From 4d47209a59e883ea01ef3d369814406b73ff7b4d Mon Sep 17 00:00:00 2001 From: Tyler Starr Date: Tue, 22 Oct 2024 21:11:00 -0700 Subject: [PATCH] initial syncthing fix for kestrel and bulwark --- provision/hosts/bulwark/configuration.nix | 10 ++- provision/hosts/bulwark/syncthing.nix | 47 ------------ provision/hosts/kestrel/configuration.nix | 8 ++- provision/hosts/kestrel/syncthing.nix | 54 -------------- provision/modules/services/default.nix | 2 +- provision/modules/services/syncthing.nix | 68 ++++++++++++++++++ provision/secrets/secrets.nix | 8 ++- .../secrets/syncthing/bulwark/cert.pem.age | Bin 0 -> 1336 bytes .../secrets/syncthing/bulwark/key.pem.age | 13 ++++ .../secrets/syncthing/kestrel/cert.pem.age | 15 ++++ .../secrets/syncthing/kestrel/key.pem.age | Bin 0 -> 830 bytes 11 files changed, 119 insertions(+), 106 deletions(-) delete mode 100644 provision/hosts/bulwark/syncthing.nix delete mode 100644 provision/hosts/kestrel/syncthing.nix create mode 100644 provision/modules/services/syncthing.nix create mode 100644 provision/secrets/syncthing/bulwark/cert.pem.age create mode 100644 provision/secrets/syncthing/bulwark/key.pem.age create mode 100644 provision/secrets/syncthing/kestrel/cert.pem.age create mode 100644 provision/secrets/syncthing/kestrel/key.pem.age diff --git a/provision/hosts/bulwark/configuration.nix b/provision/hosts/bulwark/configuration.nix index a8458bc0..d8921395 100644 --- a/provision/hosts/bulwark/configuration.nix +++ b/provision/hosts/bulwark/configuration.nix @@ -2,7 +2,6 @@ { imports = [ ./steam-deck.nix - ./syncthing.nix ]; # Set networking options @@ -35,6 +34,15 @@ }; services = { samba-client.enable = true; + syncthing = { + enable = true; + keyPath = ../../secrets/syncthing/bulwark/key.pem.age; + certPath = ../../secrets/syncthing/bulwark/cert.pem.age; + devices = { + "kestrel" = { id = "5WWL4FE-ARZ4FHP-J33HQCH-CZKEXLN-2RAY4KW-PDI754F-3HVPZYI-VC3ESAF"; }; + }; + folders = {}; + }; }; system = { ssh.enable = true; diff --git a/provision/hosts/bulwark/syncthing.nix b/provision/hosts/bulwark/syncthing.nix deleted file mode 100644 index 4213cf9f..00000000 --- a/provision/hosts/bulwark/syncthing.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ config, lib, pkgs, user, ... }: -{ - networking.firewall.allowedTCPPorts = [ 8384 22000 ]; - networking.firewall.allowedUDPPorts = [ 22000 21027 ]; - - environment.systemPackages = with pkgs; [ - syncthing # File sync program for multiple devices in real-time. - ]; - - services.syncthing = { - enable = true; - user = "${user}"; - dataDir = "/home/${user}/.local/share/syncthing"; - guiAddress = "0.0.0.0:8384"; - overrideDevices = true; - overrideFolders = true; - settings.devices = { - "kestrel" = { id = "KYEWTBL-GL343U7-OIM63LT-2IYGJAP-RCL545L-2KJOIY4-6352W6Y-DZRVGAL"; }; - }; - settings.folders = { - "Gamecube Saves" = { - path = "/home/${user}/.local/share/dolphin-emu/GC"; - devices = [ "kestrel" ]; - }; - "Ryujinx Saves" = { - path = "/home/${user}/.config/Ryujinx/bis"; - devices = [ "kestrel" ]; - }; - "Yuzu Saves" = { - path = "/home/${user}/.local/share/yuzu/nand/user/save/0000000000000000/705C6CE0127692D598F92E68B640D644"; - devices = [ "kestrel" ]; - }; - "PSP Saves" = { - path = "/home/${user}/.config/ppsspp/PSP/SAVEDATA"; - devices = [ "kestrel" ]; - }; - "PSP Save States" = { - path = "/home/${user}/.config/ppsspp/PSP/PPSSPP_STATE"; - devices = [ "kestrel" ]; - }; - "Roms Saves" = { - path = "/home/${user}/media/roms/saves"; - devices = [ "kestrel" ]; - }; - }; - }; -} diff --git a/provision/hosts/kestrel/configuration.nix b/provision/hosts/kestrel/configuration.nix index 0ae31965..2231f984 100644 --- a/provision/hosts/kestrel/configuration.nix +++ b/provision/hosts/kestrel/configuration.nix @@ -1,7 +1,6 @@ { config, pkgs, user, lib, ... }: { imports = [ - ./syncthing.nix ./backup.nix ]; @@ -57,6 +56,13 @@ peripherals.enable = true; samba-client.enable = true; virt-manager.enable = true; + syncthing = { + enable = true; + keyPath = ../../secrets/syncthing/kestrel/key.pem.age; + certPath = ../../secrets/syncthing/kestrel/cert.pem.age; + devices = {}; + folders = {}; + }; }; system = { backup.enable = true; diff --git a/provision/hosts/kestrel/syncthing.nix b/provision/hosts/kestrel/syncthing.nix deleted file mode 100644 index 83d420f7..00000000 --- a/provision/hosts/kestrel/syncthing.nix +++ /dev/null @@ -1,54 +0,0 @@ -{ config, lib, pkgs, user, ... }: -{ - networking.firewall.allowedTCPPorts = [ 8384 22000 ]; - networking.firewall.allowedUDPPorts = [ 22000 21027 ]; - - environment.systemPackages = with pkgs; [ - syncthing # File sync program for multiple devices in real-time. - ]; - - services.syncthing = { - enable = true; - user = "${user}"; - dataDir = "/home/${user}/.local/share/syncthing"; - configDir = "/home/${user}/.config/syncthing"; - guiAddress = "0.0.0.0:8384"; - overrideDevices = true; - overrideFolders = true; - settings.devices = { - "bulwark" = { id = "ZGLQ725-OJSDNTE-MXYLIUD-XDB7REJ-2B2DVNU-PAFF6VC-MUUWRI6-4SNPWAK"; }; - "torus" = { id = "WCZYHD7-5Y33SSU-74JHAQR-V7LYMDM-SDG2NTN-DJ2VKF2-DUBBUE5-PU5CGQN"; }; - "shivan" = { id = "KUSOQSH-RKLLA32-T3KAPQP-VNJISLL-QSQCGFZ-ZL7ZULE-MJC67DK-2U6G4Q7"; }; - }; - settings.folders = { - "Gamecube Saves" = { - path = "/home/${user}/.local/share/dolphin-emu/GC"; - devices = [ "bulwark" ]; - }; - "Ryujinx Saves" = { - path = "/home/${user}/.config/Ryujinx/bis"; - devices = [ "bulwark" ]; - }; - "Yuzu Saves" = { - path = "/home/${user}/.local/share/yuzu/nand/user/save/0000000000000000/705C6CE0127692D598F92E68B640D644"; - devices = [ "bulwark" ]; - }; - "PSP Saves" = { - path = "/home/${user}/.config/ppsspp/PSP/SAVEDATA"; - devices = [ "bulwark" ]; - }; - "PSP Save States" = { - path = "/home/${user}/.config/ppsspp/PSP/PPSSPP_STATE"; - devices = [ "bulwark" ]; - }; - "General Sync" = { - path = "/home/${user}/sync"; - devices = [ "shivan" ]; - }; - "Rom Saves" = { - path = "/home/${user}/media/roms/saves"; - devices = [ "bulwark" ]; - }; - }; - }; -} diff --git a/provision/modules/services/default.nix b/provision/modules/services/default.nix index 95f8f298..c65c93f4 100644 --- a/provision/modules/services/default.nix +++ b/provision/modules/services/default.nix @@ -1,4 +1,4 @@ { ... }: { - imports = [ ./peripherals.nix ./samba-client.nix ./virt-manager.nix ]; + imports = [ ./peripherals.nix ./samba-client.nix ./syncthing.nix ./virt-manager.nix ]; } diff --git a/provision/modules/services/syncthing.nix b/provision/modules/services/syncthing.nix new file mode 100644 index 00000000..42e4f931 --- /dev/null +++ b/provision/modules/services/syncthing.nix @@ -0,0 +1,68 @@ +{ config, lib, pkgs, user, ... }: + +let cfg = config.modules.services.syncthing; +in { + options.modules.services.syncthing = with lib; { + enable = lib.mkOption { + type = types.bool; + default = true; + }; + keyPath = mkOption { + type = types.path; + default = ./key.pem; + }; + certPath = mkOption { + type = types.path; + default = ./cert.pem; + }; + devices = mkOption { + type = types.attrs; + default = {}; + description = '' + A set of devices and associated IDs. + ''; + }; + folders = mkOption { + type = types.attrs; + default = {}; + description = '' + A set of folders, each defined by a set of attributes like + path, devices, and other configuration options. + ''; + }; + }; + + config = lib.mkIf cfg.enable { + environment.systemPackages = with pkgs; [ + syncthing # File sync program for multiple devices in real-time. + ]; + + networking.firewall.allowedTCPPorts = [ 8384 22000 ]; + networking.firewall.allowedUDPPorts = [ 22000 21027 ]; + + age.secrets."syncthing/key.pem" = { + file = cfg.keyPath; + owner = "${user}"; + group = "users"; + }; + age.secrets."syncthing/cert.pem" = { + file = cfg.certPath; + owner = "${user}"; + group = "users"; + }; + + services.syncthing = { + enable = true; + user = "${user}"; + dataDir = "/home/${user}/.local/share/syncthing"; + configDir = "/home/${user}/.config/syncthing"; + guiAddress = "0.0.0.0:8384"; + overrideDevices = true; + overrideFolders = true; + key = "/run/agenix/syncthing/key.pem"; + cert = "/run/agenix/syncthing/cert.pem"; + settings.devices = cfg.devices; + settings.folders = cfg.folders; + }; + }; +} diff --git a/provision/secrets/secrets.nix b/provision/secrets/secrets.nix index caa95c19..bfd27cf6 100644 --- a/provision/secrets/secrets.nix +++ b/provision/secrets/secrets.nix @@ -7,14 +7,13 @@ let in { "git/github_personal.age".publicKeys = systems; + "git/gitea-runner-1.age".publicKeys = systems; "emu/switch/prod.keys.age".publicKeys = systems; "emu/switch/title.keys.age".publicKeys = systems; "wireguard/kestrel.age".publicKeys = systems; "wireguard/torus.age".publicKeys = systems; "wireguard/bulwark.age".publicKeys = systems; "wireguard/osprey.age".publicKeys = systems; - "git/gitea-runner-1.age".publicKeys = systems; - "nextcloud/password.age".publicKeys = systems; "ssh/kestrel/id_ed25519.age".publicKeys = systems; "ssh/kestrel/id_ed25519.pub.age".publicKeys = systems; "ssh/torus/id_ed25519.age".publicKeys = systems; @@ -22,5 +21,10 @@ in "borg/torus/password.age".publicKeys = systems; "borg/rsync/id_rsa.age".publicKeys = systems; "borg/rsync/id_rsa.pub.age".publicKeys = systems; + "nextcloud/password.age".publicKeys = systems; + "syncthing/kestrel/key.pem.age".publicKeys = systems; + "syncthing/kestrel/cert.pem.age".publicKeys = systems; + "syncthing/bulwark/key.pem.age".publicKeys = systems; + "syncthing/bulwark/cert.pem.age".publicKeys = systems; } diff --git a/provision/secrets/syncthing/bulwark/cert.pem.age b/provision/secrets/syncthing/bulwark/cert.pem.age new file mode 100644 index 0000000000000000000000000000000000000000..7fa0a3129b732e55d329e43407361016c472a97f GIT binary patch literal 1336 zcmZ9|_ft~`0Kjom3)JZ0i73i4B0~v*BxVYt36LE#2pLc+kc5{6@{+tq*3%-Qaur2X z6s1@=Dk!7kF;W%eTJHqf3R;G8Dq01sxKN=gAYlF3zu)JRk| zB4J<*SxOCnl_@A}Q3grCHc6dAAb}gF0`>9i&W3^|cu|5CH7xl~Ysp&Km*jyyqcW713pn_0ny zNM@Lj1eo42vo<;rYZI z4Go~#NP3kBi`5FLLIMPGsaOV?CT0-q3Ja7B3RURh4QYP93i*d?D+5(>Y(e4GRjss- zE6Za8p?_wINmU2p8)L@LF0W^Fg_m^K$?IPwpl&37Iz(8_iWvVn@_STtadcivao1~l zel%%sZ`ikksMfq|dc6NFzkNGzHI;|;^+M1>Cv$20qxJV}K4a@fwUIgJU7k^wM>5)D#ZC@@!xB3f$QJF=+bw5F|^R-2$$2JKs$(FYy=zkzOE&r;5d+-eKn zZSC>+y=b^1iu^}t_3eG8Tu%;ji++w0^SE+{56&?4X{}$`>G0Z^>fw~>r@!QD4Qspc zSg+1EjWzayfU|ohRU`XiX>D%L)BIPQ>d)^HiCuf;k<0I1Zm>Ta96GkWtoMHXd`&HJ z!JM-HdeNZ|As#Tlq^NnB?sb#u;IyNyH6<;V^K4hw6QbAlGb1OD7MFm64zS}v*-902 zQ^+S*&oxv8MK)Zs*vBoxD|1t6&EjaPZDIVcxsfA#2mZeJ;7%)CcTo8;vSM-MF{#fu-(^zON#3nxxw7Cb-4qm~eCO}L!64EMFZg#X&ElwMdj5aepRvAMLF zH__jJz;<TsVaipj8v^Y`R>k?3!T@C z+C`X2%d(hKn@H&QxA(YEHB{VKdgrkpX773hY~ZfZjX{Oz*c*>-_E)?