syncthing

2024-04-14 13:41:09 +02:00
parent 50e66db24b
commit 8165e5a2b0
10 changed files with 88 additions and 63 deletions
--- a/flake.lock
+++ b/flake.lock
@@ -80,11 +80,11 @@
        "systems": "systems_2"
      },
      "locked": {
-        "lastModified": 1705309234,
+        "lastModified": 1710146030,
-        "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
+        "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
        "owner": "numtide",
        "repo": "flake-utils",
-        "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
+        "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
        "type": "github"
      },
      "original": {
@@ -121,11 +121,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1712212014,
+        "lastModified": 1713077896,
-        "narHash": "sha256-s+lbaf3nLRn1++/X2eXwY9mYCA/m9l8AvyG8beeOaXE=",
+        "narHash": "sha256-Noot8H0EZEAFRQWyGxh9ryvhK96xpIqKbh78X447JWs=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "7e91f2a0ba4b62b88591279d54f741a13e36245b",
+        "rev": "630a0992b3627c64e34f179fab68e3d48c6991c0",
        "type": "github"
      },
      "original": {
@@ -142,11 +142,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1710888565,
+        "lastModified": 1712386041,
-        "narHash": "sha256-s9Hi4RHhc6yut4EcYD50sZWRDKsugBJHSbON8KFwoTw=",
+        "narHash": "sha256-dA82pOMQNnCJMAsPG7AXG35VmCSMZsJHTFlTHizpKWQ=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "f33900124c23c4eca5831b9b5eb32ea5894375ce",
+        "rev": "d6bb9f934f2870e5cbc5b94c79e9db22246141ff",
        "type": "github"
      },
      "original": {
@@ -177,11 +177,11 @@
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1711352745,
+        "lastModified": 1712909959,
-        "narHash": "sha256-luvqik+i3HTvCbXQZgB6uggvEcxI9uae0nmrgtXJ17U=",
+        "narHash": "sha256-7/5ubuwdEbQ7Z+Vqd4u0mM5L2VMNDsBh54visp27CtQ=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
-        "rev": "9a763a7acc4cfbb8603bb0231fec3eda864f81c0",
+        "rev": "f58b25254be441cd2a9b4b444ed83f1e51244f1f",
        "type": "github"
      },
      "original": {
@@ -200,11 +200,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1710519878,
+        "lastModified": 1712984363,
-        "narHash": "sha256-0dbc10OBFUVYyXC+C+N6vRUd8xyBSRxkcZ4Egipbx0M=",
+        "narHash": "sha256-VgCqYB+ymQuZmno8B82L8piyENo5xTNuqubnACYoBRk=",
        "owner": "nix-community",
        "repo": "NixOS-WSL",
-        "rev": "aef95bdb6800a3a2af7aa7083d6df03067da6592",
+        "rev": "0479d4c1ebeb314c5281b4aa7109def821a1b27b",
        "type": "github"
      },
      "original": {
@@ -246,11 +246,11 @@
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1712122226,
+        "lastModified": 1712791164,
-        "narHash": "sha256-pmgwKs8Thu1WETMqCrWUm0CkN1nmCKX3b51+EXsAZyY=",
+        "narHash": "sha256-3sbWO1mbpWsLepZGbWaMovSO7ndZeFqDSdX0hZ9nVyw=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "08b9151ed40350725eb40b1fe96b0b86304a654b",
+        "rev": "1042fd8b148a9105f3c0aca3a6177fd1d9360ba5",
        "type": "github"
      },
      "original": {
@@ -261,11 +261,11 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1711668574,
