From 67d3a55df5dd7a96d21781a581c249a9e50caaec Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Fri, 22 Mar 2019 07:57:34 +0100
Subject: k: add syncthing module

---
 krebs/3modules/syncthing.nix | 129 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 129 insertions(+)
 create mode 100644 krebs/3modules/syncthing.nix

(limited to 'krebs/3modules/syncthing.nix')

diff --git a/krebs/3modules/syncthing.nix b/krebs/3modules/syncthing.nix
new file mode 100644
index 00000000..389da81d
--- /dev/null
+++ b/krebs/3modules/syncthing.nix
@@ -0,0 +1,129 @@
+{ config, pkgs, ... }: with import <stockholm/lib>;
+
+let
+
+  cfg = config.krebs.syncthing;
+
+  devices = mapAttrsToList (name: peer: {
+    name = name;
+    deviceID = peer.id;
+    addresses = peer.addresses;
+  }) cfg.peers;
+
+  folders = map (folder: {
+    inherit (folder) path type;
+    id = folder.path;
+    devices = map (peer: { deviceId = cfg.peers.${peer}.id; }) folder.peers;
+    rescanIntervalS = folder.rescanInterval;
+  }) cfg.folders;
+
+  getApiKey = pkgs.writeDash "getAPIKey" ''
+    ${pkgs.libxml2}/bin/xmllint \
+      --xpath 'string(configuration/gui/apikey)'\
+      ${config.services.syncthing.dataDir}/config.xml
+  '';
+
+  updateConfig = pkgs.writeDash "merge-syncthing-config" ''
+    set -efu
+    API_KEY=$(${getApiKey})
+    CFG=$(${pkgs.curl}/bin/curl -Ss -H "X-API-Key: $API_KEY" localhost:8384/rest/system/config)
+    echo "$CFG" | ${pkgs.jq}/bin/jq -s '.[] * {
+      "devices": ${builtins.toJSON devices},
+      "folders": ${builtins.toJSON folders}
+    }' | ${pkgs.curl}/bin/curl -Ss -H "X-API-Key: $API_KEY" localhost:8384/rest/system/config -d @-
+    ${pkgs.curl}/bin/curl -Ss -H "X-API-Key: $API_KEY" localhost:8384/rest/system/restart -X POST
+  '';
+
+in
+
+{
+  options.krebs.syncthing = {
+
+    enable = mkEnableOption "syncthing-init";
+
+    id = mkOption {
+      type = types.str;
+      default = config.krebs.build.host.name;
+    };
+
+    cert = mkOption {
+      type = types.nullOr types.absolute-pathname;
+      default = null;
+    };
+
+    key = mkOption {
+      type = types.nullOr types.absolute-pathname;
+      default = null;
+    };
+
+    peers = mkOption {
+      default = {};
+      type = types.attrsOf (types.submodule ({
+        options = {
+
+          # TODO make into addr + port submodule
+          addresses = mkOption {
+            type = types.listOf types.str;
+            default = [];
+          };
+
+          #TODO check
+          id = mkOption {
+            type = types.str;
+          };
+
+        };
+      }));
+    };
+
+    folders = mkOption {
+      default = [];
+      type = types.listOf (types.submodule ({
+        options = {
+
+          path = mkOption {
+            type = types.absolute-pathname;
+          };
+
+          peers = mkOption {
+            type = types.listOf types.str;
+            default = [];
+          };
+
+          rescanInterval = mkOption {
+            type = types.int;
+            default = 60;
+          };
+
+          type = mkOption {
+            type = types.enum [ "sendreceive" "sendonly" "receiveonly" ];
+            default = "sendreceive";
+          };
+
+        };
+      }));
+    };
+  };
+
+  config = (mkIf cfg.enable) {
+
+    systemd.services.syncthing = mkIf (cfg.cert != null || cfg.key != null) {
+      preStart = ''
+        ${optionalString (cfg.cert != null) "cp ${toString cfg.cert} ${config.services.syncthing.dataDir}/cert.pem"}
+        ${optionalString (cfg.key != null) "cp ${toString cfg.key} ${config.services.syncthing.dataDir}/key.pem"}
+      '';
+    };
+
+    systemd.services.syncthing-init = {
+      after = [ "syncthing.service" ];
+      wantedBy = [ "multi-user.target" ];
+
+      serviceConfig = {
+        User = config.services.syncthing.user;
+        RemainAfterExit = true;
+        Type = "oneshot";
+        ExecStart = updateConfig;
+      };
+    };
+  };
+}
-- 
cgit v1.2.3


From 0bb9321d1b979f64703c22fa6c25a46776da50af Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 23 Mar 2019 16:04:01 +0100
Subject: syncthing folders: add watch & ignorePerms options

---
 krebs/3modules/syncthing.nix | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

(limited to 'krebs/3modules/syncthing.nix')

diff --git a/krebs/3modules/syncthing.nix b/krebs/3modules/syncthing.nix
index 389da81d..485dd399 100644
--- a/krebs/3modules/syncthing.nix
+++ b/krebs/3modules/syncthing.nix
@@ -15,6 +15,9 @@ let
     id = folder.path;
     devices = map (peer: { deviceId = cfg.peers.${peer}.id; }) folder.peers;
     rescanIntervalS = folder.rescanInterval;
+    fsWatcherEnabled = folder.watch;
+    fsWatcherDelayS = folder.watchDelay;
+    ignorePerms = folder.ignorePerms;
   }) cfg.folders;
 
   getApiKey = pkgs.writeDash "getAPIKey" ''
@@ -100,6 +103,21 @@ in
             default = "sendreceive";
           };
 
