diff --git a/.gitignore b/.gitignore index ca6943e..63b2cb8 100644 --- a/.gitignore +++ b/.gitignore @@ -1,5 +1,6 @@ **/*.tmp.sops.yaml **/*.sops.tmp.yaml +**/*sync-conflict* age.key result* .direnv diff --git a/nixos/hosts/gandalf/default.nix b/nixos/hosts/gandalf/default.nix index 87fd025..54e5ea5 100644 --- a/nixos/hosts/gandalf/default.nix +++ b/nixos/hosts/gandalf/default.nix @@ -107,13 +107,13 @@ in }; "syncthing/publicCert" = { sopsFile = ./secrets.sops.yaml; - owner = "syncthing"; + owner = "jahanson"; mode = "400"; restartUnits = [ "syncthing.service" ]; }; "syncthing/privateKey" = { sopsFile = ./secrets.sops.yaml; - owner = "syncthing"; + owner = "jahanson"; mode = "400"; restartUnits = [ "syncthing.service" ]; }; @@ -170,6 +170,7 @@ in # Syncthing syncthing = { enable = true; + user = "jahanson"; publicCertPath = config.sops.secrets."syncthing/publicCert".path; privateKeyPath = config.sops.secrets."syncthing/privateKey".path; }; diff --git a/nixos/hosts/shadowfax/default.nix b/nixos/hosts/shadowfax/default.nix index 51bf6ca..5f2a185 100644 --- a/nixos/hosts/shadowfax/default.nix +++ b/nixos/hosts/shadowfax/default.nix @@ -120,13 +120,13 @@ in sops.secrets = { "syncthing/publicCert" = { sopsFile = ./secrets.sops.yaml; - owner = "syncthing"; + owner = "jahanson"; mode = "400"; restartUnits = [ "syncthing.service" ]; }; "syncthing/privateKey" = { sopsFile = ./secrets.sops.yaml; - owner = "syncthing"; + owner = "jahanson"; mode = "400"; restartUnits = [ "syncthing.service" ]; }; @@ -167,6 +167,7 @@ in # Syncthing syncthing = { enable = true; + user = "jahanson"; publicCertPath = config.sops.secrets."syncthing/publicCert".path; privateKeyPath = config.sops.secrets."syncthing/privateKey".path; }; diff --git a/nixos/hosts/telchar/default.nix b/nixos/hosts/telchar/default.nix index ff0c07e..fbda4fa 100644 --- a/nixos/hosts/telchar/default.nix +++ b/nixos/hosts/telchar/default.nix @@ -49,13 +49,13 @@ sops.secrets = { "syncthing/publicCert" = { sopsFile = ./secrets.sops.yaml; - owner = "syncthing"; + owner = "jahanson"; mode = "400"; restartUnits = [ "syncthing.service" ]; }; "syncthing/privateKey" = { sopsFile = ./secrets.sops.yaml; - owner = "syncthing"; + owner = "jahanson"; mode = "400"; restartUnits = [ "syncthing.service" ]; }; @@ -67,6 +67,7 @@ services.syncthing = { enable = true; + user = "jahanson"; publicCertPath = config.sops.secrets."syncthing/publicCert".path; privateKeyPath = config.sops.secrets."syncthing/privateKey".path; }; diff --git a/nixos/modules/nixos/services/syncthing/config/default.nix b/nixos/modules/nixos/services/syncthing/config/default.nix index c7f616a..2417d76 100644 --- a/nixos/modules/nixos/services/syncthing/config/default.nix +++ b/nixos/modules/nixos/services/syncthing/config/default.nix @@ -1,12 +1,11 @@ { sops, ... }: { - settings = { - gui = { - user = sops.secrets.username; - password = sops.secrets.password; - }; + gui = { + user = sops.secrets.username; + password = sops.secrets.password; + }; - devices = { + devices = { legiondary = { name = "legiondary"; id = "O4WI2YC-BZBPF2W-2ALNQ2D-UOP3BK5-ZDSEHVH-DIHS2FG-BSVJCXG-GF47XAE"; @@ -15,30 +14,24 @@ shadowfax = { name = "shadowfax"; id = "U3DS7CW-GBZT44M-IFP3MOB-AV6SHVY-YFVEL5P-HE3ACC5-NDDGAOB-HOTKJAC"; - addresses = [ "tcp://10.1.1.61:22000" "dynamic" ]; + addresses = [ "tcp://10.1.1.61:22000" ]; }; gandalf = { name = "gandalf"; id = "2VYHSOB-4QE3UIJ-EFKAD4D-J7YTLYG-4KF36C2-3SOLD4G-MFR6NK3-C2VSAQV"; - addresses = [ "tcp://10.1.1.13:22000" "dynamic" ]; + addresses = [ "tcp://10.1.1.13:22000" ]; }; telchar = { name = "telchar"; id = "ENO4NVK-DUKOLUT-ASJZOEI-IFBVBTA-GDNWKWS-DQF3TZW-JJ72VVB-VWTHNAH"; addresses = [ "dynamic" ]; - }; }; + }; - folders = { - "Documents" = { - path = "/home/jahanson/projects"; - devices = [ - "legiondary" - "shadowfax" - "gandalf" - "telchar" - ]; - }; + folders = { + "~/projects" = { + id = "projects"; + devices = [ "legiondary" "shadowfax" "gandalf" "telchar" ]; }; }; } diff --git a/nixos/modules/nixos/services/syncthing/default.nix b/nixos/modules/nixos/services/syncthing/default.nix index f2d0274..7df9f66 100644 --- a/nixos/modules/nixos/services/syncthing/default.nix +++ b/nixos/modules/nixos/services/syncthing/default.nix @@ -17,6 +17,10 @@ in type = lib.types.path; description = "The private key for Syncthing"; }; + user = lib.mkOption { + type = lib.types.str; + description = "The user to run Syncthing as"; + }; }; config = lib.mkIf cfg.enable { @@ -24,13 +28,13 @@ in sops.secrets = { "username" = { sopsFile = ./secrets.sops.yaml; - owner = "syncthing"; + owner = "jahanson"; mode = "400"; restartUnits = [ "syncthing.service" ]; }; "password" = { sopsFile = ./secrets.sops.yaml; - owner = "syncthing"; + owner = "jahanson"; mode = "400"; restartUnits = [ "syncthing.service" ]; }; @@ -39,9 +43,11 @@ in services = { syncthing = { enable = true; + user = cfg.user; + dataDir = "/home/${cfg.user}/"; openDefaultPorts = true; - key = lib.mkIf (cfg.privateKeyPath != null) "${cfg.privateKeyPath}"; - cert = lib.mkIf (cfg.publicCertPath != null) "${cfg.publicCertPath}"; + key = "${cfg.privateKeyPath}"; + cert = "${cfg.publicCertPath}"; settings = import ./config { inherit (config) sops; }; }; }; diff --git a/nixos/profiles/global/users.nix b/nixos/profiles/global/users.nix index 9e6ee10..e133701 100644 --- a/nixos/profiles/global/users.nix +++ b/nixos/profiles/global/users.nix @@ -41,7 +41,6 @@ in "libvirtd" "wireshark" "minecraft" - "syncthing" ]; openssh.authorizedKeys.keys = [