syncthing: added windows device

syncthing: now set declaratively
rust-motd: removed service_status section since it's relatively useless
2024-06-20 22:27:31 +07:00 · 2024-06-20 20:28:21 +07:00 · 2024-06-20 15:52:53 +07:00 · 2024-06-20 15:48:18 +07:00 · 2024-06-20 14:15:21 +07:00 · 2024-06-19 18:08:59 +07:00
8 changed files with 166 additions and 8 deletions
--- a/options/services.nix
+++ b/options/services.nix
@ -14,5 +14,6 @@ in
    openvpn.enable = mkEnableOption "openvpn";
    stubby.enable = mkEnableOption "stubby";
    jellyfin.enable = mkEnableOption "jellyfin";
    rust-motd.enable = mkEnableOption "rust-motd";
  };
 }
--- a/profiles/homeserver.nix
+++ b/profiles/homeserver.nix
@ -48,6 +48,7 @@
      openvpn.enable = true;
      stubby.enable = true;
      jellyfin.enable = true;
      rust-motd.enable = true;
    };
  };
 }
--- a/secrets/syncthing.yaml
+++ b/secrets/syncthing.yaml
@ -0,0 +1,24 @@
 syncthing:
    server:
        key.pem: ENC[AES256_GCM,data:tujyhF6b2jdcvwWKf6tXGmVEXVfiG5zjAxL6RHAHyE2wHE3wyUb7Ah+QF4PWK/UueoPe2u1LirJj35fPDMBbAPQm+nWRqcTmHFdO4HNoaofqZp2fzk4svlrOyZ1D3cbbACYDafnL7G8DB6jvbZJwPuMX1jtdlAEP7BfXWcJnY1TUQhTD+lsSSnsYLm0v+PQj10RF22/dEjUIFUcJ0mEq669FpUNGFpd6y8/oNVCbx84tKnjIH6vOXG9qbYPng8jfPXA7IbjEBMYa6H52hEHwiKUXNcIcfLilGex5haFUSka1mtTNMFUWwNwy3nm/ejZqLWBVKuN4ULYfNfyxis+RWg/QDdk9sfq6ld9i7bC6roqbYKHH/bo+y95n02jwJ+Dv,iv:iRTlEAVdzQFLaWMZw13NeUhgam/6jxZEELf2h8KNiK8=,tag:L7fuZ13CQXD77T3uxOuFzQ==,type:str]
        cert.pem: ENC[AES256_GCM,data:agNY2QP+1wd1b8B84n2hFUuRDa/oXgvs8MMzyLZGK6gS45qwufqYwvtkVyMihEYAey6C3EGQRT3qISQ7ft8Vttmg2vlRc9yQsUW1OoDn/im4ntBiVdT6KguHzQtJqRPcSObkwsk1lyrlt9GIyzjH4XhAQdWBU51E7rLdDzPOAmkuyYcE3hDvty1+D8Sq600Cr6YYAD/BdXQgPw4Wee52yjyIcXUZXqHOvveTrlOWQIhxdwfd3KXvSyiw0Ybn1l4aW02C9EfiOsfBH1rvEqIuaR32uwl4QknNgkay4ZgKvG1n7nZde+gdOeASYvNBm8rWJwVxYX183qL5an0biZR0EqQHVGCRkGDqFtCYB/yoSzGTBk5MbZndEqu6miFNw0SLDPLBEP4nq/wRnpGMGEC4P/RxACO1J8y8PpPteIQTunOxhZnkG4rVC70pPFPcn4ak9Z12DLWGq3RSgGmnsACwpG4Q3oln2tzng7c1hL0bwosoHRj4SiStbivpsPjPTu9sAaFlXKiELPYrTrS1tZHsJfrWqACqFMjq49A7WqB5rbN/2IR9dNSumHKfkwwkVJiso8zroKk58iYuNcrVgpfddvvCSx/zT6c8yiUR5q80Rai3uEzvGcLiLt+qHQ9rNFasp1gFjBaHUPVGJ2mZCqTGAsceX5DlioMKvsNRUBrUmlfv5xZb4zCiQagl/txdUyS34J0kSlN7KddJy1aa3NXmEqo7FrIkzFOSA7+VLhRuqW4B2APil3jN7i4Cv9tkgZzwn6dXUaA6rFVjho8LhKhg+Ml5rpzspZn9gkEUmBD4/MMW9bhxFCEBE+irkJr1GQMOZMBfJTn4+Gnp64fzswbk7e9Dvd0MhF8DXr0NA1yK+cNj7xUz6qxKP+s2EVJUMMrRaoMq/jcQWCSP5Jqajkr6IzXekw9WX/zmvJg9rr5RjF8B37oWpoBqNiJ5Gwtgum1VUyzH3711MoagFI2wzUSee+lsSR/UHSbcZXlL/yB8L2Y/1okVCBahGtoDPFx/37PT0avrUagkJ1UZUwD//S8VkRvC8Pwhc01XuoY=,iv:AnDDNn8YiQ48y9cUTUlZXAyZ/ul4v9o5r/UkVrzwb2U=,tag:CxPUoCsEqW4FCm10lSaPKQ==,type:str]
 sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age:
        - recipient: age1kruum2varzua7w5n6n52vhwyek2arc685rhcwt0u7k2jf5mecsjslkl9ll
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6S3MvRTRHR2F4eWdMczFX
            RmprdURZbWdESlcvMk1WNDJJT01ZQUVHOWdjCjVLY3BpdXBCV2RvWHFtYXQ4OE5u
            QmZLM28zZFZWdU9JSWw4YTdRTHZhSHMKLS0tIHJRa2Z3OENwT1JtMVlyWkc2Rm5C
            bFNIcXk1MXlYdGFIZ1VLME5zWkhROVUKdkc/UpjXFOdndc4xEOesvVA205wV2BwH
            LgcfUxwGrUgEuabezyvWU1ycZBM3YeK0IRp2Uzw49uRbF2Da6AdwKA==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2024-06-20T13:09:29Z"
    mac: ENC[AES256_GCM,data:hkRePl0jgIvDxlWbxW3DTBMImZV+N5uags7HA0hfcn+AlwIM5PRcuVoRMZuPZ4uHoeADFrTpsGFPSazw3NnraoeE1tvVmipYXao3IqmwxO1FM267vA+VgMQk9osKsTEXGKtSsQMSQyvtmrhVV/4YSGFSf7Qe8m3s/BII/GdLPso=,iv:4ibzu1CmDpwSaY6xzxuTyccAhgW85Zw/1u9AtktHjoI=,tag:0iHvFoaRrXxqA5v8piihgw==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.8.1