+          watch = mkOption {
+            type = types.bool;
+            default = true;
+          };
+
+          watchDelay = mkOption {
+            type = types.int;
+            default = 10;
+          };
+
+          ignorePerms = mkOption {
+            type = types.bool;
+            default = true;
+          };
+
         };
       }));
     };
-- 
cgit v1.2.3


From 86150b31f20772c761dac2ce76862928bcc07537 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 23 Mar 2019 16:04:22 +0100
Subject: syncthing: wait for service startup

---
 krebs/3modules/syncthing.nix | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'krebs/3modules/syncthing.nix')

diff --git a/krebs/3modules/syncthing.nix b/krebs/3modules/syncthing.nix
index 485dd399..e7f95f7f 100644
--- a/krebs/3modules/syncthing.nix
+++ b/krebs/3modules/syncthing.nix
@@ -28,6 +28,8 @@ let
 
   updateConfig = pkgs.writeDash "merge-syncthing-config" ''
     set -efu
+    # wait for service to restart
+    ${pkgs.untilport}/bin/untilport localhost 8384
     API_KEY=$(${getApiKey})
     CFG=$(${pkgs.curl}/bin/curl -Ss -H "X-API-Key: $API_KEY" localhost:8384/rest/system/config)
     echo "$CFG" | ${pkgs.jq}/bin/jq -s '.[] * {
-- 
cgit v1.2.3


From 67ca249e33e977a83b54b21ad7c717e3eaa38d84 Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 23 Mar 2019 16:04:50 +0100
Subject: syncthing: increase rescanInterval to track upstream

---
 krebs/3modules/syncthing.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'krebs/3modules/syncthing.nix')

diff --git a/krebs/3modules/syncthing.nix b/krebs/3modules/syncthing.nix
index e7f95f7f..3c60eec4 100644
--- a/krebs/3modules/syncthing.nix
+++ b/krebs/3modules/syncthing.nix
@@ -97,7 +97,7 @@ in
 
           rescanInterval = mkOption {
             type = types.int;
-            default = 60;
+            default = 3600;
           };
 
           type = mkOption {
-- 
cgit v1.2.3


From 212e7f4b9843790e29fd990a17279dc96e181baf Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 7 Apr 2019 18:21:18 +0200
Subject: syncthing: add id option

---
 krebs/3modules/syncthing.nix | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

(limited to 'krebs/3modules/syncthing.nix')

diff --git a/krebs/3modules/syncthing.nix b/krebs/3modules/syncthing.nix
index 3c60eec4..34879fd3 100644
--- a/krebs/3modules/syncthing.nix
+++ b/krebs/3modules/syncthing.nix
@@ -11,8 +11,7 @@ let
   }) cfg.peers;
 
   folders = map (folder: {
-    inherit (folder) path type;
-    id = folder.path;
+    inherit (folder) path id type;
     devices = map (peer: { deviceId = cfg.peers.${peer}.id; }) folder.peers;
     rescanIntervalS = folder.rescanInterval;
     fsWatcherEnabled = folder.watch;
@@ -83,13 +82,18 @@ in
 
     folders = mkOption {
       default = [];
-      type = types.listOf (types.submodule ({
+      type = types.listOf (types.submodule ({ config, ... }: {
         options = {
 
           path = mkOption {
             type = types.absolute-pathname;
           };
 
+          id = mkOption {
+            type = types.str;
+            default = config.path;
+          };
+
           peers = mkOption {
             type = types.listOf types.str;
             default = [];
-- 
cgit v1.2.3


From 3fee51f7378a523a95e494d160b7562206cf714b Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Tue, 9 Apr 2019 16:52:17 +0200
Subject: syncthing: fix permissions of keys

---
 krebs/3modules/syncthing.nix | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

(limited to 'krebs/3modules/syncthing.nix')

diff --git a/krebs/3modules/syncthing.nix b/krebs/3modules/syncthing.nix
index 34879fd3..bfbac1db 100644
--- a/krebs/3modules/syncthing.nix
+++ b/krebs/3modules/syncthing.nix
@@ -133,8 +133,16 @@ in
 
     systemd.services.syncthing = mkIf (cfg.cert != null || cfg.key != null) {
       preStart = ''
-        ${optionalString (cfg.cert != null) "cp ${toString cfg.cert} ${config.services.syncthing.dataDir}/cert.pem"}
-        ${optionalString (cfg.key != null) "cp ${toString cfg.key} ${config.services.syncthing.dataDir}/key.pem"}
+        ${optionalString (cfg.cert != null) ''
+          cp ${toString cfg.cert} ${config.services.syncthing.dataDir}/cert.pem
+          chown ${config.services.syncthing.user}:${config.services.syncthing.group} ${config.services.syncthing.dataDir}/cert.pem
+          chmod 400 ${config.services.syncthing.dataDir}/cert.pem
+        ''}
+        ${optionalString (cfg.key != null) ''
+          cp ${toString cfg.key} ${config.services.syncthing.dataDir}/key.pem
+          chown ${config.services.syncthing.user}:${config.services.syncthing.group} ${config.services.syncthing.dataDir}/key.pem
+          chmod 400 ${config.services.syncthing.dataDir}/key.pem
+        ''}
       '';
     };
 
-- 
cgit v1.2.3