diff --git a/secrets/syncthing.yaml b/secrets/syncthing.yaml new file mode 100644 index 0000000..6301c09 --- /dev/null +++ b/secrets/syncthing.yaml @@ -0,0 +1,24 @@ +syncthing: + server: + key.pem: ENC[AES256_GCM,data:tujyhF6b2jdcvwWKf6tXGmVEXVfiG5zjAxL6RHAHyE2wHE3wyUb7Ah+QF4PWK/UueoPe2u1LirJj35fPDMBbAPQm+nWRqcTmHFdO4HNoaofqZp2fzk4svlrOyZ1D3cbbACYDafnL7G8DB6jvbZJwPuMX1jtdlAEP7BfXWcJnY1TUQhTD+lsSSnsYLm0v+PQj10RF22/dEjUIFUcJ0mEq669FpUNGFpd6y8/oNVCbx84tKnjIH6vOXG9qbYPng8jfPXA7IbjEBMYa6H52hEHwiKUXNcIcfLilGex5haFUSka1mtTNMFUWwNwy3nm/ejZqLWBVKuN4ULYfNfyxis+RWg/QDdk9sfq6ld9i7bC6roqbYKHH/bo+y95n02jwJ+Dv,iv:iRTlEAVdzQFLaWMZw13NeUhgam/6jxZEELf2h8KNiK8=,tag:L7fuZ13CQXD77T3uxOuFzQ==,type:str] + cert.pem: ENC[AES256_GCM,data:agNY2QP+1wd1b8B84n2hFUuRDa/oXgvs8MMzyLZGK6gS45qwufqYwvtkVyMihEYAey6C3EGQRT3qISQ7ft8Vttmg2vlRc9yQsUW1OoDn/im4ntBiVdT6KguHzQtJqRPcSObkwsk1lyrlt9GIyzjH4XhAQdWBU51E7rLdDzPOAmkuyYcE3hDvty1+D8Sq600Cr6YYAD/BdXQgPw4Wee52yjyIcXUZXqHOvveTrlOWQIhxdwfd3KXvSyiw0Ybn1l4aW02C9EfiOsfBH1rvEqIuaR32uwl4QknNgkay4ZgKvG1n7nZde+gdOeASYvNBm8rWJwVxYX183qL5an0biZR0EqQHVGCRkGDqFtCYB/yoSzGTBk5MbZndEqu6miFNw0SLDPLBEP4nq/wRnpGMGEC4P/RxACO1J8y8PpPteIQTunOxhZnkG4rVC70pPFPcn4ak9Z12DLWGq3RSgGmnsACwpG4Q3oln2tzng7c1hL0bwosoHRj4SiStbivpsPjPTu9sAaFlXKiELPYrTrS1tZHsJfrWqACqFMjq49A7WqB5rbN/2IR9dNSumHKfkwwkVJiso8zroKk58iYuNcrVgpfddvvCSx/zT6c8yiUR5q80Rai3uEzvGcLiLt+qHQ9rNFasp1gFjBaHUPVGJ2mZCqTGAsceX5DlioMKvsNRUBrUmlfv5xZb4zCiQagl/txdUyS34J0kSlN7KddJy1aa3NXmEqo7FrIkzFOSA7+VLhRuqW4B2APil3jN7i4Cv9tkgZzwn6dXUaA6rFVjho8LhKhg+Ml5rpzspZn9gkEUmBD4/MMW9bhxFCEBE+irkJr1GQMOZMBfJTn4+Gnp64fzswbk7e9Dvd0MhF8DXr0NA1yK+cNj7xUz6qxKP+s2EVJUMMrRaoMq/jcQWCSP5Jqajkr6IzXekw9WX/zmvJg9rr5RjF8B37oWpoBqNiJ5Gwtgum1VUyzH3711MoagFI2wzUSee+lsSR/UHSbcZXlL/yB8L2Y/1okVCBahGtoDPFx/37PT0avrUagkJ1UZUwD//S8VkRvC8Pwhc01XuoY=,iv:AnDDNn8YiQ48y9cUTUlZXAyZ/ul4v9o5r/UkVrzwb2U=,tag:CxPUoCsEqW4FCm10lSaPKQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1kruum2varzua7w5n6n52vhwyek2arc685rhcwt0u7k2jf5mecsjslkl9ll + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6S3MvRTRHR2F4eWdMczFX + RmprdURZbWdESlcvMk1WNDJJT01ZQUVHOWdjCjVLY3BpdXBCV2RvWHFtYXQ4OE5u + QmZLM28zZFZWdU9JSWw4YTdRTHZhSHMKLS0tIHJRa2Z3OENwT1JtMVlyWkc2Rm5C + bFNIcXk1MXlYdGFIZ1VLME5zWkhROVUKdkc/UpjXFOdndc4xEOesvVA205wV2BwH + LgcfUxwGrUgEuabezyvWU1ycZBM3YeK0IRp2Uzw49uRbF2Da6AdwKA== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-06-20T13:09:29Z" + mac: ENC[AES256_GCM,data:hkRePl0jgIvDxlWbxW3DTBMImZV+N5uags7HA0hfcn+AlwIM5PRcuVoRMZuPZ4uHoeADFrTpsGFPSazw3NnraoeE1tvVmipYXao3IqmwxO1FM267vA+VgMQk9osKsTEXGKtSsQMSQyvtmrhVV/4YSGFSf7Qe8m3s/BII/GdLPso=,iv:4ibzu1CmDpwSaY6xzxuTyccAhgW85Zw/1u9AtktHjoI=,tag:0iHvFoaRrXxqA5v8piihgw==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.8.1 diff --git a/system/services/kavita.nix b/system/services/kavita.nix index ad76c21..9e0e577 100644 --- a/system/services/kavita.nix +++ b/system/services/kavita.nix @@ -11,6 +11,9 @@ in fsType = "none"; options = [ "bind" ]; }; + system.activationScripts.ensure-kativa-permission = '' + chmod -R 0775 /nas/kavita + ''; users.groups.kavita.members = [ user.name ]; users.groups.