+        "lastModified": 1712867921,
-        "narHash": "sha256-u1dfs0ASQIEr1icTVrsKwg2xToIpn7ZXxW3RHfHxshg=",
+        "narHash": "sha256-edTFV4KldkCMdViC/rmpJa7oLIU8SE/S35lh/ukC7bg=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "219951b495fc2eac67b1456824cc1ec1fd2ee659",
+        "rev": "51651a540816273b67bc4dedea2d37d116c5f7fe",
        "type": "github"
      },
      "original": {
@@ -277,11 +277,11 @@
    },
    "nur": {
      "locked": {
-        "lastModified": 1712594810,
+        "lastModified": 1713080250,
-        "narHash": "sha256-YP5daMtfEmbhuZGZbFBjvGQIO0EeVnlhw6L+5IfANws=",
+        "narHash": "sha256-cAO7BUGZcN9Nd4j2cqA/gJxjwieWXYB/oIAA0GRKn2o=",
        "owner": "nix-community",
        "repo": "NUR",
-        "rev": "8216f5247f695e7648f9735177870071061700f8",
+        "rev": "d97e32e6a989752e2e19833a8b1dd263f8dcaef5",
        "type": "github"
      },
      "original": {
--- a/home-manager/syncthing.nix
+++ b/home-manager/syncthing.nix
@@ -1,4 +0,0 @@
 { pkgs, ... }:
 {
  services.syncthing.enable = true;
 }
--- a/modules/collections/desktop.nix
+++ b/modules/collections/desktop.nix
@@ -1,7 +1,7 @@
 {pkgs, ...}:
 {
  imports = [
-    ### System modules ###
+    #../graphical/lxqt.nix
    ../cli-tools.nix
    ../docker.nix
    ../fh/scanning.nix
@@ -15,10 +15,8 @@
    ../graphical/ime.nix
    ../graphical/obs.nix
    ../graphical/openrgb.nix
    #../graphical/lxqt.nix
    ../graphical/plasma.nix
    ../graphical/shared.nix
    ../fh/scanning.nix
    ../hardware/firmware.nix
    ../hardware/nvidia.nix
    ../hardware/ssd.nix
@@ -29,10 +27,11 @@
    ../nix/ld.nix
    ../nix/settings.nix
    ../noise-supression.nix
    ../services/syncthing.nix
    ../static-ip.nix
    ../support/ntfs.nix
    ../tmpfs.nix
    ../virt-manager.nix
    ../static-ip.nix
    ../wireshark.nix
    #../fh/forensik.nix
    #../graphical/hyprland.nix
--- a/modules/graphical/audio.nix
+++ b/modules/graphical/audio.nix
@@ -1,20 +1,14 @@
 { pkgs, ...} :
 {
  # Enable sound with pipewire.
-  sound.enable = true;
+  sound.enable = false;
  hardware.pulseaudio.enable = false;
  security.rtkit.enable = true;
  services.pipewire = {
    enable = true;
    alsa.enable = true;
    alsa.support32Bit = true;
    pulse.enable = true;
    package = pkgs.unstable.pipewire;
    # If you want to use JACK applications, uncomment this
    #jack.enable = true;
    # use the example session manager (no others are packaged yet so this is enabled by default,
    # no need to redefine it in your config for now)
    #media-session.enable = true;
  };
 }
--- a/modules/graphical/plasma.nix
+++ b/modules/graphical/plasma.nix
@@ -2,12 +2,42 @@
 {
  services.xserver = {
    enable = true;
    xkb.layout = config.mainUser.layout; 
    xkb.variant = config.mainUser.variant;
    enable = true;
    displayManager.sddm.enable = true;
    displayManager.sddm.settings.Wayland.SessionDir = "${pkgs.plasma5Packages.plasma-workspace}/share/wayland-sessions";
    #displayManager.sddm.wayland.enable = true;
    libinput = {
      enable = true;
      # disabling mouse acceleration
      mouse = {
        accelProfile = "flat";
      };
    };
  };
  services.desktopManager.plasma6.enable = true;
