kiri/nixos-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Replace rclone with syncthing

Browse Source
This commit is contained in:
kiri
2025-12-02 02:37:02 +01:00
parent 1854c56c63
commit b473b2dc16
5 changed files with 75 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
hosts/orion/system.nix
View File

@@ -10,6 +10,7 @@
../../modules/nixos/caddy.nix ../../modules/nixos/caddy.nix
../../modules/nixos/bitwarden.nix ../../modules/nixos/bitwarden.nix
../../modules/nixos/firewall.nix ../../modules/nixos/firewall.nix
../../modules/nixos/syncthing.nix
../../modules/nixos/filebrowser.nix ../../modules/nixos/filebrowser.nix
../../modules/nixos/home-assistant.nix ../../modules/nixos/home-assistant.nix
../../modules/nixos/radicale.nix ../../modules/nixos/radicale.nix

2
modules/home-manager/desktop.nix
View File

@@ -23,9 +23,9 @@
./kitty.nix ./kitty.nix
./lazygit.nix ./lazygit.nix
./nh.nix ./nh.nix
./rclone.nix
./spicetify.nix ./spicetify.nix
./ssh.nix ./ssh.nix
./syncthing.nix
./thunar.nix ./thunar.nix
./thunderbird.nix ./thunderbird.nix
./todoman.nix ./todoman.nix

1
modules/nixos/desktop.nix
View File

@@ -9,5 +9,6 @@
./hyprland.nix ./hyprland.nix
./printing.nix ./printing.nix
./systemd-boot.nix ./systemd-boot.nix
./syncthing.nix
]; ];
} }

61
modules/nixos/syncthing.nix Normal file
View File

@@ -0,0 +1,61 @@
{
config,
lib,
...
}:
let
username = config.var.username;
hostname = config.var.hostname;
isOrion = hostname == "orion";
# On desktops, sync to home directory. On server, sync to filebrowser storage.
syncPath = if isOrion then "/var/lib/filebrowser/files" else "/home/${username}/sync";
group = if isOrion then "filebrowser" else "users";
in
{
# 1. Firewall rules for synchronization
networking.firewall = {
allowedTCPPorts = [ 22000 ];
allowedUDPPorts = [
22000
21027
];
};
# 3. Syncthing Service Configuration
services.syncthing = {
enable = true;
user = username;
group = group;
overrideDevices = true; # Overrides any devices added via Web UI
overrideFolders = true; # Overrides any folders added via Web UI
settings = {
devices = config.var.syncthing.devices;
folders = {
"sync" = {
path = syncPath;
devices = builtins.attrNames config.var.syncthing.devices; # Share with all defined devices
# Ensure new files are readable by the group (chmod 770 approx)
ignorePerms = false;
};
};
gui = {
# access the GUI on localhost:8384
theme = "black";
};
};
};
# 4. Permission Hardening for Orion
# Force syncthing to write files with group-write permissions (007 umask = 770 perms)
systemd.services.syncthing.serviceConfig.UMask = lib.mkIf isOrion "0007";
systemd.tmpfiles.rules = [
"d /var/lib/syncthing 0700 ${username} ${group} -"
];
}

11
modules/variables.nix
View File

@@ -25,6 +25,17 @@
browser = "brave"; browser = "brave";
}; };
syncthing = {
devices = {
"altair" = {
id = "HDHWROJ-ZLNQKCL-PN6WGHA-IGJHIRI-3UHDYUU-LUJHYK4-UMKWLAZ-VFISJQF";
};
"orion" = {
id = "7ESQ3BX-FEW7656-ZPT3CKF-FLXON26-HXRNTDW-THSJBNF-LFWCHFB-ASP4WAG";
};
};
};
autoUpgrade = false; autoUpgrade = false;
autoGarbageCollector = true; autoGarbageCollector = true;
}; };