pinwheel: Add syncthing

Sync - org - personal
2023-08-04 15:34:52 +02:00
parent 608d968a05
commit 5d5a940cc5
4 changed files with 68 additions and 1 deletions
--- a/hosts/pinwheel/configuration.nix
+++ b/hosts/pinwheel/configuration.nix
@@ -109,8 +109,68 @@
  # List services that you want to enable:

  # Enable the OpenSSH daemon.
-  # services.openssh.enable = true;
+  services.openssh = {
+    enable = true;

+    hostKeys = [{
+      path = "/etc/ssh/pinwheel";
+      type = "ed25519";
+    }];  
+  };
+
+  services.syncthing = {
+    enable = true;
+    openDefaultPorts = true;
+
+    cert = config.age.secrets.syncthing-cert.path;
+    key = config.age.secrets.syncthing-key.path;
+
+    user = "alex";
+    group = "users";
+
+    dataDir = "/home/alex/sync";
+    
+    settings = {
+      devices = {
+        sombrero.id = "DIKHOMV-QGZV3DR-FXQZH45-I5J5R4R-JJZS5BA-XNNW5C7-QSSU3XV-KVC4MAQ";
+        phone.id = "NJIMX57-C2CGV76-GXMAQYV-ABWDA7Z-TS6UV2X-NVL5UPG-UFEQH4C-TKYA6QM";
+      };
+
+      folders = {
+        org = {
+          path = "/home/alex/sync/org";
+          devices = [ "sombrero" "phone" ];
+          versioning = {
+            type = "staggered";
+            params = {
+              maxAge = "2592000"; # 30 days
+            };
+          };
+        };
+
+        personal = {
+          path = "/home/alex/sync/personal";
+          devices = [ "sombrero" ];
+          versioning = {
+            type = "staggered";
+            params = {
+              maxAge = "2592000"; # 30 days
+            };
+          };
+        };
+      };
+    };
+  };
+
+  age = {
+    identityPaths = [ "/etc/ssh/pinwheel" ];
+    
+    secrets = {
+      "syncthing-cert".file = ../../secrets/pinwheel/syncthing-cert.age;
+      "syncthing-key".file = ../../secrets/pinwheel/syncthing-key.age;
+    };
+  };
+  
  # Open ports in the firewall.
  # networking.firewall.allowedTCPPorts = [ ... ];
  # networking.firewall.allowedUDPPorts = [ ... ];
--- a/secrets/pinwheel/syncthing-cert.age
+++ b/secrets/pinwheel/syncthing-cert.age
--- a/secrets/pinwheel/syncthing-key.age
+++ b/secrets/pinwheel/syncthing-key.age
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -0,0 +1,7 @@
+let
+  pinwheel = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMoI7Q4zT2AGXU+i8fLmzcNLdfMkEnfHYh4PmaEmo2QW root@pinwheel";
+  alex = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILTw7VCV4z5At0e+oCG+3I3tSyhmLJgQkWlhaYJVlyS8 alex.bennu2@github.com";
+in {
+  "pinwheel/syncthing-cert.age".publicKeys = [ pinwheel alex ];
+  "pinwheel/syncthing-key.age".publicKeys = [ pinwheel alex ];
+}