87 lines
1.9 KiB
Nix
87 lines
1.9 KiB
Nix
# Module: roles/syncthingserver
|
|
# Enables a syncthing server
|
|
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
pkgsUnstable,
|
|
inputs,
|
|
...
|
|
}:
|
|
|
|
with lib;
|
|
|
|
let
|
|
cfg = config.syncthingserver;
|
|
syncthingGuiPort = 8384;
|
|
in
|
|
{
|
|
options.syncthingserver = {
|
|
enable = mkEnableOption "Enables syncthingserver role";
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
services.syncthing = {
|
|
enable = true;
|
|
package = pkgsUnstable.syncthing;
|
|
relay.enable = true;
|
|
systemService = true;
|
|
|
|
dataDir = "/mnt/data/syncthing";
|
|
|
|
overrideDevices = false;
|
|
overrideFolders = false;
|
|
|
|
settings = {
|
|
# don't accept tracking
|
|
options.urAccepted = -1;
|
|
|
|
gui = {
|
|
enabled = true;
|
|
theme = "default";
|
|
insecureAdminAccess = true;
|
|
insecureSkipHostCheck = true;
|
|
};
|
|
};
|
|
};
|
|
|
|
traefik.enable = true;
|
|
services.traefik.dynamicConfigOptions = {
|
|
http.routers.syncthing = {
|
|
entrypoints = [ "websecure" ];
|
|
rule = "Host(`${config.networking.hostName}.tail755c5.ts.net`)";
|
|
tls.certresolver = "tailscale";
|
|
service = "syncthing";
|
|
};
|
|
http.services.syncthing.loadbalancer.servers = [
|
|
{
|
|
url = "http://127.0.0.1:${toString syncthingGuiPort}";
|
|
}
|
|
];
|
|
};
|
|
|
|
networking.firewall.allowedTCPPorts = [
|
|
config.services.syncthing.relay.port
|
|
];
|
|
|
|
networking.firewall.allowedUDPPorts = [
|
|
22000
|
|
21027
|
|
];
|
|
|
|
systemd.services.syncthing.serviceConfig.ExecStart =
|
|
let
|
|
args = lib.escapeShellArgs (
|
|
(lib.cli.toGNUCommandLine { } {
|
|
"no-browser" = true;
|
|
"gui-address" = config.services.syncthing.guiAddress;
|
|
"config" = config.services.syncthing.configDir;
|
|
"data" = config.services.syncthing.databaseDir;
|
|
})
|
|
++ config.services.syncthing.extraFlags
|
|
);
|
|
in
|
|
lib.mkForce "${lib.getExe config.services.syncthing.package} ${args}";
|
|
};
|
|
}
|