From 4323aed986467a9000241edf5f0a99e265d21970 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leon=20Schwarz=C3=A4ugl?= Date: Mon, 21 Jul 2025 22:28:48 +0200 Subject: [PATCH] chore: centralize syncthing config --- SwarselSystems.org | 278 ++++++++++------------------ hosts/nixos/moonside/default.nix | 165 +++++------------ modules/nixos/client/syncthing.nix | 24 +-- modules/nixos/server/syncthing.nix | 88 +++++---- profiles/nixos/moonside/default.nix | 1 + 5 files changed, 200 insertions(+), 356 deletions(-) diff --git a/SwarselSystems.org b/SwarselSystems.org index abf3b0f..f24c270 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -2665,12 +2665,10 @@ This machine mainly acts as an external sync helper. It manages the following th :END: #+begin_src nix-ts :tangle hosts/nixos/moonside/default.nix - { lib, config, globals, ... }: + { lib, config, ... }: let - inherit (config.repo.secrets.common) workHostName; inherit (config.repo.secrets.local.syncthing) dev1 dev2 dev3 loc1; inherit (config.swarselsystems) sopsFile; - serviceDomain = config.repo.secrets.common.services.domains.syncthing3; in { imports = [ @@ -2693,15 +2691,6 @@ This machine mainly acts as an external sync helper. It manages the following th environment = { etc."issue".text = "\4"; - - persistence."/persist".directories = lib.mkIf config.swarselsystems.isImpermanence [ - { - directory = "/var/lib/syncthing"; - user = "syncthing"; - group = "syncthing"; - mode = "0700"; - } - ]; }; topology.self.interfaces.wg = { @@ -2748,122 +2737,50 @@ This machine mainly acts as an external sync helper. It manages the following th system.stateVersion = "23.11"; - globals.services."syncthing-${config.networking.hostName}".domain = serviceDomain; - - services = { - nginx = { - virtualHosts = { - ${serviceDomain} = { - enableACME = true; - forceSSL = true; - acmeRoot = null; - locations = { - "/" = { - proxyPass = "http://localhost:8384"; - extraConfig = '' - client_max_body_size 0; - ''; - }; - }; + services.syncthing = { + dataDir = lib.mkForce "/sync"; + settings = { + devices = config.swarselsystems.syncthing.devices // { + "${dev1}" = { + id = "OCCDGDF-IPZ6HHQ-5SSLQ3L-MSSL5ZW-IX5JTAM-PW4PYEK-BRNMJ7E-Q7YDMA7"; + }; + "${dev2}" = { + id = "LPCFIIB-ENUM2V6-F2BWVZ6-F2HXCL2-BSBZXUF-TIMNKYB-7CATP7H-YU5D3AH"; + }; + "${dev3}" = { + id = "LAUT2ZP-KEZY35H-AHR3ARD-URAREJI-2B22P5T-PIMUNWW-PQRDETU-7KIGNQR"; }; }; - }; - - syncthing = { - enable = true; - guiAddress = "0.0.0.0:8384"; - openDefaultPorts = true; - relay.enable = false; - settings = { - urAccepted = -1; - devices = { - "magicant" = { - id = "VMWGEE2-4HDS2QO-KNQOVGN-LXLX6LA-666E4EK-ZBRYRRO-XFEX6FB-6E3XLQO"; - }; - "winters" = { - id = "O7RWDMD-AEAHPP7-7TAVLKZ-BSWNBTU-2VA44MS-EYGUNBB-SLHKB3C-ZSLMOAA"; - }; - "${workHostName}" = { - id = "YAPV4BV-I26WPTN-SIP32MV-SQP5TBZ-3CHMTCI-Z3D6EP2-MNDQGLP-53FT3AB"; - }; - "${dev1}" = { - id = "OCCDGDF-IPZ6HHQ-5SSLQ3L-MSSL5ZW-IX5JTAM-PW4PYEK-BRNMJ7E-Q7YDMA7"; - }; - "${dev2}" = { - id = "LPCFIIB-ENUM2V6-F2BWVZ6-F2HXCL2-BSBZXUF-TIMNKYB-7CATP7H-YU5D3AH"; - }; - "${dev3}" = { - id = "LAUT2ZP-KEZY35H-AHR3ARD-URAREJI-2B22P5T-PIMUNWW-PQRDETU-7KIGNQR"; + folders = { + "Documents" = { + path = "/sync/Documents"; + type = "receiveonly"; + versioning = { + type = "simple"; + params.keep = "2"; }; + devices = [ "pyramid" ]; + id = "hgr3d-pfu3w"; }; - folders = { - "Default Folder" = lib.mkForce { - path = "/sync/Sync"; - type = "receiveonly"; - versioning = null; - devices = [ "winters" "magicant" "${workHostName}" ]; - id = "default"; + "runandbun" = { + path = "/sync/runandbun"; + type = "receiveonly"; + versioning = { + type = "simple"; + params.keep = "5"; }; - "Obsidian" = { - path = "/sync/Obsidian"; - type = "receiveonly"; - versioning = { - type = "simple"; - params.keep = "5"; - }; - devices = [ "winters" "magicant" "${workHostName}" ]; - id = "yjvni-9eaa7"; - }; - "Org" = { - path = "/sync/Org"; - type = "receiveonly"; - versioning = { - type = "simple"; - params.keep = "5"; - }; - devices = [ "winters" "magicant" "${workHostName}" ]; - id = "a7xnl-zjj3d"; - }; - "Vpn" = { - path = "/sync/Vpn"; - type = "receiveonly"; - versioning = { - type = "simple"; - params.keep = "5"; - }; - devices = [ "winters" "magicant" "${workHostName}" ]; - id = "hgp9s-fyq3p"; - }; - "Documents" = { - path = "/sync/Documents"; - type = "receiveonly"; - versioning = { - type = "simple"; - params.keep = "2"; - }; - devices = [ "winters" ]; - id = "hgr3d-pfu3w"; - }; - "runandbun" = { - path = "/sync/runandbun"; - type = "receiveonly"; - versioning = { - type = "simple"; - params.keep = "5"; - }; - devices = [ "winters" "magicant" ]; - id = "kwnql-ev64v"; - }; - "${loc1}" = { - path = "/sync/${loc1}"; - type = "receiveonly"; - versioning = { - type = "simple"; - params.keep = "3"; - }; - devices = [ dev1 dev2 dev3 ]; - id = "5gsxv-rzzst"; + devices = [ "winters" "magicant" ]; + id = "kwnql-ev64v"; + }; + "${loc1}" = { + path = "/sync/${loc1}"; + type = "receiveonly"; + versioning = { + type = "simple"; + params.keep = "3"; }; + devices = [ dev1 dev2 dev3 ]; + id = "5gsxv-rzzst"; }; }; }; @@ -2883,6 +2800,10 @@ This machine mainly acts as an external sync helper. It manages the following th isBtrfs = true; isNixos = true; isLinux = true; + syncthing = { + serviceDomain = config.repo.secrets.common.services.domains.syncthing3; + serviceIP = "localhost"; + }; }; } @@ -5189,6 +5110,7 @@ Here I disable global completion to prevent redundant compinit calls and cache i { lib, config, pkgs, ... }: let inherit (config.swarselsystems) mainUser homeDir; + devices = config.swarselsystems.syncthing.syncDevices; in { options.swarselmodules.syncthing = lib.mkEnableOption "syncthing config"; @@ -5206,39 +5128,26 @@ Here I disable global completion to prevent redundant compinit calls and cache i options = { urAccepted = -1; }; - devices = { - "magicant" = { - id = "VMWGEE2-4HDS2QO-KNQOVGN-LXLX6LA-666E4EK-ZBRYRRO-XFEX6FB-6E3XLQO"; - }; - "sync@oracle" = { - id = "ETW6TST-NPK7MKZ-M4LXMHA-QUPQHDT-VTSHH5X-CR5EIN2-YU7E55F-MGT7DQB"; - }; - "winters" = { - id = "O7RWDMD-AEAHPP7-7TAVLKZ-BSWNBTU-2VA44MS-EYGUNBB-SLHKB3C-ZSLMOAA"; - }; - "moonside@oracle" = { - id = "VPCDZB6-MGVGQZD-Q6DIZW3-IZJRJTO-TCC3QUQ-2BNTL7P-AKE7FBO-N55UNQE"; - }; - }; + inherit (config.swarselsystems.syncthing) devices; folders = { "Default Folder" = lib.mkDefault { path = "${homeDir}/Sync"; - devices = [ "sync@oracle" "magicant" "winters" "moonside@oracle" ]; + inherit devices; id = "default"; }; "Obsidian" = { path = "${homeDir}/Nextcloud/Obsidian"; - devices = [ "sync@oracle" "magicant" "winters" "moonside@oracle" ]; + inherit devices; id = "yjvni-9eaa7"; }; "Org" = { path = "${homeDir}/Nextcloud/Org"; - devices = [ "sync@oracle" "magicant" "winters" "moonside@oracle" ]; + inherit devices; id = "a7xnl-zjj3d"; }; "Vpn" = { path = "${homeDir}/Vpn"; - devices = [ "sync@oracle" "magicant" "winters" "moonside@oracle" ]; + inherit devices; id = "hgp9s-fyq3p"; }; }; @@ -7522,20 +7431,55 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml= :END: #+begin_src nix-ts :tangle modules/nixos/server/syncthing.nix - { lib, config, ... }: + { lib, config, configName, ... }: let - inherit (config.repo.secrets.common) workHostName; - servicePort = 8384; serviceUser = "syncthing"; serviceGroup = serviceUser; serviceName = "syncthing"; - serviceDomain = config.repo.secrets.common.services.domains.syncthing1; + specificServiceName = "syncthing-${configName}"; + inherit (config.swarselsystems.syncthing) serviceDomain; + inherit (config.swarselsystems.syncthing) serviceIP; cfg = config.services.${serviceName}; + devices = config.swarselsystems.syncthing.syncDevices; in { - options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + options = { + swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + + swarselsystems.syncthing = { + serviceDomain = lib.mkOption { + type = lib.types.str; + default = config.repo.secrets.common.services.domains.syncthing1; + }; + serviceIP = lib.mkOption { + type = lib.types.str; + default = "192.168.1.2"; + }; + syncDevices = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = [ "magicant" "winters" "pyramid" "moonside@oracle" ]; + }; + devices = lib.mkOption { + type = lib.types.attrs; + default = { + "magicant" = { + id = "VMWGEE2-4HDS2QO-KNQOVGN-LXLX6LA-666E4EK-ZBRYRRO-XFEX6FB-6E3XLQO"; + }; + "winters" = { + id = "O7RWDMD-AEAHPP7-7TAVLKZ-BSWNBTU-2VA44MS-EYGUNBB-SLHKB3C-ZSLMOAA"; + }; + "moonside@oracle" = { + id = "VPCDZB6-MGVGQZD-Q6DIZW3-IZJRJTO-TCC3QUQ-2BNTL7P-AKE7FBO-N55UNQE"; + }; + "pyramid" = { + id = "YAPV4BV-I26WPTN-SIP32MV-SQP5TBZ-3CHMTCI-Z3D6EP2-MNDQGLP-53FT3AB"; + }; + }; + }; + }; + }; config = lib.mkIf config.swarselmodules.server.${serviceName} { users.users.${serviceUser} = { @@ -7548,39 +7492,26 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml= networking.firewall.allowedTCPPorts = [ servicePort ]; - globals.services."${serviceName}-${config.networking.hostName}".domain = serviceDomain; + globals.services."${specificServiceName}".domain = serviceDomain; services.${serviceName} = rec { enable = true; user = serviceUser; group = serviceGroup; - dataDir = "/Vault/data/${serviceName}"; + dataDir = lib.mkDefault "/Vault/data/${serviceName}"; configDir = "${cfg.dataDir}/.config/${serviceName}"; guiAddress = "0.0.0.0:${builtins.toString servicePort}"; openDefaultPorts = true; # opens ports TCP/UDP 22000 and UDP 21027 for discovery relay.enable = false; settings = { urAccepted = -1; - devices = { - "magicant" = { - id = "VMWGEE2-4HDS2QO-KNQOVGN-LXLX6LA-666E4EK-ZBRYRRO-XFEX6FB-6E3XLQO"; - }; - "milkywell@oracle" = { - id = "ETW6TST-NPK7MKZ-M4LXMHA-QUPQHDT-VTSHH5X-CR5EIN2-YU7E55F-MGT7DQB"; - }; - "${workHostName}" = { - id = "YAPV4BV-I26WPTN-SIP32MV-SQP5TBZ-3CHMTCI-Z3D6EP2-MNDQGLP-53FT3AB"; - }; - "moonside@oracle" = { - id = "VPCDZB6-MGVGQZD-Q6DIZW3-IZJRJTO-TCC3QUQ-2BNTL7P-AKE7FBO-N55UNQE"; - }; - }; + inherit (config.swarselsystems.syncthing) devices; folders = { "Default Folder" = lib.mkForce { path = "${cfg.dataDir}/Sync"; type = "receiveonly"; versioning = null; - devices = [ "milkywell@oracle" "magicant" "${workHostName}" "moonside@oracle" ]; + inherit devices; id = "default"; }; "Obsidian" = { @@ -7590,7 +7521,7 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml= type = "simple"; params.keep = "5"; }; - devices = [ "milkywell@oracle" "magicant" "${workHostName}" "moonside@oracle" ]; + inherit devices; id = "yjvni-9eaa7"; }; "Org" = { @@ -7600,7 +7531,7 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml= type = "simple"; params.keep = "5"; }; - devices = [ "milkywell@oracle" "magicant" "${workHostName}" "moonside@oracle" ]; + inherit devices; id = "a7xnl-zjj3d"; }; "Vpn" = { @@ -7610,28 +7541,18 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml= type = "simple"; params.keep = "5"; }; - devices = [ "milkywell@oracle" "magicant" "${workHostName}" "moonside@oracle" ]; + inherit devices; id = "hgp9s-fyq3p"; }; - # "Documents" = { - # path = "${cfg.dataDir}/Documents"; - # type = "receiveonly"; - # versioning = { - # type = "simple"; - # params.keep = "5"; - # }; - # devices = [ "magicant" "${workHostName}" "moonside@oracle" ]; - # id = "hgr3d-pfu3w"; - # }; }; }; }; nodes.moonside.services.nginx = { upstreams = { - ${serviceName} = { + ${specificServiceName} = { servers = { - "192.168.1.2:${builtins.toString servicePort}" = { }; + "${serviceIP}:${builtins.toString servicePort}" = { }; }; }; }; @@ -7642,7 +7563,7 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml= acmeRoot = null; locations = { "/" = { - proxyPass = "http://${serviceName}"; + proxyPass = "http://${specificServiceName}"; extraConfig = '' client_max_body_size 0; ''; @@ -16693,6 +16614,7 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a microbin = lib.mkDefault true; shlink = lib.mkDefault true; slink = lib.mkDefault true; + syncthing = lib.mkDefault true; }; }; }; diff --git a/hosts/nixos/moonside/default.nix b/hosts/nixos/moonside/default.nix index 58e6284..cd14423 100644 --- a/hosts/nixos/moonside/default.nix +++ b/hosts/nixos/moonside/default.nix @@ -1,9 +1,7 @@ -{ lib, config, globals, ... }: +{ lib, config, ... }: let - inherit (config.repo.secrets.common) workHostName; inherit (config.repo.secrets.local.syncthing) dev1 dev2 dev3 loc1; inherit (config.swarselsystems) sopsFile; - serviceDomain = config.repo.secrets.common.services.domains.syncthing3; in { imports = [ @@ -26,15 +24,6 @@ in environment = { etc."issue".text = "\4"; - - persistence."/persist".directories = lib.mkIf config.swarselsystems.isImpermanence [ - { - directory = "/var/lib/syncthing"; - user = "syncthing"; - group = "syncthing"; - mode = "0700"; - } - ]; }; topology.self.interfaces.wg = { @@ -81,122 +70,50 @@ in system.stateVersion = "23.11"; - globals.services."syncthing-${config.networking.hostName}".domain = serviceDomain; - - services = { - nginx = { - virtualHosts = { - ${serviceDomain} = { - enableACME = true; - forceSSL = true; - acmeRoot = null; - locations = { - "/" = { - proxyPass = "http://localhost:8384"; - extraConfig = '' - client_max_body_size 