SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-01-21 16:21:34 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

syncthing: set cert/key with sops

Browse source
This commit is contained in:
SebastianStork 2025-07-20 17:25:18 +02:00
parent 2da2cd592e
commit 8a0238af60
4 changed files with 29 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

10
modules/system/services/syncthing.nix
View file

@ -7,6 +7,8 @@
let
cfg = config.custom.services.syncthing;
tailscaleCfg = config.custom.services.tailscale;
useStaticTls = config.custom.sops.secrets |> lib.hasAttr "syncthing";
in
{
options.custom.services.syncthing = {
@ -53,6 +55,11 @@ in
];
};
sops.secrets = lib.mkIf useStaticTls {
"syncthing/cert".owner = config.services.syncthing.user;
"syncthing/key".owner = config.services.syncthing.user;
};
services.syncthing = {
enable = true;
@ -62,6 +69,9 @@ in
guiAddress = lib.mkIf cfg.isServer "127.0.0.1:${toString cfg.gui.port}";
cert = lib.mkIf useStaticTls config.sops.secrets."syncthing/cert".path;
key = lib.mkIf useStaticTls config.sops.secrets."syncthing/key".path;
settings = {
# Get the devices and their ids from the configs of the other hosts
devices =