From 5d5a940cc5ee3ca51dd222b4100af8852c9fa989 Mon Sep 17 00:00:00 2001 From: Alexander Heldt Date: Fri, 4 Aug 2023 15:34:52 +0200 Subject: [PATCH] pinwheel: Add `syncthing` Sync - org - personal --- hosts/pinwheel/configuration.nix | 62 +++++++++++++++++++++++++++- secrets/pinwheel/syncthing-cert.age | Bin 0 -> 1151 bytes secrets/pinwheel/syncthing-key.age | Bin 0 -> 774 bytes secrets/secrets.nix | 7 ++++ 4 files changed, 68 insertions(+), 1 deletion(-) create mode 100644 secrets/pinwheel/syncthing-cert.age create mode 100644 secrets/pinwheel/syncthing-key.age create mode 100644 secrets/secrets.nix diff --git a/hosts/pinwheel/configuration.nix b/hosts/pinwheel/configuration.nix index 2580e48..d94917d 100644 --- a/hosts/pinwheel/configuration.nix +++ b/hosts/pinwheel/configuration.nix @@ -109,8 +109,68 @@ # List services that you want to enable: # Enable the OpenSSH daemon. - # services.openssh.enable = true; + services.openssh = { + enable = true; + hostKeys = [{ + path = "/etc/ssh/pinwheel"; + type = "ed25519"; + }]; + }; + + services.syncthing = { + enable = true; + openDefaultPorts = true; + + cert = config.age.secrets.syncthing-cert.path; + key = config.age.secrets.syncthing-key.path; + + user = "alex"; + group = "users"; + + dataDir = "/home/alex/sync"; + + settings = { + devices = { + sombrero.id = "DIKHOMV-QGZV3DR-FXQZH45-I5J5R4R-JJZS5BA-XNNW5C7-QSSU3XV-KVC4MAQ"; + phone.id = "NJIMX57-C2CGV76-GXMAQYV-ABWDA7Z-TS6UV2X-NVL5UPG-UFEQH4C-TKYA6QM"; + }; + + folders = { + org = { + path = "/home/alex/sync/org"; + devices = [ "sombrero" "phone" ]; + versioning = { + type = "staggered"; + params = { + maxAge = "2592000"; # 30 days + }; + }; + }; + + personal = { + path = "/home/alex/sync/personal"; + devices = [ "sombrero" ]; + versioning = { + type = "staggered"; + params = { + maxAge = "2592000"; # 30 days + }; + }; + }; + }; + }; + }; + + age = { + identityPaths = [ "/etc/ssh/pinwheel" ]; + + secrets = { + "syncthing-cert".file = ../../secrets/pinwheel/syncthing-cert.age; + "syncthing-key".file = ../../secrets/pinwheel/syncthing-key.age; + }; + }; + # Open ports in the firewall. # networking.firewall.allowedTCPPorts = [ ... ]; # networking.firewall.allowedUDPPorts = [ ... ]; diff --git a/secrets/pinwheel/syncthing-cert.age b/secrets/pinwheel/syncthing-cert.age new file mode 100644 index 0000000000000000000000000000000000000000..43b51b263c632170f83ac77f8a5f1dc751eb5b23 GIT binary patch literal 1151 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSHs|ZMnN>>QAGz|?6 z3(YO|40o&aH!Lm8Es4sCG;<0`3eGb0Gk2|u%*ZtHsxtD-NaqSkj&MpXE6g!=)OWK8 zsqjon4#^EJ&WQ{x2=%Z`HOmh3Ds`#way3fQ_eHnO%`ee0AYH+-q@Xa$G2Er9FgvO! z%Dl=c&(Sa>xh&l=$3HzFqd-3^$+R*xFeN`KxR@)^BsZrb!