{ lib, username, hostname, deployment_type, desktop, ... }: { imports = [ ] ++ lib.optional (builtins.isString desktop) ./syncthing-desktop.nix; # Set up the secrets file: sops.secrets."syncthing_cert" = { owner = "root"; sopsFile = ../../../secrets/${deployment_type}/${hostname}.yaml; restartUnits = [ "syncthing.service" ]; }; sops.secrets."syncthing_key" = { owner = "root"; sopsFile = ../../../secrets/${deployment_type}/${hostname}.yaml; restartUnits = [ "syncthing.service" ]; }; networking.firewall.interfaces.tailscale0 = { allowedTCPPorts = [ 8384 22000 ]; allowedUDPPorts = [ 22000 21027 ]; }; services.syncthing = { enable = true; guiAddress = "0.0.0.0:8384"; cert = "/run/secrets/syncthing_cert"; key = "/run/secrets/syncthing_key"; user = "${username}"; configDir = "/home/${username}/.config/syncthing"; overrideDevices = true; overrideFolders = true; settings = { options = { urAccepted = -1; localAnnounceEnabled = true; relaysEnabled = false; }; devices = { "framework-server" = { # The docker container, not the host autoAcceptFolders = true; id = "ULRNA7N-Q7WTZR3-PDQW52W-IWT4UOG-ABF5RCT-W6XJXOW-WQTJIWR-GBFUJQR"; }; "nixos-framework" = { autoAcceptFolders = true; id = "TT3EHRG-U6MMJUC-S3UPF2F-TRUMBPI-TC37RMI-BQ7TT5W-N7DIIWK-653TFAU"; }; "nixos-desktop" = { autoAcceptFolders = true; id = "5VWSC5F-UKNQK7L-5XDJORY-SJXJUFC-D5QCNYX-YPQBJ4J-AFSVHWY-CXO3MQT"; }; "rdesktop" = { autoAcceptFolders = true; id = "VJH2YXUG-Y2QTRZ5-Q2XEKLU-7MVETXQ-WRWDDLD-D4PCJ47-T4KVVNV-XXC6PA"; }; "google-pixel-8" = { autoAcceptFolders = true; id = "6YCQMCP-IABOYJV-E25ABBO-MTVKNMT-JHD5BN2-B25OSMA-JDYEVLN-SJ66LA2"; }; }; folders = { "logseq" = { id = "logseq"; path = "/home/${username}/.logseq"; versioning.type = "trashcan"; devices = [ "framework-server" "nixos-desktop" "nixos-framework" "rdesktop" "google-pixel-8" ]; }; }; }; }; }