  environment.plasma6.excludePackages = with pkgs.kdePackages; [ ocean-sound-theme spectacle ];
  environment.sessionVariables = {
    MOZ_ENABLE_WAYLAND = "1";
    NIXOS_OZONE_WL = "1";
  };
  xdg = {
    portal = {
      enable = true;
      extraPortals = with pkgs; [
        xdg-desktop-portal-wlr
        #xdg-desktop-portal-gtk
      ];
    };
  };
  environment.systemPackages = with pkgs; [
    wayland-utils
  ];
 }
--- a/modules/services/syncthing.nix
+++ b/modules/services/syncthing.nix
@@ -1,38 +1,45 @@
 { config, pkgs, lib, vars, ... }:
 let
-  basePath = "/mnt/1tbssd/syncthing";
+  basePath = "/synced";
 in 
 {
-  age.secrets.syncthing-key = {
+  systemd.tmpfiles.rules = [
-    file = ../../secrets/syncthing-key.age;
+      "d ${basePath} 0700 ${config.mainUser.name} users -"
-    owner = "syncthing";
+  ];
-    group = "syncthing";
+  
-  };
+  # check device id: syncthing cli --gui-address=/synced/gui-socket --gui-apikey=<key> show system
-  age.secrets.syncthing-cert = {
+  environment.systemPackages = [ syncthing ];
-    file = ../../secrets/syncthing-cert.age;
+
    owner = "syncthing";
    group = "syncthing";
  };
  services.syncthing = {
    enable = true;
    dataDir = basePath;
-    openDefaultPorts = true;
+    user = config.mainUser.name;
-    cert = "/run/agenix/syncthing-cert";
+    group = "users";
-    key = "/run/agenix/syncthing-key";
+    guiAddress = "${basePath}/gui-socket";
-    guiAddress = "0.0.0.0:8384";
+    overrideDevices = true;
    overrideFolders = true;
    settings = {
      options.urAccepted = -1;
      options.relaysEnabled = false;
-      devices.kop-pc.id = "2IEILKO-R6UVES4-N27PZRT-YLPOPR3-LTD5SXA-C65FWF3-RYD2B2Y-PEZLTAR";
+      options.globalAnnounceEnabled = false;
-      devices.kop-pc.adresses = [ "tcp://192.168.0.11:51820"];
+      options.gui.enabled = false;
-      folders."~/sync" = {
+      devices = {
-        id = "sync";
+        kop-pc = {
          id = "DZKIUS7-WCGTYEV-4OKVSZU-MIVL2NC-N45AKZL-ABT3VN2-I7RXUMF-RF4CYAU";
          adresses = [ "tcp://192.168.0.11:51820"];
        };
      };
      folders."${basePath}/default" = {
        id = "default";
        devices = [ "kop-pc" ];
        ignorePerms = false;
      };
    };
  };
-  networking.firewall.allowedTCPPorts = [ 8384 ];
+  networking.firewall.allowedTCPPorts = [ 8384 22000 ];
  networking.firewall.allowedUDPPorts = [ 22000 21027 ];
 }
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -22,7 +22,5 @@ in
  "kavita.age".publicKeys = [ nix-test-vm server kop ];
  "step-ca-pw.age".publicKeys = [ nix-test-vm server kop ];
  "step-ca-key.age".publicKeys = [ nix-test-vm server kop ];
  "syncthing-key.age".publicKeys = [ server kop ];
  "syncthing-cert.age".publicKeys = [ server kop ];
  "grafana-contact-points.age".publicKeys = [ server kop];
 }
--- a/secrets/syncthing-cert.age
+++ b/secrets/syncthing-cert.age
--- a/secrets/syncthing-key.age
+++ b/secrets/syncthing-key.age
--- a/systems/pc/configuration.nix
+++ b/systems/pc/configuration.nix
@@ -12,6 +12,7 @@
  mainUser.layout = "de";
  mainUser.variant = "us";
  age.identityPaths = [ /home/kopatz/.ssh/id_rsa ];
  # Bootloader.
  boot.loader.systemd-boot.enable = true;