phoebe: enable syncthing

2023-09-28 17:51:57 +05:30 · 2023-09-28 17:51:57 +05:30 · 2f0d836439
commit 2f0d836439
parent 03f4c32fc0
3 changed files with 56 additions and 2 deletions
--- a/flake.nix
+++ b/flake.nix
@ -88,7 +88,7 @@

            # Host-specific config
            ./hosts/phoebe/configuration.nix
-            # ./hosts/hermes/syncthing.nix
+            ./hosts/phoebe/syncthing.nix
            # agenix.nixosModules.age
            # ./hosts/hermes/secrets/agenix.nix

--- a/hosts/phoebe/home.nix
+++ b/hosts/phoebe/home.nix
@ -4,9 +4,9 @@
  imports = [
    ../../modules/common-home.nix
    ../../modules/neovim/nvim.nix
+    ../../modules/emacs/emacs.nix

    # ./mail.nix
-    # ./emacs.nix
  ];

  home.packages = with pkgs; [
--- a/hosts/phoebe/syncthing.nix
+++ b/hosts/phoebe/syncthing.nix
@ -0,0 +1,54 @@
+{ ... }:
+# TODO:
+#   - Setup certificates and keys declaratively? This will be a real possibility of depending on my SSH key for a whole lotta stuff. Perhaps keep that for future
+{
+  imports = [
+    ../../modules/common-syncthing.nix
+  ];
+
+  # Open syncthing port, but only for local network
+  networking.firewall.extraCommands = ''
+    iptables -A nixos-fw -p tcp --source 192.168.0.0/24 --dport 8384:8384 -j nixos-fw-accept
+    iptables -A nixos-fw -p udp --source 192.168.0.0/24 --dport 8384:8384 -j nixos-fw-accept
+  '';
+
+  services.syncthing = {
+    # Enable Syncthing GUI access from network
+    # WARNING: This will open syncthing GUI to whole internet.
+    # Always use this in combination with above networing config to limit the access from outside LAN
+    guiAddress = "0.0.0.0:8384";
+
+    settings = {
+      folders = {
+        Keepass = {
+          devices = [ "hermes" "Childish Tycoon" "bebop" ];
+          type = "receiveonly";
+          versioning = {
+            type = "simple";
+            params.keep = "10";
+          };
+        };
+
+        Syncthing = {
+          devices = [ "hermes" "Childish Tycoon" "bebop" ];
+          type = "receiveonly";
+          versioning = {
+            type = "simple";
+            params.keep = "3";
+          };
+        };
+
+        org = {
+          devices = [ "hermes" "Childish Tycoon" "bebop" ];
+          type = "receiveonly";
+        };
+
+        Music = {
+          devices = [ "hermes" "Childish Tycoon" "bebop" ];
+          type = "receiveonly";
+          fsWatcherEnabled = true;
+        };
+      };
+    };
+  };
+}