0; - ''; - }; - }; + services.syncthing = { + dataDir = lib.mkForce "/sync"; + settings = { + devices = config.swarselsystems.syncthing.devices // { + "${dev1}" = { + id = "OCCDGDF-IPZ6HHQ-5SSLQ3L-MSSL5ZW-IX5JTAM-PW4PYEK-BRNMJ7E-Q7YDMA7"; + }; + "${dev2}" = { + id = "LPCFIIB-ENUM2V6-F2BWVZ6-F2HXCL2-BSBZXUF-TIMNKYB-7CATP7H-YU5D3AH"; + }; + "${dev3}" = { + id = "LAUT2ZP-KEZY35H-AHR3ARD-URAREJI-2B22P5T-PIMUNWW-PQRDETU-7KIGNQR"; }; }; - }; - - syncthing = { - enable = true; - guiAddress = "0.0.0.0:8384"; - openDefaultPorts = true; - relay.enable = false; - settings = { - urAccepted = -1; - devices = { - "magicant" = { - id = "VMWGEE2-4HDS2QO-KNQOVGN-LXLX6LA-666E4EK-ZBRYRRO-XFEX6FB-6E3XLQO"; - }; - "winters" = { - id = "O7RWDMD-AEAHPP7-7TAVLKZ-BSWNBTU-2VA44MS-EYGUNBB-SLHKB3C-ZSLMOAA"; - }; - "${workHostName}" = { - id = "YAPV4BV-I26WPTN-SIP32MV-SQP5TBZ-3CHMTCI-Z3D6EP2-MNDQGLP-53FT3AB"; - }; - "${dev1}" = { - id = "OCCDGDF-IPZ6HHQ-5SSLQ3L-MSSL5ZW-IX5JTAM-PW4PYEK-BRNMJ7E-Q7YDMA7"; - }; - "${dev2}" = { - id = "LPCFIIB-ENUM2V6-F2BWVZ6-F2HXCL2-BSBZXUF-TIMNKYB-7CATP7H-YU5D3AH"; - }; - "${dev3}" = { - id = "LAUT2ZP-KEZY35H-AHR3ARD-URAREJI-2B22P5T-PIMUNWW-PQRDETU-7KIGNQR"; + folders = { + "Documents" = { + path = "/sync/Documents"; + type = "receiveonly"; + versioning = { + type = "simple"; + params.keep = "2"; }; + devices = [ "pyramid" ]; + id = "hgr3d-pfu3w"; }; - folders = { - "Default Folder" = lib.mkForce { - path = "/sync/Sync"; - type = "receiveonly"; - versioning = null; - devices = [ "winters" "magicant" "${workHostName}" ]; - id = "default"; + "runandbun" = { + path = "/sync/runandbun"; + type = "receiveonly"; + versioning = { + type = "simple"; + params.keep = "5"; }; - "Obsidian" = { - path = "/sync/Obsidian"; - type = "receiveonly"; - versioning = { - type = "simple"; - params.keep = "5"; - }; - devices = [ "winters" "magicant" "${workHostName}" ]; - id = "yjvni-9eaa7"; - }; - "Org" = { - path = "/sync/Org"; - type = "receiveonly"; - versioning = { - type = "simple"; - params.keep = "5"; - }; - devices = [ "winters" "magicant" "${workHostName}" ]; - id = "a7xnl-zjj3d"; - }; - "Vpn" = { - path = "/sync/Vpn"; - type = "receiveonly"; - versioning = { - type = "simple"; - params.keep = "5"; - }; - devices = [ "winters" "magicant" "${workHostName}" ]; - id = "hgp9s-fyq3p"; - }; - "Documents" = { - path = "/sync/Documents"; - type = "receiveonly"; - versioning = { - type = "simple"; - params.keep = "2"; - }; - devices = [ "winters" ]; - id = "hgr3d-pfu3w"; - }; - "runandbun" = { - path = "/sync/runandbun"; - type = "receiveonly"; - versioning = { - type = "simple"; - params.keep = "5"; - }; - devices = [ "winters" "magicant" ]; - id = "kwnql-ev64v"; - }; - "${loc1}" = { - path = "/sync/${loc1}"; - type = "receiveonly"; - versioning = { - type = "simple"; - params.keep = "3"; - }; - devices = [ dev1 dev2 dev3 ]; - id = "5gsxv-rzzst"; + devices = [ "winters" "magicant" ]; + id = "kwnql-ev64v"; + }; + "${loc1}" = { + path = "/sync/${loc1}"; + type = "receiveonly"; + versioning = { + type = "simple"; + params.keep = "3"; }; + devices = [ dev1 dev2 dev3 ]; + id = "5gsxv-rzzst"; }; }; }; @@ -216,5 +133,9 @@ in isBtrfs = true; isNixos = true; isLinux = true; + syncthing = { + serviceDomain = config.repo.secrets.common.services.domains.syncthing3; + serviceIP = "localhost"; + }; }; } diff --git a/modules/nixos/client/syncthing.nix b/modules/nixos/client/syncthing.nix index 0e46751..d7ca383 100644 --- a/modules/nixos/client/syncthing.nix +++ b/modules/nixos/client/syncthing.nix @@ -1,6 +1,7 @@ { lib, config, pkgs, ... }: let inherit (config.swarselsystems) mainUser homeDir; + devices = config.swarselsystems.syncthing.syncDevices; in { options.swarselmodules.syncthing = lib.mkEnableOption "syncthing config"; @@ -18,39 +19,26 @@ in options = { urAccepted = -1; }; - devices = { - "magicant" = { - id = "VMWGEE2-4HDS2QO-KNQOVGN-LXLX6LA-666E4EK-ZBRYRRO-XFEX6FB-6E3XLQO"; - }; - "sync@oracle" = { - id = "ETW6TST-NPK7MKZ-M4LXMHA-QUPQHDT-VTSHH5X-CR5EIN2-YU7E55F-MGT7DQB"; - }; - "winters" = { - id = "O7RWDMD-AEAHPP7-7TAVLKZ-BSWNBTU-2VA44MS-EYGUNBB-SLHKB3C-ZSLMOAA"; - }; - "moonside@oracle" = { - id = "VPCDZB6-MGVGQZD-Q6DIZW3-IZJRJTO-TCC3QUQ-2BNTL7P-AKE7FBO-N55UNQE"; - }; - }; + inherit (config.swarselsystems.syncthing) devices; folders = { "Default Folder" = lib.mkDefault { path = "${homeDir}/Sync"; - devices = [ "sync@oracle" "magicant" "winters" "moonside@oracle" ]; + inherit devices; id = "default"; }; "Obsidian" = { path = "${homeDir}/Nextcloud/Obsidian"; - devices = [ "sync@oracle" "magicant" "winters" "moonside@oracle" ]; + inherit devices; id = "yjvni-9eaa7"; }; "Org" = { path = "${homeDir}/Nextcloud/Org"; - devices = [ "sync@oracle" "magicant" "winters" "moonside@oracle" ]; + inherit devices; id = "a7xnl-zjj3d"; }; "Vpn" = { path = "${homeDir}/Vpn"; - devices = [ "sync@oracle" "magicant" "winters" "moonside@oracle" ]; + inherit devices; id = "hgp9s-fyq3p"; }; }; diff --git a/modules/nixos/server/syncthing.nix b/modules/nixos/server/syncthing.nix index 26128a2..4bde68b 100644 --- a/modules/nixos/server/syncthing.nix +++ b/modules/nixos/server/syncthing.nix @@ -1,17 +1,52 @@ -{ lib, config, ... }: +{ lib, config, configName, ... }: let - inherit (config.repo.secrets.common) workHostName; - servicePort = 8384; serviceUser = "syncthing"; serviceGroup = serviceUser; serviceName = "syncthing"; - serviceDomain = config.repo.secrets.common.services.domains.syncthing1; + specificServiceName = "syncthing-${configName}"; + inherit (config.swarselsystems.syncthing) serviceDomain; + inherit (config.swarselsystems.syncthing) serviceIP; cfg = config.services.${serviceName}; + devices = config.swarselsystems.syncthing.syncDevices; in { - options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + options = { + swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; + + swarselsystems.syncthing = { + serviceDomain = lib.mkOption { + type = lib.types.str; + default = config.repo.secrets.common.services.domains.syncthing1; + }; + serviceIP = lib.mkOption { + type = lib.types.str; + default = "192.168.1.2"; + }; + syncDevices = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = [ "magicant" "winters" "pyramid" "moonside@oracle" ]; + }; + devices = lib.mkOption { + type = lib.types.attrs; + default = { + "magicant" = { + id = "VMWGEE2-4HDS2QO-KNQOVGN-LXLX6LA-666E4EK-ZBRYRRO-XFEX6FB-6E3XLQO"; + }; + "winters" = { + id = "O7RWDMD-AEAHPP7-7TAVLKZ-BSWNBTU-2VA44MS-EYGUNBB-SLHKB3C-ZSLMOAA"; + }; + "moonside@oracle" = { + id = "VPCDZB6-MGVGQZD-Q6DIZW3-IZJRJTO-TCC3QUQ-2BNTL7P-AKE7FBO-N55UNQE"; + }; + "pyramid" = { + id = "YAPV4BV-I26WPTN-SIP32MV-SQP5TBZ-3CHMTCI-Z3D6EP2-MNDQGLP-53FT3AB"; + }; + }; + }; + }; + }; config = lib.mkIf config.swarselmodules.server.