSOSV7V-HFFMNNH-BFX2EQ4";
miniserver.id = "HDYEGIR-GFU7ONK-MOOJUFH-N3L3XHX-SXWN3FI-O23K6LD-BJENQK5-VIPV2AT";
workstation.id = "4E4KJ6M-MSTNBVF-D7CNHDW-DUTB3VR-SXKZ4NH-ZKAOMF5-V24JECJ-4STSZAA";
};
folders = {
"gdl" = {
path = "/home/jawz/.config/jawz/";
devices = [
"server"
"miniserver"
"workstation"
];
ignorePerms = false;
};
};
};
};
users.users.jawz = {
linger = true;
isNormalUser = true;