SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-01-21 14:01:34 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

syncthing: Fix gui domain checks

Browse source
This commit is contained in:
SebastianStork 2025-10-12 19:59:23 +02:00
parent 9996a3370f
commit 589b76d745
1 changed files with 10 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

16
modules/system/services/syncthing.nix
View file

@ -27,8 +27,8 @@ in
};
gui = {
domain = lib.mkOption {
type = lib.types.nonEmptyStr;
default = "";
type = lib.types.nullOr lib.types.nonEmptyStr;
default = null;
};
port = lib.mkOption {
type = lib.types.port;
@ -48,13 +48,17 @@ in
message = "Syncthing backups should only be performed on a server.";
}
{
assertion = cfg.gui.domain |> lib.hasSuffix tailscaleCfg.domain;
message = "The syncthing gui isn't yet configured with access controll.";
assertion = cfg.isServer -> (cfg.gui.domain != null);
message = "Running syncthing on a server requires `gui.domain` to be set.";
}
{
assertion = (cfg.gui.domain != null) -> (cfg.gui.domain |> lib.hasSuffix tailscaleCfg.domain);
message = "The syncthing gui should only be exposed on a private network as it isn't yet configured with access controll.";
}
];
meta = {
domains.list = lib.mkIf cfg.isServer [ cfg.gui.domain ];
domains.list = lib.mkIf (cfg.gui.domain != null) [ cfg.gui.domain ];
ports = {
tcp.list = [
cfg.syncPort
@ -82,7 +86,7 @@ in
group = lib.mkIf (!cfg.isServer) "users";
dataDir = lib.mkIf (!cfg.isServer) "/home/seb";
guiAddress = lib.mkIf cfg.isServer "localhost:${toString cfg.gui.port}";
guiAddress = "localhost:${toString cfg.gui.port}";
cert = lib.mkIf useStaticTls config.sops.secrets."syncthing/cert".path;
key = lib.mkIf useStaticTls config.sops.secrets."syncthing/key".path;