commit d001e1e5c86de8f6a64911ab0200ac8452df6d88
parent fc0f329fe0316b1963772fc89905e3655f5a3166
Author: Katja (ctucx) <git@ctu.cx>
Date: Fri, 16 May 2025 11:34:12 +0200
parent fc0f329fe0316b1963772fc89905e3655f5a3166
Author: Katja (ctucx) <git@ctu.cx>
Date: Fri, 16 May 2025 11:34:12 +0200
nixosModules/presets/katja: add syncthing
4 files changed, 246 insertions(+), 30 deletions(-)
A
|
172
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
diff --git a/nixosModules/sapphicCfg/presets/katja.nix b/nixosModules/sapphicCfg/presets/katja.nix @@ -1,30 +0,0 @@ -{ - povSelf, - pkgs, - lib, - config, - hostConfig, - ... -}: -let - inherit (lib) types; - cfg = lib.getAttrFromPath povSelf config; - -in -{ - - options = { - enable = { - type = types.bool; - default = false; - }; - }; - - config = lib.mkIf cfg.enable { - sapphicCfg = { - services.keyd.enable = true; - hardware.smartcard.enable = config.sapphicCfg.presets.graphical.enable; - }; - }; - -}
diff --git a/nixosModules/sapphicCfg/presets/katja/enable.nix b/nixosModules/sapphicCfg/presets/katja/enable.nix @@ -0,0 +1,32 @@ +{ + povSelf, + pkgs, + lib, + config, + hostConfig, + ... +}: +let + inherit (lib) types; + cfg = lib.getAttrFromPath povSelf config; + +in +{ + + option = { + type = types.bool; + default = false; + }; + + config = lib.mkIf cfg { + sapphicCfg = { + presets.katja = { + syncthing.enable = lib.mkDefault true; + }; + + services.keyd.enable = lib.mkDefault true; + hardware.smartcard.enable = lib.mkDefault config.sapphicCfg.presets.graphical.enable; + }; + }; + +}
diff --git a/nixosModules/sapphicCfg/presets/katja/syncthing.nix b/nixosModules/sapphicCfg/presets/katja/syncthing.nix @@ -0,0 +1,172 @@ +{ + pov, + pkgs, + lib, + config, + hostConfig, + ... +}: +let + inherit (lib) types; + cfg = lib.getAttrFromPath pov config; + +in +{ + + options.enable = { + type = types.bool; + default = false; + }; + + config = lib.mkIf (cfg.enable && cfg.syncthing.enable) (let + syncthingDevices = { + #mobile devices + blechkasten.id = "HGPWBVY-RD4JKBQ-X3V53IB-KRVDXEQ-4YLN5F2-WPPSMYR-SOXGTY6-IDFOAAC"; + coladose.id = "BNCAOEB-CYTYIBA-ZKFJKRB-DX4C3MT-SDH7IWQ-5EI35PJ-YUIJSYH-COCGUAW"; + seifenkiste.id = "6YZT5PZ-EKXZBMV-C2MJL75-OCQ36LC-L3QIRPW-VJ5EU3C-2ICZDDO-IZ7IGAO"; + + iphone.id = "3SM3LJV-XMHYW2D-MU5WQ3T-KGYUJOI-LXOL6YI-BSVZ2B5-QJ6GVXN-MPWMKQ7"; + + #servers + hector.name = "hector.infra.katja.wtf"; + hector.id = "MVGBPSX-YSZNBDO-E7HZFGJ-WULYWQ5-XDHVMJO-BKA4R37-GPPRLLS-Z5DQMQJ"; + wanderduene.name = "wanderduene.infra.katja.wtf"; + wanderduene.id = "WEFYARN-GY3WZXB-TIXBI56-ZZ77AHS-GFH5SH2-Q35NTBI-VPT3OEM-EQNAMQH"; + briefkasten.name = "briefkasten.infra.katja.wtf"; + briefkasten.id = "QI2EPUE-4VMZ3XV-LXX3GXP-RHCWTRY-AACLSGL-YG7MIYV-THST74N-KJGIBQ6"; + }; + + enabledShares = { + briefkasten = [ + "ctucx-music-orig" + "ctucx-media" + ]; + }; + + defaultVersioning = { + type = "trashcan"; + params = { + cleanoutDays = "3"; + }; + }; + + + isCurrentHost = key: value: key != config.networking.hostName; + + deviceNames = ( + syncthingDevices + |> lib.filterAttrs isCurrentHost + |> builtins.attrNames + ); + + shareDeviceNames = share: ( + enabledShares + |> lib.filterAttrs isCurrentHost + |> lib.filterAttrs (key: value: builtins.elem share value) + |> builtins.attrNames + ); + + isShareEnabled = share: ( + if builtins.hasAttr config.networking.hostName enabledShares then + (if builtins.elem share enabledShares.${config.networking.hostName} then true else false) + else + false + ); + + devices = lib.filterAttrs isCurrentHost syncthingDevices; + + folders = let + dataDir = config.services.syncthing.dataDir; + + in { + "${dataDir}/Audiobooks" = { + enable = lib.mkDefault true; + id = "ctucx-audiobooks"; + label = "Audiobooks"; + devices = deviceNames; + versioning = lib.mkDefault defaultVersioning; + }; + + "${dataDir}/Documents" = { + enable = lib.mkDefault true; + id = "ctucx-documents"; + label = "Documents"; + devices = deviceNames; + versioning = lib.mkDefault defaultVersioning; + }; + + "${dataDir}/Music" = { + enable = lib.mkDefault true; + id = "ctucx-music"; + label = "Music"; + devices = deviceNames; + versioning = lib.mkDefault defaultVersioning; + }; + + "${dataDir}/Pictures" = { + enable = lib.mkDefault true; + id = "ctucx-pictures"; + label = "Pictures"; + devices = deviceNames; + versioning = lib.mkDefault defaultVersioning; + }; + + "${dataDir}/Videos" = { + enable = lib.mkDefault true; + id = "ctucx-videos"; + label = "Videos"; + devices = deviceNames; + versioning = lib.mkDefault defaultVersioning; + }; + + "${dataDir}/Bahn-Richtlinien" = { + enable = lib.mkDefault true; + id = "Bahn-Richtlinien"; + label = "Bahn-Richtlinien"; + devices = deviceNames; + versioning = lib.mkDefault