${user.name}.members = [ "kavita" ]; # Allow kavita to read users's files copied to /var/lib/kavita via NAS sops.secrets."kavita/token" = { diff --git a/system/services/syncthing.nix b/system/services/syncthing.nix index 30aa639..514681b 100644 --- a/system/services/syncthing.nix +++ b/system/services/syncthing.nix @@ -1,22 +1,86 @@ { config, lib, ... }: let cfg = config.profile.services.syncthing; + user = config.profile.user; + uid = toString user.uid; + gid = toString user.gid; + dataDir = "/nas/Syncthing"; inherit (lib) mkIf; in { config = mkIf cfg.enable { + system.activationScripts.syncthing = '' + mkdir -p ${dataDir} + chown ${uid}:${gid} ${dataDir} + ''; services.caddy.virtualHosts."syncthing.tigor.web.id".extraConfig = '' reverse_proxy 0.0.0.0:8384 ''; + sops.secrets = + let + opts = { owner = user.name; sopsFile = ../../secrets/syncthing.yaml; }; + in + { + "syncthing/server/key.pem" = opts; + "syncthing/server/cert.pem" = opts; + }; services.syncthing = { enable = true; + key = config.sops.secrets."syncthing/server/key.pem".path; + cert = config.sops.secrets."syncthing/server/cert.pem".path; settings = { options.urAccepted = 1; # Allow anonymous usage reporting. + folders = { + "/nas/redmage/images/windows" = { + label = "Redmage/Windows"; + id = "Redmage/Windows"; + }; + "/nas/redmage/images/laptop-kerja" = { + label = "Redmage/Laptop-Kerja"; + id = "Redmage/Laptop-Kerja"; + }; + "/nas/redmage/images/s20fe-sfw" = { + label = "Redmage/S20FE"; + id = "Redmage/S20FE"; + devices = [ + "s20fe" + ]; + }; + "/nas/Syncthing/Sync/Japanese-Homework" = { + label = "Japanese Homework"; + id = "Japanese-Homework"; + devices = [ + "s20fe" + "onyx" + ]; + }; + "/nas/kavita/library/light-novels" = { + label = "Light Novels"; + id = "Light-Novels"; + devices = [ + "onyx" + ]; + }; + }; + devices = { + s20fe = { + name = "Samsung S20FE"; + id = "ASH4PGY-H2ANIMX-RJJRODR-AD6KH5X-632CAG2-5NCDSGN-I27XNAC-EMVL6A7"; + autoAcceptFolders = true; + }; + onyx = { + name = "Onyx Note Air 3"; + id = "FZMFBD5-5PS566H-XJGV3FO-NQVSMX5-3VHPS7V-SUT27WA-MXHFBYT-BDSS6AW"; + autoAcceptFolders = true; + }; + }; }; - overrideFolders = false; - overrideDevices = false; + overrideFolders = true; + overrideDevices = true; openDefaultPorts = true; guiAddress = "0.0.0.0:8384"; + user = user.name; + dataDir = dataDir; }; }; }