yanlin/nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

sync permissions through syncthing

Browse source
This commit is contained in:
Yan Lin 2026-01-23 08:14:17 +01:00
parent 26e63198d1
commit 9dc88b9a2d
1 changed files with 84 additions and 98 deletions
Download patch file Download diff file Expand all files Collapse all files

170
modules/syncthing.nix
View file

@ -3,25 +3,23 @@
let let
cfg = config.syncthing-custom; cfg = config.syncthing-custom;
# Device groupings
pcDevices = [ "macbook" "imac" "thinkpad" "nfss" ]; pcDevices = [ "macbook" "imac" "thinkpad" "nfss" ];
touchDevices = [ "iphone" "ipad" ]; touchDevices = [ "iphone" "ipad" ];
allDevices = pcDevices ++ touchDevices; allDevices = pcDevices ++ touchDevices;
# Common versioning configuration
commonVersioning = { commonVersioning = {
type = "staggered"; type = "staggered";
params = { params = {
maxAge = "15552000"; # 180 days in seconds maxAge = "15552000"; # 180 days
cleanInterval = "3600"; # Clean every hour cleanInterval = "3600"; # 1 hour
}; };
}; };
liteVersioning = { liteVersioning = {
type = "staggered"; type = "staggered";
params = { params = {
maxAge = "2592000"; # 30 days in seconds maxAge = "2592000"; # 30 days
cleanInterval = "3600"; # Clean every hour cleanInterval = "3600";
}; };
}; };
@ -41,103 +39,91 @@ in
}; };
config = { config = {
# Enable Syncthing service services.syncthing = {
services.syncthing = { enable = true;
enable = true; tray.enable = false;
# Don't enable tray on server (Linux) or macOS overrideDevices = true;
tray.enable = false; overrideFolders = true;
# Listen on all interfaces for the GUI guiAddress = lib.mkIf cfg.enableGui "127.0.0.1:8384";
guiAddress = lib.mkIf cfg.enableGui "127.0.0.1:8384";
# Declarative configuration - will override any GUI changes settings = {
overrideDevices = true; devices = {
overrideFolders = true; "iphone" = {
id = "NMWI5MP-J4FC4A6-SDDXZPD-G66TJCO-2W7KGFD-RJWQ53U-I7GUVWP-WHF4QQO";
settings = {
# Define all devices
devices = {
"iphone" = {
id = "NMWI5MP-J4FC4A6-SDDXZPD-G66TJCO-2W7KGFD-RJWQ53U-I7GUVWP-WHF4QQO";
};
"thinkpad" = {
id = "OMZKASU-QPZDCQ2-7QRHRD4-3TPAXLM-AYRMWXB-A6E5OIZ-MGR422V-JYARQA6";
};
"ipad" = {
id = "ZN3W6K7-VTRRRMT-Y35PSVU-EARJ6FP-6JBFIOF-YAFUAUZ-2TSFW3T-5YGDZAO";
};
"macbook" = {
id = "XPAMYJX-D7UZKPI-JBLTAWG-EBPSFYV-NEFV42V-NIUZKQN-KTVTGGP-OOXL5AT";
};
"imac" = {
id = "2ST6EEF-KN3R2E6-PN64WAS-XGJ22NV-BAWAQX6-OCZLYE3-V5IM2SE-S22REAA";
};
"nfss" = {
id = "S4QZW76-BOLIOW7-DVP326F-JIGW5DW-3PAD47L-OA456LB-2L6JZW7-YUGJRA6";
};
};
# Define shared folders (only enabled ones)
folders =
(lib.optionalAttrs (lib.elem "Credentials" cfg.enabledFolders) {
"Credentials" = {
path = "~/Credentials";
devices = allDevices;
ignorePerms = true;
versioning = commonVersioning;
}; };
}) "thinkpad" = {
// (lib.optionalAttrs (lib.elem "Documents" cfg.enabledFolders) { id = "OMZKASU-QPZDCQ2-7QRHRD4-3TPAXLM-AYRMWXB-A6E5OIZ-MGR422V-JYARQA6";