}UEWEzDcXg7 z0V8bxCV5VUsPAll%N(`GTP|ilTXXn!;l_@c4b`x>twX?`h#Fmg(|gdbC*jOXw@&fA zN6YBJxAA$x!_CCw!AIC{#;Ycv!U(-ZMVa{~x^syq7A2_jakJZ-o{w?Fj;Gg*5WN66H gsHhRuG8}+!VEpN$)E6CpI5NKKz6X9qfF<+r|N65%_y7O^ literal 0 HcmV?d00001 diff --git a/provision/secrets/syncthing/bulwark/key.pem.age b/provision/secrets/syncthing/bulwark/key.pem.age new file mode 100644 index 00000000..fab85778 --- /dev/null +++ b/provision/secrets/syncthing/bulwark/key.pem.age @@ -0,0 +1,13 @@ +age-encryption.org/v1 +-> ssh-ed25519 Fz/sQw 4Obmjc1CCEWuc35rI9Pvkx6ScGnJ9WULezH4IDXQtWw +yXF2uJJmQQfVvbxChmJzJbDw7lonnkvTcipMIhuhyxI +-> ssh-ed25519 47GzQA u3C6BOJ5q+DodB+ElYL8DGQ1AkWLegRZxTiOWaX46Fs +1p30kpogURAvWq+sF53glTldDELIcW2kNwWINwG8Xv8 +-> ssh-ed25519 wcI7nQ BBy4Kj7grypTdC+YoWTVzhl5Fq9r8t65lljxdOX1QCA +rDCbLA7o9bC2MQcwb7kagaYEnSfiqfGzZD18J92vyA4 +-> ssh-ed25519 QjdSCg QB6m+6Q15r956ioxEtJDeKMXEG8rCWCMEAK5Wgk5Yz8 +1UiMy7C5VXWyBGDuhu2dq/XinGsStN7deM9ySLuYpQ4 +--- wOD9RLQibszEgJMIn5mt91wqx+ozFgWQM+zkk8DGEbk +p)tBcڂwt b&?~DBg\jSݳsނt#-&a-@_$+*ɐSoH4sՏ2Í'Pmr>.إ0  +*G viĜ6٢{ "A~OQ˩ՄrA;;uI:OL=,B.lN[H; +kWK}~ \Rf.kP9X665[`pm.<صrLeaP(BGE'2K7ӓeV{!4G \ No newline at end of file diff --git a/provision/secrets/syncthing/kestrel/cert.pem.age b/provision/secrets/syncthing/kestrel/cert.pem.age new file mode 100644 index 00000000..88bb7320 --- /dev/null +++ b/provision/secrets/syncthing/kestrel/cert.pem.age @@ -0,0 +1,15 @@ +age-encryption.org/v1 +-> ssh-ed25519 Fz/sQw lJgGhfqiTm8FFj+oH70OpN3fz10SS7oYMIHLzcA9dgc +thWong+Qe6FKtn2mkjLxk8JuYbKstSQfbZioMVzlNtY +-> ssh-ed25519 47GzQA m57QSYKzPgZTa/RGkuMBS+iIqtR0eRtQ+d5RZ1tx6Dw +7xOAxSbjGdqI0X+olwczSlBGLmOnq42TUQV1I43pvTs +-> ssh-ed25519 wcI7nQ +Jk8L3kDT2PYFRkZ7iEgcSYaYrkOltXnDRgMLQmKshw +rtoVv+qaqMlmurVleOYZmuJHTB1T3gkwcrEkQE5tV2k +-> ssh-ed25519 QjdSCg S1Ikef+MsrrIDcbEM2nxrA81u0ES+YyO/TdK27Md0zQ +hO8ByZCocxg4Hp1itRuuiAp9dV8xEgsmhNNIoEBd1z8 +--- kIkGQGju9h8celXL7cN9etYTtxhnO3VIIK5ZAtg4yGU +%$BHFj>%X67vw!ABK -xkpQ=W y! SJ* Qe.s፯ `n&ݲ[5F @%ݴ P*,JNZ:I YJ8Bx/шi 'ȕM +-E)H,%cq[q%Ev|.?WFlnhzk4w Wn\] ÅUsϸ=w4qMȆ` cJ)D^*RQ!7_䀫Y[5Kw{j,v:̀X9XM_ѠxH_{ +K;rH]ܢbr5/Q͢+a#Nt3!w%5m/ +Pvi[\ҩv@3o.c f(g Rb`?:i Vjh*+45)=gQsnMuf^M6MxqDThqe4!&ccM|0b6KWkL}pn; zcDlQ>fr(>OdTLN!S)!3yxVurRhev^1uvxxGBv+7jk!O`rRd#t|S%{NYl6#78p@mC42Vo`&8YsaY;XMoD>w zzNV4Bh8Y0`RaG9IDV1sd0p465O`k@u3c@Y%`&iO%J z{+XGsWp3u-##shl2I#g0W~Br>rz;o*nH47|MfxP=rH7?PdWIAgIwgg>1sP=oxcWv! zIp>MG>vdl~s=Rv4GLMkFWsnT4f>J7>9?TU6u)7?-CM1bYSfm-$8og%^0{ zMRIZMk}He}S=G7k#oxC&?A_uUaDnPS84Fua%Q%8$E8*Ak&6!fm|H$odQ;fqTgH2O-r1kcinW`OWSscs?v!9l zS<9c9OSzK|Uu^eU@2;?SmHDefTbIi-rSrE-^v!qK!SZt3#~*>(3|u}pmK&a&KGBPR z^);q-y!q#f_+PF*%oHNeUtYk^Ogm-p%C*50eiHR(W;yL~QW4-0erS_ur2D)6}G*Jln`1eEyf<$ZIWY gCf*gng9R* literal 0 HcmV?d00001