defaultVersioning; + }; + + "${dataDir}/Music (Originals)" = rec { + enable = lib.mkDefault (isShareEnabled "${id}"); + id = "ctucx-music-orig"; + label = "Music (Originals)"; + devices = shareDeviceNames "${id}"; + versioning = lib.mkDefault defaultVersioning; + }; + + "${dataDir}/Media (legacy)" = rec { + enable = lib.mkDefault (isShareEnabled "${id}"); + id = "ctucx-media"; + label = "Media (legacy)"; + devices = shareDeviceNames "${id}"; + versioning = lib.mkDefault defaultVersioning; + }; + }; + + in { + sops.secrets = lib.genAttrs [ "syncthingCert" "syncthingKey" ] (name: { + owner = "katja"; + group = "users"; + }); + + services.syncthing = { + enable = true; + openDefaultPorts = true; + guiAddress = "[::1]:8384"; + + user = lib.mkDefault "katja"; + group = lib.mkDefault "users"; + + cert = lib.mkDefault config.sops.secrets.syncthingCert.path; + key = lib.mkDefault config.sops.secrets.syncthingKey.path; + + dataDir = lib.mkDefault "/home/katja"; + configDir = lib.mkDefault "/home/katja/.config/syncthing"; + + settings.devices = devices; + settings.folders = folders; + }; + }); + +}
diff --git a/secrets/huntii.yaml b/secrets/huntii.yaml @@ -0,0 +1,42 @@ +syncthingCert: ENC[AES256_GCM,data:f1IFEblA+0kkM11HZCKlRxAKKxRt78W+iYoYiFdE3OBgBanEkbCIXYFAXclZE5WxHkIk2j7Qyf1d4IZN0tyMI+b+AfyjmPHHEO7MxrxHwjg0hzjMRjwO9TOtITnK7Ayz2OTdCcbCgJJK9QF2DqPSK/eQ+aB9bq8RoSedo5+gFJZY1MPW9SeKYYVb0c4cIDimc5WnhvXo/Ma+sXqIKz/YXTAFJig8FJTT7fz8sF/PxGRBln8YWFe4w6VIwsZk0Gerlq9Lt1OyWc7IJw7RxoQpBX6Yi4qqmjeYaVS0R2UsVafnoUzXLt1CMT6EJsW+y+0samy9qTIPnmn/xZEmzIiXKJJGyeMJiVA010S/feXFukcU0xxrfVhCRyCi1/oP15WePjZUOX2ezJLLFPRUbfXQKVJgsD4/EPvfahqXRuz9SOnJeLR0pfMA3hWMDMLY+PuUEaQIDiAF0mt4jZz/ASERaxRegDD0RGEnqu0fcJk1UrpqnUvFXcADW41psdCm5CJB7oG9ydARkEXMmLW5lO60yItWFl1zAVd5QXoLERSBH3SR5xUF9B9ip+9ruPxjlAMK+v84ZiHiXDgOphJYNsODPBtZ5s96LL5/pLAWk0g4AviJNwvIsg7MqvN2rO9cl60g6JVQhQq7jHFBYJOlfa9pLoRDZW+BYWo3Hw+5SfPK/phNtCFxdNC2Uk7dOd4bK0v8q+nWPmqx1FdGmbvVomTHnnDInlNhKwfSSeN4a9Hb4rhZIjB3RKQU/ILSfgWQ9n1+MtQV9moESqZhHP3UgAMoXt7fiI4hVQayUtvPVo3pUlUwNYNyof0axtAciLs/uSlNpI6zbVNTKK/UtoLly4FWdUgX7wySiv7sEKdunCheZ2M7olIqLJk6Bsd1YMwoAR2S5a7nEtip+jELimwViAaJFvQ97RcLePXoe7elQc1TjH+DuRzx54KPbi6bs2xMETDAiosP987928zj0mn423DDuJevQAv5KunEtKcLjxtE7edFaxGjAENhpGN+JrZqtR4xiNvvl2Xtrd6G+sjatrrqG4JCfFx8FeUZ1IA=,iv:8mxfqZ660MYkK9PUPk9xLqtaQzHbtg7IcmwOMRoheVk=,tag:oAwxflAm1NYTqZ7O9WIK8Q==,type:str] +syncthingKey: