sync permissions through syncthing
This commit is contained in:
parent
26e63198d1
commit
9dc88b9a2d
1 changed files with 84 additions and 98 deletions
|
|
@ -3,25 +3,23 @@
|
||||||
let
|
let
|
||||||
cfg = config.syncthing-custom;
|
cfg = config.syncthing-custom;
|
||||||
|
|
||||||
# Device groupings
|
|
||||||
pcDevices = [ "macbook" "imac" "thinkpad" "nfss" ];
|
pcDevices = [ "macbook" "imac" "thinkpad" "nfss" ];
|
||||||
touchDevices = [ "iphone" "ipad" ];
|
touchDevices = [ "iphone" "ipad" ];
|
||||||
allDevices = pcDevices ++ touchDevices;
|
allDevices = pcDevices ++ touchDevices;
|
||||||
|
|
||||||
# Common versioning configuration
|
|
||||||
commonVersioning = {
|
commonVersioning = {
|
||||||
type = "staggered";
|
type = "staggered";
|
||||||
params = {
|
params = {
|
||||||
maxAge = "15552000"; # 180 days in seconds
|
maxAge = "15552000"; # 180 days
|
||||||
cleanInterval = "3600"; # Clean every hour
|
cleanInterval = "3600"; # 1 hour
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
liteVersioning = {
|
liteVersioning = {
|
||||||
type = "staggered";
|
type = "staggered";
|
||||||
params = {
|
params = {
|
||||||
maxAge = "2592000"; # 30 days in seconds
|
maxAge = "2592000"; # 30 days
|
||||||
cleanInterval = "3600"; # Clean every hour
|
cleanInterval = "3600";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
@ -41,103 +39,91 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
config = {
|
config = {
|
||||||
# Enable Syncthing service
|
services.syncthing = {
|
||||||
services.syncthing = {
|
enable = true;
|
||||||
enable = true;
|
tray.enable = false;
|
||||||
# Don't enable tray on server (Linux) or macOS
|
overrideDevices = true;
|
||||||
tray.enable = false;
|
overrideFolders = true;
|
||||||
|
|
||||||
# Listen on all interfaces for the GUI
|
guiAddress = lib.mkIf cfg.enableGui "127.0.0.1:8384";
|
||||||
guiAddress = lib.mkIf cfg.enableGui "127.0.0.1:8384";
|
|
||||||
|
|
||||||
# Declarative configuration - will override any GUI changes
|
settings = {
|
||||||
overrideDevices = true;
|
devices = {
|
||||||
overrideFolders = true;
|
"iphone" = {
|
||||||
|
id = "NMWI5MP-J4FC4A6-SDDXZPD-G66TJCO-2W7KGFD-RJWQ53U-I7GUVWP-WHF4QQO";
|
||||||
settings = {
|
|
||||||
# Define all devices
|
|
||||||
devices = {
|
|
||||||
"iphone" = {
|
|
||||||
id = "NMWI5MP-J4FC4A6-SDDXZPD-G66TJCO-2W7KGFD-RJWQ53U-I7GUVWP-WHF4QQO";
|
|
||||||
};
|
|
||||||
"thinkpad" = {
|
|
||||||
id = "OMZKASU-QPZDCQ2-7QRHRD4-3TPAXLM-AYRMWXB-A6E5OIZ-MGR422V-JYARQA6";
|
|
||||||
};
|
|
||||||
"ipad" = {
|
|
||||||
id = "ZN3W6K7-VTRRRMT-Y35PSVU-EARJ6FP-6JBFIOF-YAFUAUZ-2TSFW3T-5YGDZAO";
|
|
||||||
};
|
|
||||||
"macbook" = {
|
|
||||||
id = "XPAMYJX-D7UZKPI-JBLTAWG-EBPSFYV-NEFV42V-NIUZKQN-KTVTGGP-OOXL5AT";
|
|
||||||
};
|
|
||||||
"imac" = {
|
|
||||||
id = "2ST6EEF-KN3R2E6-PN64WAS-XGJ22NV-BAWAQX6-OCZLYE3-V5IM2SE-S22REAA";
|
|
||||||
};
|
|
||||||
"nfss" = {
|
|
||||||
id = "S4QZW76-BOLIOW7-DVP326F-JIGW5DW-3PAD47L-OA456LB-2L6JZW7-YUGJRA6";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
# Define shared folders (only enabled ones)
|
|
||||||
folders =
|
|
||||||
(lib.optionalAttrs (lib.elem "Credentials" cfg.enabledFolders) {
|
|
||||||
"Credentials" = {
|
|
||||||
path = "~/Credentials";
|
|
||||||
devices = allDevices;
|
|
||||||
ignorePerms = true;
|
|
||||||
versioning = commonVersioning;
|
|
||||||
};
|
};
|
||||||
})
|
"thinkpad" = {
|
||||||
// (lib.optionalAttrs (lib.elem "Documents" cfg.enabledFolders) {
|
id = "OMZKASU-QPZDCQ2-7QRHRD4-3TPAXLM-AYRMWXB-A6E5OIZ-MGR422V-JYARQA6";
|
||||||
"Documents" = {
|
|
||||||
path = "~/Documents";
|
|
||||||
devices = pcDevices;
|
|
||||||
ignorePerms = true;
|
|
||||||
versioning = commonVersioning;
|
|
||||||
};
|
