nix/nixos/common/services/syncthing.nix

{ config, lib, username, deployment_type, desktop, ... }: let 
  all_devices = [  
    "framework-server" 
    "nuc-server" 
    "warsaw-ovh-01"
    "framework13" 
    "framework16"
    "nixos-desktop" 
    "rdesktop-nuc-server" 
    "rdesktop-warsaw-ovh-01" 
    "rdesktop-framework-server" 
    "google-pixel-8" 
  ];
in {
  systemd.services.syncthing.environment.STNODEFAULTFOLDER = "true";

  imports = [ ] ++ lib.optional (builtins.isString desktop) ./syncthing-desktop.nix;
  # Set up the secrets file:
  sops.secrets = {
    "syncthing/cert" = {
      owner = "root";
      sopsFile = ../../../secrets/${deployment_type}/${config.networking.hostName}.yaml;
      restartUnits = [ "syncthing.service" ];
    };
    "syncthing/key" = {
      owner = "root";
      sopsFile = ../../../secrets/${deployment_type}/${config.networking.hostName}.yaml;
      restartUnits = [ "syncthing.service" ];
    };
  };

  networking.firewall.interfaces.tailscale0 = {
    allowedTCPPorts = [ 8384 22000 22067 22070 ];
    allowedUDPPorts = [ 22000 21027 ];
  };

  services.syncthing = {
    enable = true;
    guiAddress = "0.0.0.0:8384";
    cert = config.sops.secrets."syncthing/cert".path;
    key = config.sops.secrets."syncthing/key".path;
    user = "${username}";
    configDir = "/home/${username}/.config/syncthing";
    overrideDevices = true;
    overrideFolders = true;
    relay = {
      enable = true; 
      pools = [ "" ];
      providedBy = config.networking.hostName;
    };
    settings = {
      folders = {
        "logseq" = {
          id = "logseq";
          path = "/home/${username}/.logseq";
          versioning.type = "trashcan";
          devices = all_devices;
        };
      };
     options = {
        urAccepted = -1;
        localAnnounceEnabled = true;
        relaysEnabled = true;
      };
      devices = {
        # Hosts
        "framework-server" = {
          autoAcceptFolders = true;
          id = "AC53UVR-ZZOKNTZ-GE3C5W4-LPWJPOG-CML3YTD-G46GDLG-5XAURNC-BAJLOQT";
        };
        "nuc-server" = {
          autoAcceptFolders = true;
          id = "VUZ4UWN-PKUNXSD-2UW4DX3-DNL7JGB-LGMO64K-H7WQRY3-TET5ZJZ-XUMSCQS";
        };
        "warsaw-ovh-01" = {
          autoAcceptFolders = true;
          id = "BGZ7UIU-WGTFZ4V-JHRABWD-V5JOIYX-YWQ7QD4-3KC3B62-XWWX5T5-C43JHQY";
        };
        "framework13" = {
          autoAcceptFolders = true;
          id = "TT3EHRG-U6MMJUC-S3UPF2F-TRUMBPI-TC37RMI-BQ7TT5W-N7DIIWK-653TFAU";
        };
        "framework16" = {
          autoAcceptFolders = true;
          id = "SW224VT-IIQIME3-HIKOWEP-RDGFUBV-FINOP3D-WD7TRY4-ST23NO2-IDV7IAG";
        };
        "nixos-desktop" = {
          autoAcceptFolders = true;
          id = "5VWSC5F-UKNQK7L-5XDJORY-SJXJUFC-D5QCNYX-YPQBJ4J-AFSVHWY-CXO3MQT";
        };

        # Containers 
        "rdesktop-nuc-server" = {
          autoAcceptFolders = true;
          id = "XYQXNRN-IKDNN32-WMJYZ4G-IEQX7UB-IUJKMJC-SU2ZSGA-CTSJWKX-E63GTQY"; 
        };
        "rdesktop-warsaw-ovh-01" = {
          autoAcceptFolders = true;
          id = "OCT5MP7-W352LRT-WPSLADL-EUL6KYX-PA546UD-5BV54DR-4YBCANV-J452NAC"; 
        };
        "rdesktop-framework-server" = {
          autoAcceptFolders = true;
          id = "UKBICVB-CIHMM56-UQEVU4B-PPDX3AN-K7XGZMQ-DEI3J5P-KTZRID4-47VMNQQ"; 
        };

        # Non-NixOS
        "google-pixel-8" = {
          autoAcceptFolders = true; 
          id = "3MJWCB6-AHXDFQC-METP74C-NPBAPUE-CTTGLHT-POWI3X5-PAODMA3-G4ZALQV";
        };
      };
    };
  };

  # Create the folder if it doens't exist
  systemd.tmpfiles.rules = [
    "d ${config.services.syncthing.settings.folders.logseq.path} - albert albert"
  ];
}