ENC[AES256_GCM,data:JSu2c+Pq5TD1JF441OrZYOXX8hggGMtjKNsuOBBywk8DEtZwep3gVUTNpjNlvYc/HicsLTgPLt1ZND622ctmt8JcXdAGfSkj8kq1KqpkC6leyEDU57MODoSnFIPVPfqvPCQMYKYhCmbcceJE8Rw3tT9NEH8N0aPMRuTYDgsGmZ8zEDVzSuAcGlHN2EOttX9ohjXh2ApEmvuBbHENLLqasIlW38RvMCAUrmMI+cqRspWfaOoeb3uH23FGPSQLYwDQ8bKBm78elbKukC3t5sTurLday3koHctuKtUYpA2LQCWarAnI/+z/wZ5OKHqayMtzvoqJN0aERniaxOoSjkrTwLiJeZSqvof8a3lqw4XnXhsStTvK30kuVSxqQkHAFONz,iv:YVvzB6+bcnTCpaJvDa9G5mOwxnsZ0bMRGn7/mhyqZiY=,tag:S+i1RKmy/ASUN4dxOeJBuA==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age12dxnl4upy7agngqztrnp6wnz5jcq4fp06nxngah9n7umr4v90cvs677azg + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBReCtPN0p5MnJDZjFmRGhO + anIraTd0OU1PZXJSWGN4SlpmOTRjK0N6T3c4Cm5sb0NMb2VzZ1VrVlN6d2ZBNXV6 + bE9jRER6dzBEK0Z1dFVpckhZL1ZDNjQKLS0tIGxockJhTCszT1dVSVl3TDBjQkgx + TUtXbmR3YytXUERmUEJ6RkMxMmd0S0EKT6cYgH7eYLmyUDN/EpV845zzYlRonl3i + qcDpc1SfZHh5xxnfLmY0p+WPQTi1OAMQLBVehz0+dEDCVGkgZpQLVA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-05-16T09:31:46Z" + mac: ENC[AES256_GCM,data:gHlGI+9ZEOZ5MqLNvkxak1iQKAXmm2Y+hVI1VbsDZckuJNFZy+t2BnrcLzBMlF2JzUJhSiORbtYchtgPynZ80njHVIsJGRMdmMZo6Kizu1ALrJtObaEAxQkFn5SXd0DYHbu1UiUm97e0i3JbgVN3MCkUzuFi8MEGWU9sU2v4704=,iv:UuYs+lVzKAJ2YmvKt4BqpDPUW8/UzOQGd5YdOxe/REU=,tag:NW9B30r4yvCKp93Gjx/0Uw==,type:str] + pgp: + - created_at: "2025-05-16T08:59:20Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hQIMAzmqVs6bjEjqARAAgT14hVYADFW4ZF9em0JsEoxkqEmr2VLmItB2QoP2rRAX + hd5Zkl06QTE0+5BVujqSnT81ZxNB9P8q1z2Y2NY04lWiOx0K2/oZfoznr7cxxRD+ + B7oM1X6Hcmp8RFhYRVQ+rSKLwTmxzRyGb+5UJs29jFx6+wvUNS0XCqI28DyGSev1 + nfTJfM/yiyDO7aHt5R7Y9TVm9ieb/EdigE53ERU9s4YH7tQph6+iMfD4ujfks86e + f3jaIJSzEYGrCKoDZK6mOQNajuyjbua54K5tochWWbRwv7oSTXPX8ucu+K+SP4bH + /HFYiHxJN4N0QfHgNy2t3WWX5RDXJCtk1t5lQM8ThgXss1+luqtd9aW2V3yjEoU4 + hfB4XqgMDjxGVsn6prQP+Q75QJrYtfOf1ASYFRR8c0NHkNqofVBazkUPAYSnjnAL + LR45MJlf5sp2av9rcGXghBpgXHIJkmPZplcBQYwAhscT0UFV+OfwLfGLRvl8VxCW + 6mZwUl8iAp7ucsZOxwxHGkmXd7qa35bR97WztwwDVZn1X80d84Iju+6DUtYGte4M + nsWyGCY/htTwK3oIbxiQKwMPreuBX3jRM1C2BZDbBk7eTL/fU9rVbK+RgNSI/xf9 + /K4UJo1Z2fWXAeymn2wpBikHamGMNn0A72p/ugNDCisVjnJOr9wRhzT2jfEPn0rS + XgHMqkTXfZverbnS7Gc8Qz7EhRZpautFTMTNvFN/g/8GxeQrEVcB7qebTRHnGEZy + wnv8Cyo1KaR1MsOxFb0oWeEuQXOXteVVIPm+GWY0R+w/D5LFvjgMedMac5AJ9As= + =hTm1 + -----END PGP MESSAGE----- + fp: 9D7CACD7039E5AD616FD25879F935DB630A167E7 + unencrypted_suffix: _unencrypted + version: 3.9.4