{0SLB(=1v$W%Kt!_TZB zKhjd$BsIUt*)KT4JSxY)%-Jj1%K&6sK(?}4T!EEtdQoa(ajHV3yIO`qwyA&CuCA_vU$JkhX>d+yQm$uInPEm@hPzX;cc!CBxo5VvNqAX6zDKs3kAc3khi^Jp zgSNz8q)ZTN zuUORTc}$BZ{BrKT|1Wx~mQPc4Zr7?~j@fYSpdRzY@aQVZrAm_R?_29WA3lFI%II-( z_jkkQDLXdUJfCp$_NxE)gKC(ItDdUoO{)3k+q~;zp}c&-hc`=>zRRBGdQzr**1vVX zL=4-HUD$MM(T7^;Af=A4VGd_pwL&gNoSMS_G3t!;w5?~v9y!Jf1jI1vOjMj@t+M#h z(_6hyrY5#a_H!z&I=(T_f0l)Cn91YWPu%hqLw(PFt|>8mSt5CUZ_FEy;-r-w%pGdG zQ{V6JP<=LCZ@!eIobi-h4r`_b3$}e?o%6N%<){2^W~Y*6Z!EUSr2M-%En&qj*_Dc? zePh%QZ|wR|mH1=tuIA>e4QqF*8CYj#v zrW-l;%E2!;U0Zs>wme9yezy3TV2dd48orbK*AL#6{}8YOukW?^5l}h z8dpb&w`&r1s%%b5J7-*e_?t(g^d|$cqR-9h-F$byCWZ7KR^vF;ue+t^=fN`?UMC9D zlCzFpnHIWQaD_vq+VZeVQy*)HNNjN|yi#pu6p;5-disOw%eff-H{DZS@cWQ+yxFs- zJ=vX;Lz{2ObSTZPtJ6?YvAxUHAtdoFFWTS!zh#}D=!Y#4awgkP8oVnznmfJb-OFF< z|FbV%?#x(GRN`xsti^GbF;bU})9FIfI(O4{{hLuYRg-mhPux_wgX7-+rT;&u{1@EMp?fQ`$os@q!T#wV8(onyH|D#y+GMyCHRR(dQ qt8eU%3(K2pyMJlsi-Q?2*rRoqZCa;zW@#ns<7GLQ^<^#iTjc>|)d|x8 literal 0 HcmV?d00001 diff --git a/secrets/pinwheel/syncthing-key.age b/secrets/pinwheel/syncthing-key.age new file mode 100644 index 0000000000000000000000000000000000000000..47183377d6940ede1e5cdc40aa0198e2324ddb96 GIT binary patch literal 774 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSHs|ZMnN>?zp2rY5W z%gzfd@C-|?49tzvE)Q@Gwv6!2Gcz;{2oKkHOZKg*$c#t|HsA_($}%wv46iWtu5=6V zE-x>NO!o2c%PdYU@hNgnHa9T$tH@6Ya1C^HNk+HL%`ee0AYH-0F~B9+FFZHT&p0Qm zGQ_x`D%2~-!!I?!ttu}l%G4{vEw|ju%Q4I#(|{|_!!xTe&)Cz*-!Q|{)Wj_%$J3{@ zILyD?%)2VvxGd1q-`FRtGS@sUDIH{+tDa4AajdUydQoa(ajJs7ovnh3SFS>2Zb@ok zq_%>hj;#S#Msl!+yGx04zMq$Wnwxo{w_}!LRi#O3P+3-1M2M?-puda1i(#gZwwqU# zxmRvPa%7OJmx+F4Xi#~$sZX&nmziamPgOysWkj)lX{4cLRX~xeL9tO$gi%$levyZ( zL8+xhq<%<*w`YL1b5vetR-{LyPf@aCQEEykm#(g^LTSEfzF(n*wnbWca-ngKV^F1b zN^xe0X}V#tXSQ2-rej61nQ3TQU|EnWmxQK&lCD`&!tbAK!HZtjeqv`ms`t2j-Q8&S z>#;T_^0y8b-I`p~>LOykhgW5dr06r12+ieen zR>`Epmc9$o0>+oAVm>FK(|p37<&{wA(m{3d((+0x7x?0p8SSASn};iG>E z-(9=V6OU8gDs*@*y3Cz#w=LDB<4jcjog>?|;Tjw=e#2qmpeY@ zS*g15^5lKO*S=K5N7R4T4~q;f7ml3wLs`(3r!VsQhc`!}K35%HeaNIO`EY;6?RTdE D7Ogcr literal 0 HcmV?d00001 diff --git a/secrets/secrets.nix b/secrets/secrets.nix new file mode 100644 index 0000000..bcbf0cc --- /dev/null +++ b/secrets/secrets.nix @@ -0,0 +1,7 @@ +let + pinwheel = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMoI7Q4zT2AGXU+i8fLmzcNLdfMkEnfHYh4PmaEmo2QW root@pinwheel"; + alex = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILTw7VCV4z5At0e+oCG+3I3tSyhmLJgQkWlhaYJVlyS8 alex.bennu2@github.com"; +in { + "pinwheel/syncthing-cert.age".publicKeys = [ pinwheel alex ]; + "pinwheel/syncthing-key.age".publicKeys = [ pinwheel alex ]; +}