50 lines
1.2 KiB
Nix
50 lines
1.2 KiB
Nix
{
|
|
user ? throw "user argument is required",
|
|
home ? throw "home argument is required",
|
|
}:
|
|
{ config, utils, ... }:
|
|
{
|
|
networking.firewall = {
|
|
allowedTCPPorts = [ 22000 ];
|
|
allowedUDPPorts = [
|
|
21027
|
|
22000
|
|
];
|
|
};
|
|
|
|
sops.secrets = {
|
|
# openssl genpkey -algorithm RSA -out key.pem -pkeyopt rsa_keygen_bits:3072
|
|
"syncthing/key" = {
|
|
owner = user;
|
|
group = "users";
|
|
};
|
|
# openssl req -new -x509 -key key.pem -out cert.pem -days 9999 -subj "/CN=syncthing"
|
|
"syncthing/cert" = {
|
|
owner = user;
|
|
group = "users";
|
|
};
|
|
};
|
|
|
|
home-manager.users.${user} = {
|
|
services.syncthing = {
|
|
enable = true;
|
|
key = config.sops.secrets."syncthing/key".path;
|
|
cert = config.sops.secrets."syncthing/cert".path;
|
|
extraOptions = [ "-no-default-folder" ];
|
|
|
|
settings = {
|
|
options.urAccepted = -1;
|
|
devices = {
|
|
amalthea.id = "2W7YT6Q-TO7CYMW-JH6QZXE-7Q6MDQQ-HPHKP4A-VI5HP7G-KLMGMST-MNRYHQG"; # Google Pixel 8 Pro
|
|
ganymede.id = "DXJPEJA-JNGF6I4-VIZYTX7-U345C5V-HIUTSFC-D36N2EM-Y3FAKJM-PRKYQAI"; # Samsung Galaxy Tab S7+
|
|
};
|
|
};
|
|
};
|
|
|
|
systemd.user.services.syncthing.Unit.After = [
|
|
"sops-nix.service"
|
|
"local-fs.target"
|
|
];
|
|
};
|
|
}
|