};
|
||||||
})
|
"ipad" = {
|
||||||
// (lib.optionalAttrs (lib.elem "Media" cfg.enabledFolders) {
|
id = "ZN3W6K7-VTRRRMT-Y35PSVU-EARJ6FP-6JBFIOF-YAFUAUZ-2TSFW3T-5YGDZAO";
|
||||||
"Media" = {
|
|
||||||
path = "~/Media";
|
|
||||||
devices = lib.filter (d: d != "iphone") allDevices;
|
|
||||||
ignorePerms = true;
|
|
||||||
versioning = liteVersioning;
|
|
||||||
};
|
};
|
||||||
})
|
"macbook" = {
|
||||||
// (lib.optionalAttrs (lib.elem "Archive" cfg.enabledFolders) {
|
id = "XPAMYJX-D7UZKPI-JBLTAWG-EBPSFYV-NEFV42V-NIUZKQN-KTVTGGP-OOXL5AT";
|
||||||
"Archive" = {
|
|
||||||
path = "~/Archive";
|
|
||||||
devices = allDevices;
|
|
||||||
ignorePerms = true;
|
|
||||||
versioning = commonVersioning;
|
|
||||||
};
|
};
|
||||||
});
|
"imac" = {
|
||||||
|
id = "2ST6EEF-KN3R2E6-PN64WAS-XGJ22NV-BAWAQX6-OCZLYE3-V5IM2SE-S22REAA";
|
||||||
|
};
|
||||||
|
"nfss" = {
|
||||||
|
id = "S4QZW76-BOLIOW7-DVP326F-JIGW5DW-3PAD47L-OA456LB-2L6JZW7-YUGJRA6";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
# GUI settings with authentication
|
folders =
|
||||||
gui = {
|
(lib.optionalAttrs (lib.elem "Credentials" cfg.enabledFolders) {
|
||||||
enabled = cfg.enableGui;
|
"Credentials" = {
|
||||||
user = "yanlin";
|
path = "~/Credentials";
|
||||||
password = "";
|
devices = allDevices;
|
||||||
useTLS = false;
|
versioning = commonVersioning;
|
||||||
insecureSkipHostcheck = true;
|
};
|
||||||
};
|
})
|
||||||
|
// (lib.optionalAttrs (lib.elem "Documents" cfg.enabledFolders) {
|
||||||
|
"Documents" = {
|
||||||
|
path = "~/Documents";
|
||||||
|
devices = pcDevices;
|
||||||
|
versioning = commonVersioning;
|
||||||
|
};
|
||||||
|
})
|
||||||
|
// (lib.optionalAttrs (lib.elem "Media" cfg.enabledFolders) {
|
||||||
|
"Media" = {
|
||||||
|
path = "~/Media";
|
||||||
|
devices = lib.filter (d: d != "iphone") allDevices;
|
||||||
|
versioning = liteVersioning;
|
||||||
|
};
|
||||||
|
})
|
||||||
|
// (lib.optionalAttrs (lib.elem "Archive" cfg.enabledFolders) {
|
||||||
|
"Archive" = {
|
||||||
|
path = "~/Archive";
|
||||||
|
devices = allDevices;
|
||||||
|
versioning = commonVersioning;
|
||||||
|
};
|
||||||
|
});
|
||||||
|
|
||||||
# Additional settings
|
gui = {
|
||||||
options = {
|
enabled = cfg.enableGui;
|
||||||
urAccepted = -1; # Disable usage reporting
|
user = "yanlin";
|
||||||
relaysEnabled = true;
|
password = "";
|
||||||
localAnnounceEnabled = true;
|
useTLS = false;
|
||||||
globalAnnounceEnabled = true;
|
insecureSkipHostcheck = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
options = {
|
||||||
|
urAccepted = -1;
|
||||||
|
relaysEnabled = true;
|
||||||
|
localAnnounceEnabled = true;
|
||||||
|
globalAnnounceEnabled = true;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
|
||||||
|
|
||||||
# Override the launchd agent to add RunAtLoad on macOS
|
launchd.agents.syncthing = lib.mkIf (pkgs.stdenv.isDarwin && config.services.syncthing.enable) {
|
||||||
launchd.agents.syncthing = lib.mkIf (pkgs.stdenv.isDarwin && config.services.syncthing.enable) {
|
config.RunAtLoad = true;
|
||||||
config.RunAtLoad = true;
|
};
|
||||||
};
|
|
||||||
|
|
||||||
# For NixOS systems, we need to add Syncthing as a manual service in Traefik
|
home.activation.reloadSyncthing = lib.mkIf (pkgs.stdenv.isDarwin && config.services.syncthing.enable) (
|
||||||
# Since Syncthing runs as a systemd service (not container), we'll handle routing via static config
|
lib.hm.dag.entryAfter ["writeBoundary"] ''
|
||||||
# or create a container wrapper for it to use with service discovery
|
$DRY_RUN_CMD /bin/launchctl kickstart -k gui/$(id -u)/org.nix-community.home.syncthing || true
|
||||||
|
''
|
||||||
|
);
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue