From ed82d1e7b8cc6bf72f5c04b28ddb3fec9e7cc543 Mon Sep 17 00:00:00 2001 From: Aly Raffauf Date: Mon, 8 Jul 2024 01:29:09 -0400 Subject: [PATCH] userModules/aly/syncthing: handle secrets --- hosts/fallarbor/default.nix | 7 +++++++ hosts/lavaridge/default.nix | 11 ++++++++++- hosts/mauville/default.nix | 5 +++++ hosts/petalburg/default.nix | 11 ++++++++++- hosts/rustboro/default.nix | 11 ++++++++++- userModules/aly/syncthing.nix | 9 ++------- userModules/options.nix | 18 ++++++++++++++---- 7 files changed, 58 insertions(+), 14 deletions(-) diff --git a/hosts/fallarbor/default.nix b/hosts/fallarbor/default.nix index fb820e72..65aff3f8 100644 --- a/hosts/fallarbor/default.nix +++ b/hosts/fallarbor/default.nix @@ -13,6 +13,11 @@ inputs.nixhw.nixosModules.framework-13-intel-11th ]; + age.secrets = { + syncthingCert.file = ../../secrets/syncthing/fallarbor/cert.age; + syncthingKey.file = ../../secrets/syncthing/fallarbor/key.age; + }; + boot.loader = { efi.canTouchEfiVariables = true; systemd-boot.enable = true; @@ -42,6 +47,8 @@ syncthing = { enable = true; + certFile = config.age.secrets.syncthingCert.path; + keyFile = config.age.secrets.syncthingKey.path; syncMusic = false; }; }; diff --git a/hosts/lavaridge/default.nix b/hosts/lavaridge/default.nix index 9a54f09a..dd6a292a 100644 --- a/hosts/lavaridge/default.nix +++ b/hosts/lavaridge/default.nix @@ -14,6 +14,11 @@ inputs.nixhw.nixosModules.framework-13-amd-7000 ]; + age.secrets = { + syncthingCert.file = ../../secrets/syncthing/lavaridge/cert.age; + syncthingKey.file = ../../secrets/syncthing/lavaridge/key.age; + }; + boot.loader = { efi.canTouchEfiVariables = true; systemd-boot.enable = true; @@ -47,7 +52,11 @@ users.aly = { enable = true; password = "$y$j9T$NSS7QcEtN4yiigPyofwlI/$nxdgz0lpySa0heDMjGlHe1gX3BWf48jK6Tkfg4xMEs6"; - syncthing.enable = true; + syncthing = { + enable = true; + certFile = config.age.secrets.syncthingCert.path; + keyFile = config.age.secrets.syncthingKey.path; + }; }; }; } diff --git a/hosts/mauville/default.nix b/hosts/mauville/default.nix index ae596318..fd58d335 100644 --- a/hosts/mauville/default.nix +++ b/hosts/mauville/default.nix @@ -42,6 +42,9 @@ in { owner = "navidrome"; file = ../../secrets/spotify/clientSecret.age; }; + + syncthingCert.file = ../../secrets/syncthing/mauville/cert.age; + syncthingKey.file = ../../secrets/syncthing/mauville/key.age; }; boot = { @@ -125,6 +128,8 @@ in { syncthing = { enable = true; + certFile = config.age.secrets.syncthingCert.path; + keyFile = config.age.secrets.syncthingKey.path; musicPath = "${mediaDirectory}/Music"; }; }; diff --git a/hosts/petalburg/default.nix b/hosts/petalburg/default.nix index d8dae8df..86e92fa4 100644 --- a/hosts/petalburg/default.nix +++ b/hosts/petalburg/default.nix @@ -13,6 +13,11 @@ inputs.nixhw.nixosModules.lenovo-yoga-9i-intel-13th ]; + age.secrets = { + syncthingCert.file = ../../secrets/syncthing/petalburg/cert.age; + syncthingKey.file = ../../secrets/syncthing/petalburg/key.age; + }; + boot.loader = { efi.canTouchEfiVariables = true; systemd-boot.enable = true; @@ -68,7 +73,11 @@ users.aly = { enable = true; password = "$y$j9T$TitXX3J690cnK41XciNMg/$APKHM/os6FKd9H9aXGxaHaQ8zP5SenO9EO94VYafl43"; - syncthing.enable = true; + syncthing = { + enable = true; + certFile = config.age.secrets.syncthingCert.path; + keyFile = config.age.secrets.syncthingKey.path; + }; }; }; } diff --git a/hosts/rustboro/default.nix b/hosts/rustboro/default.nix index 65673154..f007eae9 100644 --- a/hosts/rustboro/default.nix +++ b/hosts/rustboro/default.nix @@ -14,6 +14,11 @@ inputs.nixhw.nixosModules.thinkpad-t440p ]; + age.secrets = { + syncthingCert.file = ../../secrets/syncthing/rustboro/cert.age; + syncthingKey.file = ../../secrets/syncthing/rustboro/key.age; + }; + boot.loader = { efi.canTouchEfiVariables = true; systemd-boot.enable = true; @@ -43,7 +48,11 @@ users.aly = { enable = true; password = "$y$j9T$VdtiEyMOegHpcUwgmCVFD0$K8Ne6.zk//VJNq2zxVQ0xE0Wg3LohvAQd3Xm9aXdM15"; - syncthing.enable = true; + syncthing = { + enable = true; + certFile = config.age.secrets.syncthingCert.path; + keyFile = config.age.secrets.syncthingKey.path; + }; }; }; } diff --git a/userModules/aly/syncthing.nix b/userModules/aly/syncthing.nix index 7a3059a9..42a1650e 100644 --- a/userModules/aly/syncthing.nix +++ b/userModules/aly/syncthing.nix @@ -7,18 +7,13 @@ cfg = config.ar.users.aly.syncthing; in { config = lib.mkIf cfg.enable { - age.secrets = { - syncthingCert.file = ../../secrets/syncthing + "/${config.networking.hostName}/cert.age"; - syncthingKey.file = ../../secrets/syncthing + "/${config.networking.hostName}/key.age"; - }; - systemd.services.syncthing.environment.STNODEFAULTFOLDER = "true"; services.syncthing = { enable = true; - cert = config.age.secrets.syncthingCert.path; + cert = cfg.certFile; dataDir = "/home/aly"; - key = config.age.secrets.syncthingKey.path; + key = cfg.keyFile; openDefaultPorts = true; user = "aly"; settings = { diff --git a/userModules/options.nix b/userModules/options.nix index 5055700b..bb0ac541 100644 --- a/userModules/options.nix +++ b/userModules/options.nix @@ -41,10 +41,14 @@ syncthing = { enable = lib.mkEnableOption "Syncthing sync service."; - syncMusic = lib.mkOption { - description = "Whether to sync music folder."; - default = config.ar.users.aly.syncthing.enable; - type = lib.types.bool; + certFile = lib.mkOption { + description = "Syncthing cert file."; + type = lib.types.nonEmptyStr; + }; + + keyFile = lib.mkOption { + description = "Syncthing key file."; + type = lib.types.nonEmptyStr; }; musicPath = lib.mkOption { @@ -52,6 +56,12 @@ default = "/home/aly/music"; type = lib.types.str; }; + + syncMusic = lib.mkOption { + description = "Whether to sync music folder."; + default = config.ar.users.aly.syncthing.enable; + type = lib.types.bool; + }; }; };