summaryrefslogtreecommitdiffstats
path: root/makefu
diff options
context:
space:
mode:
Diffstat (limited to 'makefu')
-rw-r--r--makefu/0tests/data/secrets/syncthing.cert0
-rw-r--r--makefu/0tests/data/secrets/syncthing.key0
-rw-r--r--makefu/0tests/data/secrets/tonie.env2
-rw-r--r--makefu/0tests/data/secrets/wbobPassword.nix1
-rw-r--r--makefu/1systems/gum/config.nix10
-rw-r--r--makefu/2configs/sync/default.nix22
-rw-r--r--makefu/2configs/tinc/retiolum.nix10
7 files changed, 40 insertions, 5 deletions
diff --git a/makefu/0tests/data/secrets/syncthing.cert b/makefu/0tests/data/secrets/syncthing.cert
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/makefu/0tests/data/secrets/syncthing.cert
diff --git a/makefu/0tests/data/secrets/syncthing.key b/makefu/0tests/data/secrets/syncthing.key
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/makefu/0tests/data/secrets/syncthing.key
diff --git a/makefu/0tests/data/secrets/tonie.env b/makefu/0tests/data/secrets/tonie.env
new file mode 100644
index 000000000..94d6c469a
--- /dev/null
+++ b/makefu/0tests/data/secrets/tonie.env
@@ -0,0 +1,2 @@
+TONIE_AUDIO_MATCH_USER=
+TONIE_AUDIO_MATCH_PASS=
diff --git a/makefu/0tests/data/secrets/wbobPassword.nix b/makefu/0tests/data/secrets/wbobPassword.nix
new file mode 100644
index 000000000..0479c0770
--- /dev/null
+++ b/makefu/0tests/data/secrets/wbobPassword.nix
@@ -0,0 +1 @@
+"$6$lol"
diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix
index dcb3dc1d4..a9d9b661f 100644
--- a/makefu/1systems/gum/config.nix
+++ b/makefu/1systems/gum/config.nix
@@ -51,15 +51,17 @@ in {
# networking
# <stockholm/makefu/2configs/vpn/vpnws/server.nix>
#<stockholm/makefu/2configs/dnscrypt/server.nix>
- <stockholm/makefu/2configs/iodined.nix>
+ # <stockholm/makefu/2configs/iodined.nix>
# <stockholm/makefu/2configs/backup.nix>
<stockholm/makefu/2configs/tinc/retiolum.nix>
{ # bonus retiolum config for connecting more hosts
krebs.tinc.retiolum = {
- extraConfig = ''
+ extraConfig = lib.mkForce ''
ListenAddress = ${external-ip} 53
ListenAddress = ${external-ip} 655
ListenAddress = ${external-ip} 21031
+ StrictSubnets = yes
+ LocalDiscovery = no
'';
connectTo = [
"prism" "ni" "enklave" "eve" "dishfire"
@@ -112,6 +114,7 @@ in {
#<stockholm/makefu/2configs/retroshare.nix>
## <stockholm/makefu/2configs/ipfs.nix>
#<stockholm/makefu/2configs/syncthing.nix>
+ <stockholm/makefu/2configs/sync>
# <stockholm/makefu/2configs/opentracker.nix>
@@ -122,7 +125,6 @@ in {
{ makefu.backup.server.repo = "/var/backup/borg"; }
<stockholm/makefu/2configs/backup/server.nix>
<stockholm/makefu/2configs/backup/state.nix>
- <stockholm/makefu/2configs/iodined.nix>
<stockholm/makefu/2configs/bitlbee.nix>
<stockholm/makefu/2configs/wireguard/server.nix>
<stockholm/makefu/2configs/wireguard/wiregrill.nix>
@@ -160,7 +162,7 @@ in {
# <stockholm/makefu/2configs/deployment/systemdultras-rss.nix>
# <stockholm/makefu/2configs/shiori.nix>
- # <stockholm/makefu/2configs/workadventure>
+ #<stockholm/makefu/2configs/workadventure>
<stockholm/makefu/2configs/bgt/download.binaergewitter.de.nix>
<stockholm/makefu/2configs/bgt/hidden_service.nix>
diff --git a/makefu/2configs/sync/default.nix b/makefu/2configs/sync/default.nix
new file mode 100644
index 000000000..6928daf87
--- /dev/null
+++ b/makefu/2configs/sync/default.nix
@@ -0,0 +1,22 @@
+{ config, pkgs, ... }: with import <stockholm/lib>; let
+ mk_peers = mapAttrs (n: v: { id = v.syncthing.id; });
+
+ all_peers = filterAttrs (n: v: v.syncthing.id != null) config.krebs.hosts;
+ used_peer_names = unique (flatten (mapAttrsToList (n: v: v.devices) config.services.syncthing.folders));
+ used_peers = filterAttrs (n: v: elem n used_peer_names) all_peers;
+in {
+ services.syncthing = {
+ enable = true;
+ configDir = "/var/lib/syncthing";
+ devices = mk_peers used_peers;
+ key = toString <secrets/syncthing.key>;
+ cert = toString <secrets/syncthing.cert>;
+ };
+ services.syncthing.folders.the_playlist = {
+ path = "/home/lass/tmp/the_playlist";
+ devices = [ "mors" "prism" ];
+ };
+
+
+ boot.kernel.sysctl."fs.inotify.max_user_watches" = 524288;
+}
diff --git a/makefu/2configs/tinc/retiolum.nix b/makefu/2configs/tinc/retiolum.nix
index 0d2774209..a2b24d35a 100644
--- a/makefu/2configs/tinc/retiolum.nix
+++ b/makefu/2configs/tinc/retiolum.nix
@@ -1,10 +1,18 @@
-{ pkgs, config, ... }:
+{ pkgs, lib, config, ... }:
{
imports = [
../binary-cache/lass.nix
];
krebs.tinc.retiolum.enable = true;
+ krebs.tinc.retiolum.extraConfig = ''
+ StrictSubnets = yes
+ ${lib.optionalString (config.krebs.build.host.nets.retiolum.via != null) ''
+ LocalDiscovery = no
+ ''}
+ '';
+ #krebs.tinc.retiolum.connectTo = [ "gum" ];
environment.systemPackages = [ pkgs.tinc ];
networking.firewall.allowedTCPPorts = [ config.krebs.build.host.nets.retiolum.tinc.port ];
networking.firewall.allowedUDPPorts = [ config.krebs.build.host.nets.retiolum.tinc.port ];
+
}