Merge remote-tracking branch 'lass/master'

author: makefu <github@syntax-fehler.de> 2019-04-12 19:28:17 +0200
committer: makefu <github@syntax-fehler.de> 2019-04-12 19:28:17 +0200
commit: 8bea69348ae0f286b395e9087db7d70e6f1a375a (patch)
tree: 956a2dfb39f0ca1bb00ba40bd21e18037f1093fb /lass/2configs/syncthing.nix
parent: 179e95d0bfc985940d4970d6c1365c2c8e000d0d (diff)
parent: 72cd01d104bb61b5a5e28c2c10e0bd2bd55ce681 (diff)
1 files changed, 18 insertions, 0 deletions
diff --git a/lass/2configs/syncthing.nix b/lass/2configs/syncthing.nix
index 17debf82..842abc19 100644
--- a/lass/2configs/syncthing.nix
+++ b/lass/2configs/syncthing.nix
@@ -3,9 +3,27 @@ with import <stockholm/lib>;
 {
   services.syncthing = {
     enable = true;
+    group = "syncthing";
   };
   krebs.iptables.tables.filter.INPUT.rules = [
     { predicate = "-p tcp --dport 22000"; target = "ACCEPT";}
     { predicate = "-p udp --dport 21027"; target = "ACCEPT";}
   ];
+  krebs.syncthing = {
+    enable = true;
+    cert = toString <secrets/syncthing.cert>;
+    key = toString <secrets/syncthing.key>;
+    peers = mapAttrs (n: v: { id = v.syncthing.id; }) (filterAttrs (n: v: v.syncthing.id != null) config.krebs.hosts);
+    folders = [
+      { path = "/home/lass/sync"; peers = [ "icarus" "mors" "skynet" "blue" "green" "littleT" "prism"]; }
+    ];
+  };
+
+  system.activationScripts.syncthing-home = ''
+    ${pkgs.coreutils}/bin/chmod a+x /home/lass
+  '';
+
+  lass.ensure-permissions = [
+    { folder = "/home/lass/sync"; owner = "lass"; group = "syncthing"; }
+  ];
 }
author	makefu <github@syntax-fehler.de>	2019-04-12 19:28:17 +0200
committer	makefu <github@syntax-fehler.de>	2019-04-12 19:28:17 +0200
commit	8bea69348ae0f286b395e9087db7d70e6f1a375a (patch)
tree	956a2dfb39f0ca1bb00ba40bd21e18037f1093fb /lass/2configs/syncthing.nix
parent	179e95d0bfc985940d4970d6c1365c2c8e000d0d (diff)
parent	72cd01d104bb61b5a5e28c2c10e0bd2bd55ce681 (diff)