58 lines
1.6 KiB
Nix
58 lines
1.6 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
service_configs,
|
|
...
|
|
}:
|
|
{
|
|
imports = [
|
|
(lib.serviceMountWithZpool "syncthing" service_configs.zpool_ssds [
|
|
service_configs.syncthing.dataDir
|
|
service_configs.syncthing.signalBackupDir
|
|
service_configs.syncthing.grayjayBackupDir
|
|
])
|
|
(lib.serviceFilePerms "syncthing" [
|
|
"Z ${service_configs.syncthing.dataDir} 0750 ${config.services.syncthing.user} ${config.services.syncthing.group}"
|
|
"Z ${service_configs.syncthing.signalBackupDir} 0750 ${config.services.syncthing.user} ${config.services.syncthing.group}"
|
|
"Z ${service_configs.syncthing.grayjayBackupDir} 0750 ${config.services.syncthing.user} ${config.services.syncthing.group}"
|
|
])
|
|
(lib.mkCaddyReverseProxy {
|
|
subdomain = "syncthing";
|
|
port = service_configs.ports.private.syncthing_gui.port;
|
|
auth = true;
|
|
})
|
|
];
|
|
|
|
services.syncthing = {
|
|
enable = true;
|
|
|
|
dataDir = service_configs.syncthing.dataDir;
|
|
|
|
guiAddress = "127.0.0.1:${toString service_configs.ports.private.syncthing_gui.port}";
|
|
|
|
overrideDevices = false;
|
|
overrideFolders = false;
|
|
|
|
settings = {
|
|
gui = {
|
|
insecureSkipHostcheck = true; # Allow access via reverse proxy
|
|
};
|
|
options = {
|
|
urAccepted = 1; # enable usage reporting
|
|
relaysEnabled = true;
|
|
};
|
|
};
|
|
};
|
|
|
|
# Open firewall ports for syncthing protocol
|
|
networking.firewall = {
|
|
allowedTCPPorts = [ service_configs.ports.public.syncthing_protocol.port ];
|
|
allowedUDPPorts = [
|
|
service_configs.ports.public.syncthing_discovery.port
|
|
service_configs.ports.public.syncthing_protocol.port
|
|
];
|
|
};
|
|
|
|
}
|