From 5cad49555ee7897ca6bfe5d040bfd86f7501ad72 Mon Sep 17 00:00:00 2001 From: Sweetbread Date: Tue, 17 Dec 2024 14:22:31 +0300 Subject: [PATCH] pkgs: Syncthing --- home-manager/modules/bundle.nix | 1 - home-manager/modules/syncthing.nix | 3 -- home-manager/users/sweetbread/home.nix | 2 -- nixos/hosts/Rias/configuration.nix | 1 + nixos/hosts/Rias/modules/syncthing.nix | 37 +++++++++++++++++++++ nixos/hosts/Rias/secrets/secrets.nix | 17 ++++++++-- nixos/hosts/Rias/secrets/syncthing_cert.pem | 20 +++++++++++ nixos/hosts/Rias/secrets/syncthing_key.pem | 20 +++++++++++ 8 files changed, 92 insertions(+), 9 deletions(-) delete mode 100644 home-manager/modules/syncthing.nix create mode 100644 nixos/hosts/Rias/modules/syncthing.nix create mode 100644 nixos/hosts/Rias/secrets/syncthing_cert.pem create mode 100644 nixos/hosts/Rias/secrets/syncthing_key.pem diff --git a/home-manager/modules/bundle.nix b/home-manager/modules/bundle.nix index 4e927ef..27afbc9 100644 --- a/home-manager/modules/bundle.nix +++ b/home-manager/modules/bundle.nix @@ -4,7 +4,6 @@ ./qt.nix ./sops.nix ./neofetch.nix - ./syncthing.nix ./yazi.nix ./ags.nix ./zsh.nix diff --git a/home-manager/modules/syncthing.nix b/home-manager/modules/syncthing.nix deleted file mode 100644 index dc42718..0000000 --- a/home-manager/modules/syncthing.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ - services.syncthing.enable = true; -} diff --git a/home-manager/users/sweetbread/home.nix b/home-manager/users/sweetbread/home.nix index be2335c..30c3f1c 100644 --- a/home-manager/users/sweetbread/home.nix +++ b/home-manager/users/sweetbread/home.nix @@ -21,6 +21,4 @@ homeDirectory = "/home/sweetbread"; stateVersion = "23.11"; }; - - services.syncthing.enable = true; } diff --git a/nixos/hosts/Rias/configuration.nix b/nixos/hosts/Rias/configuration.nix index 2eb2e5b..a3c6854 100644 --- a/nixos/hosts/Rias/configuration.nix +++ b/nixos/hosts/Rias/configuration.nix @@ -3,6 +3,7 @@ ./hardware-configuration.nix ./secrets/secrets.nix ./modules/grub.nix + ./modules/syncthing.nix ../../packages.nix ../../modules/bundle.nix ../../modules/adb.nix diff --git a/nixos/hosts/Rias/modules/syncthing.nix b/nixos/hosts/Rias/modules/syncthing.nix new file mode 100644 index 0000000..b94e497 --- /dev/null +++ b/nixos/hosts/Rias/modules/syncthing.nix @@ -0,0 +1,37 @@ +{ config, ... }: { + services.syncthing = { + enable = true; + openDefaultPorts = true; + + user = "sweetbread"; + dataDir = "/home/sweetbread/.config/syncthing"; + + key = config.sops.secrets.syncthing_key.path; + cert = config.sops.secrets.syncthing_cert.path; + + settings = { + devices = { + Akeno = { id = "YVFVE2M-GSCKJBJ-AMC5JM3-AOMCVNP-RLFAWEZ-35VP4HP-DGP5QD2-6QWEZQW"; }; + }; + + folders = { + "Books" = { + path = "/mnt/D/SyncThing/Books"; + devices = [ "Akeno" ]; + }; + + ".RPI" = { + path = "/mnt/D/SyncThing/.RPI"; + devices = [ "Akeno" ]; + }; + + "Music" = { + path = "/home/sweetbread/Music"; + devices = [ "Akeno" ]; + }; + }; + }; + }; + + systemd.services.syncthing.environment.STNODEFAULTFOLDER = "true"; +} diff --git a/nixos/hosts/Rias/secrets/secrets.nix b/nixos/hosts/Rias/secrets/secrets.nix index 755c131..a878a66 100644 --- a/nixos/hosts/Rias/secrets/secrets.nix +++ b/nixos/hosts/Rias/secrets/secrets.nix @@ -1,9 +1,20 @@ { sops = { age.keyFile = "/root/age.key"; - secrets.vpn_bolt = { - format = "binary"; - sopsFile = ./vpn_bolt.db; + secrets = { + vpn_bolt = { + format = "binary"; + sopsFile = ./vpn_bolt.db; + }; + + syncthing_cert = { + format = "binary"; + sopsFile = ./syncthing_cert.pem; + }; + syncthing_key = { + format = "binary"; + sopsFile = ./syncthing_key.pem; + }; }; }; } diff --git a/nixos/hosts/Rias/secrets/syncthing_cert.pem b/nixos/hosts/Rias/secrets/syncthing_cert.pem new file mode 100644 index 0000000..8fd3a22 --- /dev/null +++ b/nixos/hosts/Rias/secrets/syncthing_cert.pem @@ -0,0 +1,20 @@ +{ + "data": "ENC[AES256_GCM,data:FrQVoWDaUZUh8OfSjJ4f1TsPutY6PyMTIPYgWfG1wg/t8orJC52QsoZEabj46tIcLDSJaGSETf3lvCXnmesFAeqUuMK4axAcqPSBRd+kSoCSg/KzHdkQD5C4JiYWUWdIdvMYMUz086mFiHSyyzvbPYCAKrWYtQsQcJPEYmuvQl/0vFPjquR9Mla+/89MXebWBSGys43PKzQUfWjgrLmR7v2ac7lbRxnhBNP/eGayM4auzZVCtLV0UBs3TS5GTPSKAcQeAmmHbzdRJg8vVM1deKv9s/Tjy3ygRthqjCuVF2xcLetb2SDhYKMcgZRXT+AtnEyiV72wxqaExtWsUjJvR8b7COsFpBWbXT+AY+FkSKaGz00DaXncBKSP/zmiUYyaMplvQESFlIpduzF/DRuyQrq+KAwnJZql0rlvfzcEYgQKJENeQwHAq8Itu+HcHzmCEbY4d+LvEznEwlQ6eL6y3tNzoWzfhRQUz4Ki+54DPLGlGtOe9dTM8cWHtl/mZniNzY6FXNiEqbHrepzq7WEXSPi69Hj2OfdvSTQX4HMnp5Tw0i95zhfHDmzp62Kr6YLj0KYZsj6gsC3/6SYB0YNn5pMo1IpBonJxyKeAUz9NvrMcy1/7z/h9OOejPPM3xm48XJ4/7mMhOyB13VPYMZZMUajqUgu2qdGgDxl+DY140LAoQ8bRs3wvTwCwZuCA9Fj4gtn4+04EIil+lPjwEYH/2VIX4MmhxlyxZ2ECAqWf9LJgRy+3asvE8qPxmXNLSd1JqThAYoezJOZf6T5blzOwaXKzmom1hAtkptVjz+fvudwSZQcMOBnrSI1lkWeaeTFvQQOe4jUhaRB83NfbSpm6CFhqHJKjDorP6L5zwOx663YyJcZB2sAcotKGzDi3lQqfh8HGmrGLnc1+J+d9L7NbccgsfWYzfk04tqwv6WI+rpXqR0HlLyg+SDjtl49tuC1c6U9atNKPpyuqWHW2DiM8dgERmJfNz8OGjK2mnU7onGeUyrBvXrIcfe+z/fuymzJ5eHnU3VfMxz9Py97AK7M7KN/tRhR7Grx6Sqs=,iv:imkydsFKhiTrqyi1rXidCLCDGtL8RuY6ZiiiHyMFeAg=,tag:HwvqV4xt0nQZb1El+XrO+w==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age1j3uuyax673fvl5