Commit 5ff453b4dc8d
Changed files (8)
modules
services
profiles
machine/carthage.nix
@@ -22,6 +22,7 @@
programs.podman.enable = true;
+ services.syncthing-edge.guiAddress = with import ../assets/machines.nix; "${wireguard.ips.carthage}:8384";
services.wireguard = with import ../assets/machines.nix; {
enable = true;
ips = [ "${wireguard.ips.carthage}/24" ];
machine/hokkaido.nix
@@ -48,6 +48,7 @@
sha256 = "127893l1nzqya0g68k8841g5lm3hlnx7b3b3h06axvplc54a1jd8";
};
+ services.syncthing-edge.guiAddress = with import ../assets/machines.nix; "${wireguard.ips.hokkaido}:8384";
services.wireguard = with import ../assets/wireguard.nix; {
enable = true;
ips = [ "${ips.hokkaido}/24" ];
machine/honshu.nix
@@ -18,6 +18,8 @@
services = {
logind.extraConfig = "HandleLidSwitch=ignore";
};
+
+ services.syncthing-edge.guiAddress = with import ../assets/machines.nix; "${wireguard.ips.honshu}:8384";
services.wireguard = with import ../assets/wireguard.nix; {
enable = true;
ips = [ "${ips.honshu}/24" ];
machine/shikoku.nix
@@ -57,7 +57,8 @@
enable = true;
};
- services.wireguard = with import ../assets/machines.nix; {
+ services.syncthing-edge.guiAddress = with import ../assets/machines.nix; "${wireguard.ips.shikoku}:8384";
+ services.wireguard = with import ../assets/machines.nix; {
enable = true;
ips = [ "${wireguard.ips.shikoku}/24" ];
endpoint = wg.endpointIP;
machine/wakasu.nix
@@ -60,6 +60,7 @@
enable = true;
};
+ services.syncthing-edge.guiAddress = with import ../assets/machines.nix; "${wireguard.ips.wakasu}:8384";
services.wireguard = with import ../assets/machines.nix; {
enable = true;
ips = [ "${wireguard.ips.wakasu}/24" ];
modules/services/syncthing.nix
@@ -0,0 +1,169 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+ cfg = config.services.syncthing-edge;
+ defaultUser = "syncthing";
+in {
+ ###### interface
+ options = {
+ services.syncthing-edge = {
+
+ enable = mkEnableOption ''
+ Syncthing - the self-hosted open-source alternative
+ to Dropbox and Bittorrent Sync. Initial interface will be
+ available on http://127.0.0.1:8384/.
+ '';
+
+ guiAddress = mkOption {
+ type = types.str;
+ default = "127.0.0.1:8384";
+ description = ''
+ Address to serve the GUI.
+ '';
+ };
+
+ systemService = mkOption {
+ type = types.bool;
+ default = true;
+ description = "Auto launch Syncthing as a system service.";
+ };
+
+ user = mkOption {
+ type = types.str;
+ default = defaultUser;
+ description = ''
+ Syncthing will be run under this user (user will be created if it doesn't exist.
+ This can be your user name).
+ '';
+ };
+
+ group = mkOption {
+ type = types.str;
+ default = "nogroup";
+ description = ''
+ Syncthing will be run under this group (group will not be created if it doesn't exist.
+ This can be your user name).
+ '';
+ };
+
+ all_proxy = mkOption {
+ type = with types; nullOr str;
+ default = null;
+ example = "socks5://address.com:1234";
+ description = ''
+ Overwrites all_proxy environment variable for the syncthing process to
+ the given value. This is normaly used to let relay client connect
+ through SOCKS5 proxy server.
+ '';
+ };
+
+ dataDir = mkOption {
+ type = types.path;
+ default = "/var/lib/syncthing";
+ description = ''
+ Path where synced directories will exist.
+ '';
+ };
+
+ configDir = mkOption {
+ type = types.path;
+ description = ''
+ Path where the settings and keys will exist.
+ '';
+ default =
+ let
+ nixos = config.system.stateVersion;
+ cond = versionAtLeast nixos "19.03";
+ in cfg.dataDir + (optionalString cond "/.config/syncthing");
+ };
+
+ openDefaultPorts = mkOption {
+ type = types.bool;
+ default = false;
+ example = literalExample "true";
+ description = ''
+ Open the default ports in the firewall:
+ - TCP 22000 for transfers
+ - UDP 21027 for discovery
+ If multiple users are running syncthing on this machine, you will need to manually open a set of ports for each instance and leave this disabled.
+ Alternatively, if are running only a single instance on this machine using the default ports, enable this.
+ '';
+ };
+
+ package = mkOption {
+ type = types.package;
+ default = pkgs.syncthing;
+ defaultText = "pkgs.syncthing";
+ example = literalExample "pkgs.syncthing";
+ description = ''
+ Syncthing package to use.
+ '';
+ };
+ };
+ };
+
+ imports = [
+ (mkRemovedOptionModule ["services" "syncthing" "useInotify"] ''
+ This option was removed because syncthing now has the inotify functionality included under the name "fswatcher".
+ It can be enabled on a per-folder basis through the webinterface.
+ '')
+ ];
+
+ ###### implementation
+
+ config = mkIf cfg.enable {
+
+ networking.firewall = mkIf cfg.openDefaultPorts {
+ allowedTCPPorts = [ 22000 ];
+ allowedUDPPorts = [ 21027 ];
+ };
+
+ systemd.packages = [ pkgs.syncthing ];
+
+ users = mkIf (cfg.user == defaultUser) {
+ users."${defaultUser}" =
+ { group = cfg.group;
+ home = cfg.dataDir;
+ createHome = true;
+ uid = config.ids.uids.syncthing;
+ description = "Syncthing daemon user";
+ };
+
+ groups."${defaultUser}".gid =
+ config.ids.gids.syncthing;
+ };
+
+ systemd.services = {
+ syncthing = mkIf cfg.systemService {
+ description = "Syncthing service";
+ after = [ "network.target" ];
+ environment = {
+ STNORESTART = "yes";
+ STNOUPGRADE = "yes";
+ inherit (cfg) all_proxy;
+ } // config.networking.proxy.envVars;
+ wantedBy = [ "multi-user.target" ];
+ serviceConfig = {
+ Restart = "on-failure";
+ SuccessExitStatus = "2 3 4";
+ RestartForceExitStatus="3 4";
+ User = cfg.user;
+ Group = cfg.group;
+ PermissionsStartOnly = true;
+ ExecStart = ''
+ ${cfg.package}/bin/syncthing \
+ -no-browser \
+ -gui-address=${cfg.guiAddress} \
+ -home=${cfg.configDir}
+ '';
+ };
+ };
+
+ syncthing-resume = {
+ wantedBy = [ "suspend.target" ];
+ };
+ };
+ };
+}
modules/module-list.nix
@@ -6,6 +6,7 @@
#./profiles/desktop.nix
#./profiles/laptop.nix
./programs/podman.nix
+ ./services/syncthing.nix
./services/wireguard.client.nix
./virtualisation/buildkit.nix
./virtualisation/containerd.nix
profiles/syncthing.nix
@@ -1,7 +1,7 @@
{ config, pkgs, ... }:
{
- services.syncthing = {
+ services.syncthing-edge = {
enable = true;
user = "vincent";
dataDir = "/home/vincent/.syncthing";