101 lines
2.0 KiB
Nix
101 lines
2.0 KiB
Nix
# Module: roles/syncthingserver
|
|
# Enables a syncthing server
|
|
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
pkgsUnstable,
|
|
inputs,
|
|
...
|
|
}:
|
|
|
|
with lib;
|
|
|
|
let
|
|
cfg = config.syncthingserver;
|
|
in
|
|
{
|
|
options.syncthingserver = {
|
|
enable = mkEnableOption "Enables syncthingserver role";
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
environment.systemPackages = with pkgsUnstable; [
|
|
syncthing
|
|
traefik
|
|
];
|
|
|
|
services.syncthing = {
|
|
enable = true;
|
|
relay.enable = true;
|
|
systemService = true;
|
|
|
|
dataDir = "/mnt/data/syncthing";
|
|
|
|
overrideDevices = false;
|
|
overrideFolders = false;
|
|
|
|
settings = {
|
|
# don't accept tracking
|
|
options.urAccepted = -1;
|
|
|
|
gui = {
|
|
enabled = true;
|
|
theme = "default";
|
|
insecureAdminAccess = true;
|
|
insecureSkipHostCheck = true;
|
|
};
|
|
};
|
|
};
|
|
|
|
services.traefik = {
|
|
enable = true;
|
|
|
|
staticConfigOptions = {
|
|
entryPoints = {
|
|
web = {
|
|
address = ":80";
|
|
asDefault = true;
|
|
http.redirections.entrypoint = {
|
|
to = "websecure";
|
|
scheme = "https";
|
|
};
|
|
};
|
|
|
|
websecure = {
|
|
address = ":443";
|
|
asDefault = true;
|
|
http.tls.certResolver = "tailscale";
|
|
};
|
|
};
|
|
|
|
certificatesResolvers.tailscale."tailscale" = { };
|
|
};
|
|
|
|
dynamicConfigOptions = {
|
|
http.routers.syncthing = {
|
|
entrypoints = [ "websecure" ];
|
|
rule = "Host(`${config.networking.hostName}.tail755c5.ts.net`)";
|
|
service = "syncthing-gui";
|
|
tls.certResolver = "tailscale";
|
|
};
|
|
|
|
http.services.syncthing-gui = {
|
|
loadBalancer.servers = [ { url = "http://localhost:8384"; } ];
|
|
};
|
|
};
|
|
};
|
|
|
|
services.tailscale.permitCertUid = "traefik";
|
|
|
|
networking.firewall.allowedTCPPorts = [
|
|
config.services.syncthing.relay.port
|
|
];
|
|
|
|
networking.firewall.allowedUDPPorts = [
|
|
22000
|
|
21027
|
|
];
|
|
};
|
|
}
|