57 lines
1.8 KiB
Nix
57 lines
1.8 KiB
Nix
{ username, hostname, deployment_type, ... }: {
|
|
# Set up the secrets file:
|
|
sops.secrets."syncthing_cert" = {
|
|
owner = "root";
|
|
sopsFile = ../../../secrets/${deployment_type}/${hostname}.yaml;
|
|
restartUnits = [ "syncthing.service" ];
|
|
};
|
|
sops.secrets."syncthing_key" = {
|
|
owner = "root";
|
|
sopsFile = ../../../secrets/${deployment_type}/${hostname}.yaml;
|
|
restartUnits = [ "syncthing.service" ];
|
|
};
|
|
|
|
networking.firewall.interfaces.tailscale0 = {
|
|
allowedTCPPorts = [ 8384 22000 ];
|
|
allowedUDPPorts = [ 22000 21027 ];
|
|
};
|
|
|
|
services.syncthing = {
|
|
enable = true;
|
|
cert = "/run/secrets/syncthing_cert";
|
|
key = "/run/secrets/syncthing_key";
|
|
user = "${username}";
|
|
configDir = "/home/${username}/.config/syncthing";
|
|
overrideDevices = true;
|
|
overrideFolders = true;
|
|
settings = {
|
|
options = {
|
|
urAccepted = -1;
|
|
localAnnounceEnabled = true;
|
|
relaysEnabled = true;
|
|
};
|
|
devices = {
|
|
"framework-server" = { # The docker container, not the host
|
|
autoAcceptFolders = true;
|
|
id = "ULRNA7N-Q7WTZR3-PDQW52W-IWT4UOG-ABF5RCT-W6XJXOW-WQTJIWR-GBFUJQR";
|
|
};
|
|
"nixos-framework" = {
|
|
autoAcceptFolders = true;
|
|
id = "TT3EHRG-U6MMJUC-S3UPF2F-TRUMBPI-TC37RMI-BQ7TT5W-N7DIIWK-653TFAU";
|
|
};
|
|
"nixos-desktop" = {
|
|
autoAcceptFolders = true;
|
|
id = "5VWSC5F-UKNQK7L-5XDJORY-SJXJUFC-D5QCNYX-YPQBJ4J-AFSVHWY-CXO3MQT";
|
|
};
|
|
"rdesktop" = {
|
|
autoAcceptFolders = true;
|
|
id = "VJH2YXUG-Y2QTRZ5-Q2XEKLU-7MVETXQ-WRWDDLD-D4PCJ47-T4KVVNV-XXC6PA";
|
|
};
|
|
"google-pixel-8" = {
|
|
autoAcceptFolders = true;
|
|
id = "FGWD6B2-4IK3L3Y-5KOCH4H-HCS3HSG-3BTORHM-D643M36-ZHDU4OZ-DEAVKQZ";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|