x4dveupq3dylngnrq0e5uy7fmclsexkfd25vysk646wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5TGk2MWdnZzc3UVZ2Ui9w\nVWgxcFJDUThhM0pDbVR1ZXd6U3BhLzM0U1ZNClJpaHlCdU9mTURKSzdSbE52SFR6\ncUdzVkJ2MElNUHg3UzJHc0tNb3dJamMKLS0tIGErZXJGOXFLUCt1SG93aW01aEEw\nTmNiN1VUUUp2TWlKTlpDWDVwVUk2VjgKpUD72/hlXLEzciW/kewu0hZanGA8+Gfh\ndCro8OOJaOe2INCrioOL9kMZvdpxq96fw+kir1FkkJBkepJgcdCTgA==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2024-12-17T12:28:22Z", + "mac": "ENC[AES256_GCM,data:n4Bj/FaPaN+IyVXz8Bmu+tfuULxcJpDnAiYhGawMhbfFCL2tGFVi7G0WdnopdSrZV++9iZnb4z5a/al1WbmIIy/iJS7v2EKNzK08U9xdJDKgEQKXJms/df13f/FRDxV3nfCHX8UBtSJNdcXBY5O77o+VUUcjkpbzVrwWjAaMcOk=,iv:5z25Ereng1O47fk8w4OA52Gk4CAqW2Ot97Cp7UR0zqw=,tag:h9WL5ESZwd9BCa7bbUahOg==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.9.1" + } +} \ No newline at end of file diff --git a/nixos/hosts/Rias/secrets/syncthing_key.pem b/nixos/hosts/Rias/secrets/syncthing_key.pem new file mode 100644 index 0000000..c89b28e --- /dev/null +++ b/nixos/hosts/Rias/secrets/syncthing_key.pem @@ -0,0 +1,20 @@ +{ + "data": "ENC[AES256_GCM,data:6VJ1TgANh3bVkWEsPFQYFLjdrbsggQ3mCOpLWIo7Q9hCxsUeI0sL4npsXAVoEfTndWkv1zBgzVjzw+KcY8IDu27uTwguPrPk/R0T1aAa1Y8LEoOVmqZVw6GxiiqEYVcbOERkSi3kFSocynzFljDAqPnaYUVoAkB9mFPtO5KeXMjKXMtkJhcFjPkIzLzcHHBEeVUynn4utQaKspj6xVWc+NX/+G+Oh4kfm4RJyD/v5WEWQh2bFtiVwLhgRNiw210SuFZJqst8SoAXjG3LivpAJXapnn1xC3t8Vn4RXHC+JVl/7amDkGY+GOK+k68ou0TS+dWMAEZhiVWsOToeb4C5wPbvDADNRFx78HORsKprAcPgOvYkvaDX+A242KVz4w9j,iv:uD6GkozkTM4mP0jfQ9+oNN4o/kMiscYbggF0Lgum3Wk=,tag:CHO2KBgWnRQ9zvYC4br38A==,type:str]", + "sops": { + "kms": null, + "gcp_kms": null, + "azure_kv": null, + "hc_vault": null, + "age": [ + { + "recipient": "age1j3uuyax673fvl5x4dveupq3dylngnrq0e5uy7fmclsexkfd25vysk646wk", + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3di9JS0g0cUFxK1cwSkU3\nTmdHRW5NTjQzWWtSR2xYUnlEOG1va3BhY3k0CnRrZkRydGQ0SkczVTB0TkRDejVt\nS0NweDBuNDErNUVjazRTQ1RFYks4NWcKLS0tIGRPL1Z1aWNyS0FBSnZhZWFCWHBS\nVzhLYUdkNWhyVEx2aGtuWGZHM3J2Uk0KrZsGNRPlUB02xJvNeD3VFbRIVAL8bnei\nxS/mwnx6V2o+yJX7RHEj7D466L6zzm0CtDaz7PT4vyJxDBjpRuMBhg==\n-----END AGE ENCRYPTED FILE-----\n" + } + ], + "lastmodified": "2024-12-17T12:28:38Z", + "mac": "ENC[AES256_GCM,data:g/WhHfiukviJDExEsVFo4JOkVayeZEZpexmEvUn2IOGQ13qTD1rVakR/0cF/XowxsiCBwicn5Fc5FRFe696MBzIyetNNt75jWKC/tasWGk5khrQI6Jwj3kt1nmsQmdahQ4shmjfiLmeELy8fGBe7ASCvu+gZCEfg8OaZRRxmh/E=,iv:S1FlplJsJcsv4Cm8AOYfW15rFE7a5bcUBej7hp6tnNI=,tag:AdgkSbl5ikGnpvG9Z4D9Sg==,type:str]", + "pgp": null, + "unencrypted_suffix": "_unencrypted", + "version": "3.9.1" + } +} \ No newline at end of file