pinwheel/manatee: Share org via syncthing

hosts/manatee/disk-config.nix

@@ -50,6 +50,23 @@
           };
         };
       };
+
+      "10-sync-public" = {
+        "/mnt/sync/public" = {
+          d = {
+            # Create directory
+            user = "storage";
+            group = "storage";
+            mode = "2775";
+          };
+          z = {
+            # Ensure permissions are inherited
+            user = "storage";
+            group = "storage";
+            mode = "2775";
+          };
+        };
+      };
     };
 
     environment.systemPackages = [
@@ -172,6 +189,12 @@
               mountpoint = "/mnt/cameras";
               options.mountpoint = "legacy"; # otherwise we get a race between systemd and zfs; https://github.com/nix-community/disko/issues/214
             };
+
+            sync = {
+              type = "zfs_fs";
+              mountpoint = "/mnt/sync";
+              options.mountpoint = "legacy"; # otherwise we get a race between systemd and zfs; https://github.com/nix-community/disko/issues/214
+            };
           };
         };
       };

hosts/manatee/modules/default.nix

@@ -13,6 +13,8 @@ in
       ssh.enable = true;
       git.enable = true;
 
+      nginx.enable = true;
+      syncthing.enable = true;
       transmission.enable = true;
       audiobookshelf.enable = true;
       jellyfin.enable = true;

hosts/manatee/modules/nginx/default.nix

@@ -0,0 +1,22 @@
+{ lib, config, ... }:
+let
+  enabled = config.mod.nginx.enable;
+in
+{
+  options = {
+    mod.nginx = {
+      enable = lib.mkEnableOption "Enable nginx module";
+    };
+  };
+
+  config = lib.mkIf enabled {
+    services = {
+      nginx = {
+        enable = true;
+
+        recommendedProxySettings = true;
+        recommendedTlsSettings = true;
+      };
+    };
+  };
+}

hosts/manatee/modules/syncthing/default.nix

@@ -0,0 +1,61 @@
+{ lib, config, ... }:
+let
+  enabled = config.mod.syncthing.enable;
+in
+{
+  options = {
+    mod.syncthing = {
+      enable = lib.mkEnableOption "Enable syncthing module";
+    };
+  };
+
+  config = lib.mkIf enabled {
+    services.syncthing = {
+      enable = true;
+
+      cert = config.age.secrets.syncthing-cert.path;
+      key = config.age.secrets.syncthing-key.path;
+
+      user = "storage";
+      group = "storage";
+
+      dataDir = "/mnt/sync/public";
+
+      guiAddress = "0.0.0.0:8384";
+
+      settings = {
+        gui = {
+          user = "syncthing";
+          password = "$2a$12$YBcqhl8AXpoLmIWikuMtkOQLcrPXKKj0xY/qy4hggWnfjeVLQ3Ct6";
+          insecureSkipHostcheck = false;
+        };
+
+        devices = {
+          pinwheel.id = config.lib.syncthing.pinwheel;
+        };
+
+        folders = {
+          org = {
+            path = "/mnt/sync/public/org";
+            devices = [
+              "pinwheel"
+            ];
+            versioning = {
+              type = "staggered";
+              params = {
+                maxage = "2592000"; # 30 days
+              };
+            };
+          };
+        };
+      };
+    };
+
+    age = {
+      secrets = {
+        "syncthing-cert".file = ../../../../secrets/manatee/syncthing-cert.age;
+        "syncthing-key".file = ../../../../secrets/manatee/syncthing-key.age;
+      };
+    };
+  };
+}

hosts/pinwheel/modules/syncthing/default.nix

@@ -16,6 +16,7 @@
       devices = {
         phone.id = config.lib.syncthing.phone;
         backwards.id = config.lib.syncthing.backwards;
+        manatee.id = config.lib.syncthing.manatee;
       };
 
       folders = {
@@ -24,6 +25,7 @@
           devices = [
             "phone"
             "backwards"
+            "manatee"
           ];
           versioning = {
             type = "staggered";

secrets/manatee/syncthing-key.age

@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 wkRvNA YbZzduvipUNKn6QnmQu9b/qFNLKXZ4rIykPEBUvvGGs
+aITJQ+ska4vfDL0Z7+wocYZYi5/QjodjHGJj7caE2+Q
+-> ssh-ed25519 +oNaHQ s8fl+itCgMK/Hl621+xEdlXl3w1v+Zyx/XihIvh1ahk
+BuumBEu6B2Csxr2VRRagyPnF/T7Thoz1Fq9F/NIAa0o
+--- /VPi7PCZNCHPL5dSS+QeSsZLUqBzJZygOWHKVYMyLIM
+<EFBFBD> <20><>qA<71>s<EFBFBD>	<09>x

secrets/secrets.nix

@@ -34,6 +34,8 @@ in {
   "manatee/root.manatee.pub.age".publicKeys = [ manatee alex ];
   "manatee/alex.manatee-git.ppp.pm.age".publicKeys = [ manatee alex ];
   "manatee/alex.manatee-git.ppp.pm.pub.age".publicKeys = [ manatee alex ];
+  "manatee/syncthing-cert.age".publicKeys = [ manatee alex ];
+  "manatee/syncthing-key.age".publicKeys = [ manatee alex ];
 
   "backwards/root.backwards.age".publicKeys = [ backwards alex ];
   "backwards/root.backwards.pub.age".publicKeys = [ backwards alex ];

shared-modules/syncthing.nix

@@ -3,6 +3,7 @@
     syncthing = {
       phone = "HCL2CKI-SA3NWOT-PMJZNFP-I7QETYE-JOKZHXN-TSI74FV-ZA6RDO2-QQMXPAP";
       pinwheel = "AKS5L2A-NFCG5GV-3U5SSSZ-PLOX6BQ-ZL5ALXI-D7OK4KE-R2JPWRJ-B6AQJQ7";
+      manatee = "6YDVLXR-NZV6XKD-ASWPZQS-WKBRHAD-52JV5HU-JEPQ32G-6RGY7KJ-OVBO7AM";
       backwards = "XRSQ4NZ-LHCZS6H-R3A75S5-W4FH7F4-3DGA5X2-SOPYWOP-A2WRKGC-IPXH4AM";
       tablet = "5BEPSWB-BN4MDZM-7W3ITMP-KJ53J6M-WJMLWEF-GTDJTWI-C4C5SPQ-SFS3DAY";
     };