{ username ? throw "username argument is required", }: { config, inputs, lib, pkgs, ... }: let userConfig = config.users.users.${username}; hmConfig = config.home-manager.users.${username}; in { networking.firewall = { allowedTCPPorts = [ 22000 ]; allowedUDPPorts = [ 21027 22000 ]; }; sops.secrets = { # openssl genpkey -algorithm RSA -out key.pem -pkeyopt rsa_keygen_bits:3072 "syncthing/key" = { owner = username; group = "users"; }; # openssl req -new -x509 -key key.pem -out cert.pem -days 9999 -subj "/CN=syncthing" "syncthing/cert" = { owner = username; group = "users"; }; }; home-manager.users.${username} = { services.syncthing = { enable = true; key = config.sops.secrets."syncthing/key".path; cert = config.sops.secrets."syncthing/cert".path; extraOptions = [ "-no-default-folder" ]; settings = { options.urAccepted = -1; devices = { amalthea.id = "2W7YT6Q-TO7CYMW-JH6QZXE-7Q6MDQQ-HPHKP4A-VI5HP7G-KLMGMST-MNRYHQG"; # Google Pixel 8 Pro ganymede.id = "DXJPEJA-JNGF6I4-VIZYTX7-U345C5V-HIUTSFC-D36N2EM-Y3FAKJM-PRKYQAI"; # Samsung Galaxy Tab S7+ }; }; }; systemd.user.services.syncthing.Unit.After = let inherit (pkgs.callPackage "${inputs.impermanence}/lib.nix" { }) mkServiceName parentsOf; removeHomePrefix = path: lib.strings.removePrefix "~/" (lib.strings.removePrefix "${userConfig.home}/" path); syncthingFolders = builtins.map (folder: removeHomePrefix folder.path) ( builtins.attrValues hmConfig.services.syncthing.settings.folders ); in lib.lists.flatten ( builtins.map ( persistence: builtins.map (folder: "${mkServiceName persistence.persistentStoragePath folder}.service") ( builtins.filter (folder: builtins.elem folder persistence.directories) ( lib.lists.unique (lib.lists.flatten (builtins.map parentsOf syncthingFolders)) ) ) ) (builtins.attrValues hmConfig.home.persistence) ) ++ [ "sops-nix.service" ]; }; }