SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-01-21 14:01:34 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

syncthing: Connect devices over nebula instead of tailscale

Browse source
This commit is contained in:
SebastianStork 2026-01-10 01:32:23 +01:00
parent bd196f1f27
commit 653ebd2c85
Signed by: SebastianStork
SSH key fingerprint: SHA256:tRrGdjYOwgHxpSc/wTOZQZEjxcb15P0tyXRsbAfd+2Q
1 changed files with 49 additions and 36 deletions
Download patch file Download diff file Expand all files Collapse all files

85
modules/system/services/syncthing.nix
View file

@ -51,8 +51,8 @@ in
config = lib.mkIf cfg.enable {
assertions = [
{
assertion = config.custom.services.tailscale.enable;
message = "Syncthing requires tailscale";
assertion = config.custom.services.nebula.node.enable;
message = "Syncthing requires nebula";
}
{
assertion = cfg.isServer -> (cfg.gui.domain != null);
@ -86,48 +86,61 @@ in
};
};
services.syncthing = {
enable = true;
services = {
syncthing = {
enable = true;
user = lib.mkIf (!cfg.isServer) "seb";
group = lib.mkIf (!cfg.isServer) "users";
dataDir = lib.mkIf (!cfg.isServer) "/home/seb";
user = lib.mkIf (!cfg.isServer) "seb";
group = lib.mkIf (!cfg.isServer) "users";
dataDir = lib.mkIf (!cfg.isServer) "/home/seb";
guiAddress = "localhost:${toString cfg.gui.port}";
guiAddress = "localhost:${toString cfg.gui.port}";
cert = lib.mkIf useSopsSecrets config.sops.secrets."syncthing/cert".path;
key = lib.mkIf useSopsSecrets config.sops.secrets."syncthing/key".path;
cert = lib.mkIf useSopsSecrets config.sops.secrets."syncthing/cert".path;
key = lib.mkIf useSopsSecrets config.sops.secrets."syncthing/key".path;
settings = {
# Get the devices and their ids from the configs of the other hosts
devices =
self.nixosConfigurations
|> lib.filterAttrs (name: _: name != config.networking.hostName)
|> lib.filterAttrs (_: value: value.config.custom.services.syncthing.enable)
|> lib.mapAttrs (
name: value: {
id = value.config.custom.services.syncthing.deviceId;
addresses = [ "tcp://${name}.${config.custom.services.tailscale.domain}:${toString cfg.syncPort}" ];
}
);
settings = {
# Get the devices and their ids from the configs of the other hosts
devices =
self.nixosConfigurations
|> lib.filterAttrs (name: _: name != config.networking.hostName)
|> lib.filterAttrs (_: value: value.config.custom.services.syncthing.enable)
|> lib.mapAttrs (
_: value: {
id = value.config.custom.services.syncthing.deviceId;
addresses = [
"tcp://${value.config.custom.services.nebula.node.address}:${toString cfg.syncPort}"
];
}
);
folders =
cfg.folders
|> lib'.genAttrs (name: {
path = "${dataDir}/${name}";
devices = config.services.syncthing.settings.devices |> lib.attrNames;
});
folders =
cfg.folders
|> lib'.genAttrs (name: {
path = "${dataDir}/${name}";
devices = config.services.syncthing.settings.devices |> lib.attrNames;
});
options = {
listenAddress = "tcp://0.0.0.0:${toString cfg.syncPort}";
globalAnnounceEnabled = false;
localAnnounceEnabled = false;
relaysEnabled = false;
natEnabled = false;
urAccepted = -1;
autoUpgradeIntervalH = 0;
options = {
listenAddress = "tcp://${config.custom.services.nebula.node.address}:${toString cfg.syncPort}";
globalAnnounceEnabled = false;
localAnnounceEnabled = false;
relaysEnabled = false;
natEnabled = false;
urAccepted = -1;
autoUpgradeIntervalH = 0;
};
};
};
nebula.networks.mesh.firewall.inbound =
config.services.syncthing.settings.devices
|> lib.attrNames
|> lib.map (name: {
port = cfg.syncPort;
proto = "tcp";
host = name;
});
};
custom = {