ignore sync conflicts and reconfigure syncthing settings

2024-11-07 22:21:32 -06:00 · 2024-11-07 22:21:32 -06:00 · 5bf9930b16
commit 5bf9930b16
parent 98378ae285
7 changed files with 32 additions and 30 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,5 +1,6 @@
 **/*.tmp.sops.yaml
 **/*.sops.tmp.yaml
+**/*sync-conflict*
 age.key
 result*
 .direnv
--- a/nixos/hosts/gandalf/default.nix
+++ b/nixos/hosts/gandalf/default.nix
@ -107,13 +107,13 @@ in
      };
      "syncthing/publicCert" = {
        sopsFile = ./secrets.sops.yaml;
-        owner = "syncthing";
+        owner = "jahanson";
        mode = "400";
        restartUnits = [ "syncthing.service" ];
      };
      "syncthing/privateKey" = {
        sopsFile = ./secrets.sops.yaml;
-        owner = "syncthing";
+        owner = "jahanson";
        mode = "400";
        restartUnits = [ "syncthing.service" ];
      };
@ -170,6 +170,7 @@ in
      # Syncthing
      syncthing = {
        enable = true;
+        user = "jahanson";
        publicCertPath = config.sops.secrets."syncthing/publicCert".path;
        privateKeyPath = config.sops.secrets."syncthing/privateKey".path;
      };
--- a/nixos/hosts/shadowfax/default.nix
+++ b/nixos/hosts/shadowfax/default.nix
@ -120,13 +120,13 @@ in
  sops.secrets = {
    "syncthing/publicCert" = {
      sopsFile = ./secrets.sops.yaml;
-      owner = "syncthing";
+      owner = "jahanson";
      mode = "400";
      restartUnits = [ "syncthing.service" ];
    };
    "syncthing/privateKey" = {
      sopsFile = ./secrets.sops.yaml;
-      owner = "syncthing";
+      owner = "jahanson";
      mode = "400";
      restartUnits = [ "syncthing.service" ];
    };
@ -167,6 +167,7 @@ in
      # Syncthing
      syncthing = {
        enable = true;
+        user = "jahanson";
        publicCertPath = config.sops.secrets."syncthing/publicCert".path;
        privateKeyPath = config.sops.secrets."syncthing/privateKey".path;
      };
--- a/nixos/hosts/telchar/default.nix
+++ b/nixos/hosts/telchar/default.nix
@ -49,13 +49,13 @@
  sops.secrets = {
    "syncthing/publicCert" = {
      sopsFile = ./secrets.sops.yaml;
-      owner = "syncthing";
+      owner = "jahanson";
      mode = "400";
      restartUnits = [ "syncthing.service" ];
    };
    "syncthing/privateKey" = {
      sopsFile = ./secrets.sops.yaml;
-      owner = "syncthing";
+      owner = "jahanson";
      mode = "400";
      restartUnits = [ "syncthing.service" ];
    };
@ -67,6 +67,7 @@

    services.syncthing = {
      enable = true;
+      user = "jahanson";
      publicCertPath = config.sops.secrets."syncthing/publicCert".path;
      privateKeyPath = config.sops.secrets."syncthing/privateKey".path;
    };
--- a/nixos/modules/nixos/services/syncthing/config/default.nix
+++ b/nixos/modules/nixos/services/syncthing/config/default.nix
@ -1,12 +1,11 @@
 { sops, ... }:
 {
-  settings = {
-    gui = {
-      user = sops.secrets.username;
-      password = sops.secrets.password;
-    };
+  gui = {
+    user = sops.secrets.username;
+    password = sops.secrets.password;
+  };

-    devices = {
+  devices = {
      legiondary = {
        name = "legiondary";
        id = "O4WI2YC-BZBPF2W-2ALNQ2D-UOP3BK5-ZDSEHVH-DIHS2FG-BSVJCXG-GF47XAE";
@ -15,30 +14,24 @@
      shadowfax = {
        name = "shadowfax";
        id = "U3DS7CW-GBZT44M-IFP3MOB-AV6SHVY-YFVEL5P-HE3ACC5-NDDGAOB-HOTKJAC";
-        addresses = [ "tcp://10.1.1.61:22000" "dynamic" ];
+        addresses = [ "tcp://10.1.1.61:22000" ];
      };
      gandalf = {
        name = "gandalf";
        id = "2VYHSOB-4QE3UIJ-EFKAD4D-J7YTLYG-4KF36C2-3SOLD4G-MFR6NK3-C2VSAQV";
-        addresses = [ "tcp://10.1.1.13:22000" "dynamic" ];
+        addresses = [ "tcp://10.1.1.13:22000" ];
      };
      telchar = {
        name = "telchar";
        id = "ENO4NVK-DUKOLUT-ASJZOEI-IFBVBTA-GDNWKWS-DQF3TZW-JJ72VVB-VWTHNAH";
        addresses = [ "dynamic" ];
-      };
    };
+  };

-    folders = {
-      "Documents" = {
-        path = "/home/jahanson/projects";
-        devices = [
-          "legiondary"
-          "shadowfax"
-          "gandalf"
-          "telchar"
-        ];
-      };
+  folders = {
+    "~/projects" = {
+      id = "projects";
+      devices = [ "legiondary" "shadowfax" "gandalf" "telchar" ];
    };
  };
 }
--- a/nixos/modules/nixos/services/syncthing/default.nix
+++ b/nixos/modules/nixos/services/syncthing/default.nix
@ -17,6 +17,10 @@ in
      type = lib.types.path;
      description = "The private key for Syncthing";
    };
+    user = lib.mkOption {
+      type = lib.types.str;
+      description = "The user to run Syncthing as";
+    };
  };

  config = lib.mkIf cfg.enable {
@ -24,13 +28,13 @@ in
    sops.secrets = {
      "username" = {
        sopsFile = ./secrets.sops.yaml;
-        owner = "syncthing";
+        owner = "jahanson";
        mode = "400";
        restartUnits = [ "syncthing.service" ];
      };
      "password" = {
        sopsFile = ./secrets.sops.yaml;
-        owner = "syncthing";
+        owner = "jahanson";
        mode = "400";
        restartUnits = [ "syncthing.service" ];
      };
@ -39,9 +43,11 @@ in
    services = {
      syncthing = {
        enable = true;
+        user = cfg.user;
+        dataDir = "/home/${cfg.user}/";
        openDefaultPorts = true;
-        key = lib.mkIf (cfg.privateKeyPath != null) "${cfg.privateKeyPath}";
-        cert = lib.mkIf (cfg.publicCertPath != null) "${cfg.publicCertPath}";
+        key = "${cfg.privateKeyPath}";
+        cert = "${cfg.publicCertPath}";
        settings = import ./config { inherit (config) sops; };
      };
    };
--- a/nixos/profiles/global/users.nix
+++ b/nixos/profiles/global/users.nix
@ -41,7 +41,6 @@ in
            "libvirtd"
            "wireshark"
            "minecraft"
-            "syncthing"
          ];

        openssh.authorizedKeys.keys = [