Add syncthing module

Refactor network (port) config
Turns out I can put :22 in admin.nix and it still works, which is more appropriate.
2023-12-11 01:40:05 +08:00 · 2023-12-11 00:45:11 +08:00 · 2023-12-11 00:10:10 +08:00
5 changed files with 41 additions and 13 deletions
--- a/flake.lock
+++ b/flake.lock
@ -7,11 +7,11 @@
        "nixpkgs": "nixpkgs"
      },
      "locked": {
-        "lastModified": 1696775529,
-        "narHash": "sha256-TYlE4B0ktPtlJJF9IFxTWrEeq+XKG8Ny0gc2FGEAdj0=",
+        "lastModified": 1701216516,
+        "narHash": "sha256-jKSeJn+7hZ1dZdiH1L+NWUGT2i/BGomKAJ54B9kT06Q=",
        "owner": "ryantm",
        "repo": "agenix",
-        "rev": "daf42cb35b2dc614d1551e37f96406e4c4a2d3e4",
+        "rev": "13ac9ac6d68b9a0896e3d43a082947233189e247",
        "type": "github"
      },
      "original": {
@ -155,11 +155,11 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1700204040,
-        "narHash": "sha256-xSVcS5HBYnD3LTer7Y2K8ZQCDCXMa3QUD1MzRjHzuhI=",
+        "lastModified": 1701718080,
+        "narHash": "sha256-6ovz0pG76dE0P170pmmZex1wWcQoeiomUZGggfH9XPs=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "c757e9bd77b16ca2e03c89bf8bc9ecb28e0c06ad",
+        "rev": "2c7f3c0fb7c08a0814627611d9d7d45ab6d75335",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@ -24,14 +24,15 @@

      hosts = {
        golgi.modules = with modules; [
-          common
          admin
-          zsh
-          hardware-hetzner
-          hardened
          agenix.nixosModules.default
-          forgejo
          caddy
+          common
+          forgejo
+          hardened
+          hardware-hetzner
+          syncthing
+          zsh
        ];
      };

--- a/modules/admin.nix
+++ b/modules/admin.nix
@ -1,6 +1,7 @@
 { config, pkgs, ... }:

 {
+  networking.firewall.allowedTCPPorts = [ 22 ];
  users.users.admin = {
    name = "admin";
    hashedPassword = "$6$ET8BLqODvw77VOmI$oun2gILUqBr/3WonH2FO1L.myMIM80KeyO5W1GrYhJTo./jk7XcG8B3vEEcbpfx3R9h.sR0VV187/MgnsnouB1";
--- a/modules/caddy.nix
+++ b/modules/caddy.nix
@ -3,8 +3,8 @@
 with lib;

 {
-  networking.firewall.allowedTCPPorts = [ 22 80 443 ];
-  networking.firewall.allowedUDPPortRanges = [ { from=443; to=443; } ];
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+  networking.firewall.allowedUDPPorts = [ 443 ];

  # If I end up wanting to add plugins, see:
  # https://mdleom.com/blog/2021/12/27/caddy-plugins-nixos/
@ -34,6 +34,10 @@ In future, the following may be set up too:
 "
  '';
    }
+    (mkIf config.services.syncthing.enable {
+      virtualHosts."syncthing.tecosaur.net".extraConfig =
+        ''reverse_proxy ${config.services.syncthing.guiAddress}'';
+    })
    (mkIf config.services.gitea.enable {
      virtualHosts."git.tecosaur.net".extraConfig =
      ''
--- a/modules/syncthing.nix
+++ b/modules/syncthing.nix
@ -0,0 +1,22 @@
+{ config, lib, ... }:
+
+with lib;
+
+{
+  services.syncthing = {
+    enable = true;
+    dataDir = "/var/lib/syncthing";
+    guiAddress = "localhost:8384";
+    overrideDevices = true;
+    overrideFolders = true;
+    settings = {
+      gui = {
+        user = "tec";
+        password = "$2a$10$yXPBFhobbJGT3FRNEWmdRO891ZLTF247XQ2fYmJK8dsqzIWLKOPKC";
+      };
+      devices = {
+        "tranquillity" = { id = "VXWXMXK-MWENVPV-PV75JQH-45OP44F-QMPH645-JVWGJB2-C2GKHSV-QARV5A2"; };
+      };
+    };
+  };
+}
Author	SHA1	Message	Date
TEC	c9d47524f7	Add syncthing module	2023-12-11 01:40:05 +08:00
TEC	c2dc65583c	Refactor network (port) config Turns out I can put :22 in admin.nix and it still works, which is more appropriate.	2023-12-11 00:45:11 +08:00
TEC	d4ad6c2961	Update packages	2023-12-11 00:10:10 +08:00