${serviceName} { users.users.${serviceUser} = { @@ -24,39 +59,26 @@ in networking.firewall.allowedTCPPorts = [ servicePort ]; - globals.services."${serviceName}-${config.networking.hostName}".domain = serviceDomain; + globals.services."${specificServiceName}".domain = serviceDomain; services.${serviceName} = rec { enable = true; user = serviceUser; group = serviceGroup; - dataDir = "/Vault/data/${serviceName}"; + dataDir = lib.mkDefault "/Vault/data/${serviceName}"; configDir = "${cfg.dataDir}/.config/${serviceName}"; guiAddress = "0.0.0.0:${builtins.toString servicePort}"; openDefaultPorts = true; # opens ports TCP/UDP 22000 and UDP 21027 for discovery relay.enable = false; settings = { urAccepted = -1; - devices = { - "magicant" = { - id = "VMWGEE2-4HDS2QO-KNQOVGN-LXLX6LA-666E4EK-ZBRYRRO-XFEX6FB-6E3XLQO"; - }; - "milkywell@oracle" = { - id = "ETW6TST-NPK7MKZ-M4LXMHA-QUPQHDT-VTSHH5X-CR5EIN2-YU7E55F-MGT7DQB"; - }; - "${workHostName}" = { - id = "YAPV4BV-I26WPTN-SIP32MV-SQP5TBZ-3CHMTCI-Z3D6EP2-MNDQGLP-53FT3AB"; - }; - "moonside@oracle" = { - id = "VPCDZB6-MGVGQZD-Q6DIZW3-IZJRJTO-TCC3QUQ-2BNTL7P-AKE7FBO-N55UNQE"; - }; - }; + inherit (config.swarselsystems.syncthing) devices; folders = { "Default Folder" = lib.mkForce { path = "${cfg.dataDir}/Sync"; type = "receiveonly"; versioning = null; - devices = [ "milkywell@oracle" "magicant" "${workHostName}" "moonside@oracle" ]; + inherit devices; id = "default"; }; "Obsidian" = { @@ -66,7 +88,7 @@ in type = "simple"; params.keep = "5"; }; - devices = [ "milkywell@oracle" "magicant" "${workHostName}" "moonside@oracle" ]; + inherit devices; id = "yjvni-9eaa7"; }; "Org" = { @@ -76,7 +98,7 @@ in type = "simple"; params.keep = "5"; }; - devices = [ "milkywell@oracle" "magicant" "${workHostName}" "moonside@oracle" ]; + inherit devices; id = "a7xnl-zjj3d"; }; "Vpn" = { @@ -86,28 +108,18 @@ in type = "simple"; params.keep = "5"; }; - devices = [ "milkywell@oracle" "magicant" "${workHostName}" "moonside@oracle" ]; + inherit devices; id = "hgp9s-fyq3p"; }; - # "Documents" = { - # path = "${cfg.dataDir}/Documents"; - # type = "receiveonly"; - # versioning = { - # type = "simple"; - # params.keep = "5"; - # }; - # devices = [ "magicant" "${workHostName}" "moonside@oracle" ]; - # id = "hgr3d-pfu3w"; - # }; }; }; }; nodes.moonside.services.nginx = { upstreams = { - ${serviceName} = { + ${specificServiceName} = { servers = { - "192.168.1.2:${builtins.toString servicePort}" = { }; + "${serviceIP}:${builtins.toString servicePort}" = { }; }; }; }; @@ -118,7 +130,7 @@ in acmeRoot = null; locations = { "/" = { - proxyPass = "http://${serviceName}"; + proxyPass = "http://${specificServiceName}"; extraConfig = '' client_max_body_size 0; ''; diff --git a/profiles/nixos/moonside/default.nix b/profiles/nixos/moonside/default.nix index e678778..d365d4c 100644 --- a/profiles/nixos/moonside/default.nix +++ b/profiles/nixos/moonside/default.nix @@ -21,6 +21,7 @@ microbin = lib.mkDefault true; shlink = lib.mkDefault true; slink = lib.mkDefault true; + syncthing = lib.mkDefault true; }; }; };