"Documents" = {
path = "~/Documents";
devices = pcDevices;
ignorePerms = true;
versioning = commonVersioning;
}; };
}) "ipad" = {
// (lib.optionalAttrs (lib.elem "Media" cfg.enabledFolders) { id = "ZN3W6K7-VTRRRMT-Y35PSVU-EARJ6FP-6JBFIOF-YAFUAUZ-2TSFW3T-5YGDZAO";
"Media" = {
path = "~/Media";
devices = lib.filter (d: d != "iphone") allDevices;
ignorePerms = true;
versioning = liteVersioning;
}; };
}) "macbook" = {
// (lib.optionalAttrs (lib.elem "Archive" cfg.enabledFolders) { id = "XPAMYJX-D7UZKPI-JBLTAWG-EBPSFYV-NEFV42V-NIUZKQN-KTVTGGP-OOXL5AT";
"Archive" = {
path = "~/Archive";
devices = allDevices;
ignorePerms = true;
versioning = commonVersioning;
}; };
}); "imac" = {
id = "2ST6EEF-KN3R2E6-PN64WAS-XGJ22NV-BAWAQX6-OCZLYE3-V5IM2SE-S22REAA";
};
"nfss" = {
id = "S4QZW76-BOLIOW7-DVP326F-JIGW5DW-3PAD47L-OA456LB-2L6JZW7-YUGJRA6";
};
};
# GUI settings with authentication folders =
gui = { (lib.optionalAttrs (lib.elem "Credentials" cfg.enabledFolders) {
enabled = cfg.enableGui; "Credentials" = {
user = "yanlin"; path = "~/Credentials";
password = ""; devices = allDevices;
useTLS = false; versioning = commonVersioning;
insecureSkipHostcheck = true; };
}; })
// (lib.optionalAttrs (lib.elem "Documents" cfg.enabledFolders) {
"Documents" = {
path = "~/Documents";
devices = pcDevices;
versioning = commonVersioning;
};
})
// (lib.optionalAttrs (lib.elem "Media" cfg.enabledFolders) {
"Media" = {
path = "~/Media";
devices = lib.filter (d: d != "iphone") allDevices;
versioning = liteVersioning;
};
})
// (lib.optionalAttrs (lib.elem "Archive" cfg.enabledFolders) {
"Archive" = {
path = "~/Archive";
devices = allDevices;
versioning = commonVersioning;
};
});
# Additional settings gui = {
options = { enabled = cfg.enableGui;
urAccepted = -1; # Disable usage reporting user = "yanlin";
relaysEnabled = true; password = "";
localAnnounceEnabled = true; useTLS = false;
globalAnnounceEnabled = true; insecureSkipHostcheck = true;
};
options = {
urAccepted = -1;
relaysEnabled = true;
localAnnounceEnabled = true;
globalAnnounceEnabled = true;
};
}; };
}; };
};
# Override the launchd agent to add RunAtLoad on macOS launchd.agents.syncthing = lib.mkIf (pkgs.stdenv.isDarwin && config.services.syncthing.enable) {
launchd.agents.syncthing = lib.mkIf (pkgs.stdenv.isDarwin && config.services.syncthing.enable) { config.RunAtLoad = true;
config.RunAtLoad = true; };
};
# For NixOS systems, we need to add Syncthing as a manual service in Traefik home.activation.reloadSyncthing = lib.mkIf (pkgs.stdenv.isDarwin && config.services.syncthing.enable) (
# Since Syncthing runs as a systemd service (not container), we'll handle routing via static config lib.hm.dag.entryAfter ["writeBoundary"] ''
# or create a container wrapper for it to use with service discovery $DRY_RUN_CMD /bin/launchctl kickstart -k gui/$(id -u)/org.nix-community.home.syncthing || true
''
);
}; };
} }