userModules/aly/syncthing: handle secrets

2024-11-22 00:13:55 -05:00 · 2024-07-08 01:29:09 -04:00 · 2024-07-08 01:29:09 -04:00 · ed82d1e7b8
parent 23e37fa814
commit ed82d1e7b8
7 changed files with 58 additions and 14 deletions
--- a/hosts/fallarbor/default.nix
+++ b/hosts/fallarbor/default.nix
@ -13,6 +13,11 @@
    inputs.nixhw.nixosModules.framework-13-intel-11th
  ];

+  age.secrets = {
+    syncthingCert.file = ../../secrets/syncthing/fallarbor/cert.age;
+    syncthingKey.file = ../../secrets/syncthing/fallarbor/key.age;
+  };
+
  boot.loader = {
    efi.canTouchEfiVariables = true;
    systemd-boot.enable = true;
@ -42,6 +47,8 @@

        syncthing = {
          enable = true;
+          certFile = config.age.secrets.syncthingCert.path;
+          keyFile = config.age.secrets.syncthingKey.path;
          syncMusic = false;
        };
      };
--- a/hosts/lavaridge/default.nix
+++ b/hosts/lavaridge/default.nix
@ -14,6 +14,11 @@
    inputs.nixhw.nixosModules.framework-13-amd-7000
  ];

+  age.secrets = {
+    syncthingCert.file = ../../secrets/syncthing/lavaridge/cert.age;
+    syncthingKey.file = ../../secrets/syncthing/lavaridge/key.age;
+  };
+
  boot.loader = {
    efi.canTouchEfiVariables = true;
    systemd-boot.enable = true;
@ -47,7 +52,11 @@
    users.aly = {
      enable = true;
      password = "$y$j9T$NSS7QcEtN4yiigPyofwlI/$nxdgz0lpySa0heDMjGlHe1gX3BWf48jK6Tkfg4xMEs6";
-      syncthing.enable = true;
+      syncthing = {
+        enable = true;
+        certFile = config.age.secrets.syncthingCert.path;
+        keyFile = config.age.secrets.syncthingKey.path;
+      };
    };
  };
 }
--- a/hosts/mauville/default.nix
+++ b/hosts/mauville/default.nix
@ -42,6 +42,9 @@ in {
      owner = "navidrome";
      file = ../../secrets/spotify/clientSecret.age;
    };
+
+    syncthingCert.file = ../../secrets/syncthing/mauville/cert.age;
+    syncthingKey.file = ../../secrets/syncthing/mauville/key.age;
  };

  boot = {
@ -125,6 +128,8 @@ in {

        syncthing = {
          enable = true;
+          certFile = config.age.secrets.syncthingCert.path;
+          keyFile = config.age.secrets.syncthingKey.path;
          musicPath = "${mediaDirectory}/Music";
        };
      };
--- a/hosts/petalburg/default.nix
+++ b/hosts/petalburg/default.nix
@ -13,6 +13,11 @@
    inputs.nixhw.nixosModules.lenovo-yoga-9i-intel-13th
  ];

+  age.secrets = {
+    syncthingCert.file = ../../secrets/syncthing/petalburg/cert.age;
+    syncthingKey.file = ../../secrets/syncthing/petalburg/key.age;
+  };
+
  boot.loader = {
    efi.canTouchEfiVariables = true;
    systemd-boot.enable = true;
@ -68,7 +73,11 @@
    users.aly = {
      enable = true;
      password = "$y$j9T$TitXX3J690cnK41XciNMg/$APKHM/os6FKd9H9aXGxaHaQ8zP5SenO9EO94VYafl43";
-      syncthing.enable = true;
+      syncthing = {
+        enable = true;
+        certFile = config.age.secrets.syncthingCert.path;
+        keyFile = config.age.secrets.syncthingKey.path;
+      };
    };
  };
 }
--- a/hosts/rustboro/default.nix
+++ b/hosts/rustboro/default.nix
@ -14,6 +14,11 @@
    inputs.nixhw.nixosModules.thinkpad-t440p
  ];

+  age.secrets = {
+    syncthingCert.file = ../../secrets/syncthing/rustboro/cert.age;
+    syncthingKey.file = ../../secrets/syncthing/rustboro/key.age;
+  };
+
  boot.loader = {
    efi.canTouchEfiVariables = true;
    systemd-boot.enable = true;
@ -43,7 +48,11 @@
    users.aly = {
      enable = true;
      password = "$y$j9T$VdtiEyMOegHpcUwgmCVFD0$K8Ne6.zk//VJNq2zxVQ0xE0Wg3LohvAQd3Xm9aXdM15";
-      syncthing.enable = true;
+      syncthing = {
+        enable = true;
+        certFile = config.age.secrets.syncthingCert.path;
+        keyFile = config.age.secrets.syncthingKey.path;
+      };
    };
  };
 }
--- a/userModules/aly/syncthing.nix
+++ b/userModules/aly/syncthing.nix
@ -7,18 +7,13 @@
  cfg = config.ar.users.aly.syncthing;
 in {
  config = lib.mkIf cfg.enable {
-    age.secrets = {
-      syncthingCert.file = ../../secrets/syncthing + "/${config.networking.hostName}/cert.age";
-      syncthingKey.file = ../../secrets/syncthing + "/${config.networking.hostName}/key.age";
-    };
-
    systemd.services.syncthing.environment.STNODEFAULTFOLDER = "true";

    services.syncthing = {
      enable = true;
-      cert = config.age.secrets.syncthingCert.path;
+      cert = cfg.certFile;
      dataDir = "/home/aly";
-      key = config.age.secrets.syncthingKey.path;
+      key = cfg.keyFile;
      openDefaultPorts = true;
      user = "aly";
      settings = {
--- a/userModules/options.nix
+++ b/userModules/options.nix
@ -41,10 +41,14 @@
        syncthing = {
          enable = lib.mkEnableOption "Syncthing sync service.";

-          syncMusic = lib.mkOption {
-            description = "Whether to sync music folder.";
-            default = config.ar.users.aly.syncthing.enable;
-            type = lib.types.bool;
+          certFile = lib.mkOption {
+            description = "Syncthing cert file.";
+            type = lib.types.nonEmptyStr;
+          };
+
+          keyFile = lib.mkOption {
+            description = "Syncthing key file.";
+            type = lib.types.nonEmptyStr;
          };

          musicPath = lib.mkOption {
@ -52,6 +56,12 @@
            default = "/home/aly/music";
            type = lib.types.str;
          };
+
+          syncMusic = lib.mkOption {
+            description = "Whether to sync music folder.";
+            default = config.ar.users.aly.syncthing.enable;
+            type = lib.types.bool;
+          };
        };
      };