{ lib, username, hostname, deployment_type, desktop, ... }: {
imports = [ ] ++ lib.optional (builtins.isString desktop) ./syncthing-desktop.nix;
# Set up the secrets file:
sops.secrets."syncthing_cert" = {
owner = "root";
sopsFile = ../../../secrets/${deployment_type}/${hostname}.yaml;
restartUnits = [ "syncthing.service" ];
};
sops.secrets."syncthing_key" = {
owner = "root";
sopsFile = ../../../secrets/${deployment_type}/${hostname}.yaml;
restartUnits = [ "syncthing.service" ];
};
networking.firewall.interfaces.tailscale0 = {
allowedTCPPorts = [ 8384 22000 ];
allowedUDPPorts = [ 22000 21027 ];
};
services.syncthing = {
enable = true;
guiAddress = "0.0.0.0:8384";
cert = "/run/secrets/syncthing_cert";
key = "/run/secrets/syncthing_key";
user = "${username}";
configDir = "/home/${username}/.config/syncthing";
overrideDevices = true;
overrideFolders = true;
settings = {
options = {
urAccepted = -1;
localAnnounceEnabled = true;
relaysEnabled = false;
};
devices = {
"framework-server" = { # The docker container, not the host
autoAcceptFolders = true;
id = "ULRNA7N-Q7WTZR3-PDQW52W-IWT4UOG-ABF5RCT-W6XJXOW-WQTJIWR-GBFUJQR";
};
"nixos-framework" = {
autoAcceptFolders = true;
id = "TT3EHRG-U6MMJUC-S3UPF2F-TRUMBPI-TC37RMI-BQ7TT5W-N7DIIWK-653TFAU";
};
"nixos-desktop" = {
autoAcceptFolders = true;
id = "5VWSC5F-UKNQK7L-5XDJORY-SJXJUFC-D5QCNYX-YPQBJ4J-AFSVHWY-CXO3MQT";
};
"rdesktop" = {
autoAcceptFolders = true;
id = "VJH2YXUG-Y2QTRZ5-Q2XEKLU-7MVETXQ-WRWDDLD-D4PCJ47-T4KVVNV-XXC6PA";
};
"google-pixel-8" = {
autoAcceptFolders = true;
id = "6YCQMCP-IABOYJV-E25ABBO-MTVKNMT-JHD5BN2-B25OSMA-JDYEVLN-SJ66LA2";
};
};
folders = {
"logseq" = {
id = "logseq";
path = "/home/${username}/.logseq";
versioning.type = "trashcan";
devices = [ "framework-server" "nixos-desktop" "nixos-framework" "rdesktop" "google-pixel-8" ];
};
};
};
};
}