--- a/system/services/default.nix
+++ b/system/services/default.nix
@ -4,12 +4,13 @@
    ./caddy.nix
    ./cockpit.nix
    ./forgejo.nix
    ./samba.nix
    ./nextcloud.nix
    ./syncthing.nix
    ./kavita.nix
    ./openvpn.nix
    ./stubby.nix
    ./jellyfin.nix
    ./kavita.nix
    ./nextcloud.nix
    ./openvpn.nix
    ./rust-motd.nix
    ./samba.nix
    ./stubby.nix
    ./syncthing.nix
  ];
 }
--- a/system/services/forgejo.nix
+++ b/system/services/forgejo.nix
@ -43,6 +43,17 @@ in
          name = config.networking.hostName;
          url = config.services.forgejo.settings.server.ROOT_URL;
          tokenFile = config.sops.secrets."forgejo/runners/global".path;
          hostPackages = with pkgs; [
            bash
            coreutils
            curl
            gawk
            gitMinimal
            gnused
            nodejs
            wget
            typst
          ];
          settings = {
            runner = {
              capacity = 2;
@ -59,6 +70,7 @@ in
          };
          labels = [
            "docker:docker://ghcr.io/catthehacker/ubuntu:act-22.04"
            "ubuntu:docker://ghcr.io/catthehacker/ubuntu:act-22.04"
            "native:host"
          ];
        };
--- a/system/services/kavita.nix
+++ b/system/services/kavita.nix
@ -11,6 +11,9 @@ in
      fsType = "none";
      options = [ "bind" ];
    };
    system.activationScripts.ensure-kativa-permission = ''
      chmod -R 0775 /nas/kavita
    '';
    users.groups.kavita.members = [ user.name ];
    users.groups.${user.name}.members = [ "kavita" ]; # Allow kavita to read users's files copied to /var/lib/kavita via NAS
    sops.secrets."kavita/token" = {
--- a/system/services/rust-motd.nix
+++ b/system/services/rust-motd.nix
@ -0,0 +1,43 @@
 { config, lib, pkgs, ... }:
 let
  cfg = config.profile.services.rust-motd;
  inherit (lib) mkIf;
 in
 {
  config = mkIf cfg.enable {
    environment.systemPackages = with pkgs; [
      fail2ban
    ];
    programs.rust-motd = {
      enable = true;
      settings = {
        banner = {
          color = "white";
          command = "${pkgs.fortune-kind}/bin/fortune-kind | ${pkgs.neo-cowsay}/bin/cowsay --random";
        };
        uptime = {
          prefix = "Up";
        };
        filesystems = {
          Root = "/";
          NAS = "/nas";
        };
        memory = {
          swap_pos = "beside";
        };
        last_login = {
          ${config.profile.user.name} = 1;
        };
        last_run = { };
      };
      order = [
        "banner"
        "last_login"
        "uptime"
        "memory"
        "filesystems"
        "last_run"
      ];
    };
  };
 }
--- a/system/services/syncthing.nix
+++ b/system/services/syncthing.nix
@ -1,22 +1,95 @@
 { config, lib, ... }:
 let
  cfg = config.profile.services.syncthing;
  user = config.profile.user;
  uid = toString user.uid;
  gid = toString user.gid;
  dataDir = "/nas/Syncthing";
  inherit (lib) mkIf;
 in
 {
  config = mkIf cfg.enable {
    system.activationScripts.syncthing = ''
      mkdir -p ${dataDir}
      chown ${uid}:${gid} ${dataDir}
    '';
    services.caddy.virtualHosts."syncthing.tigor.web.id".extraConfig = ''
      reverse_proxy 0.0.0.0:8384
    '';
    sops.secrets =
      let
        opts = { owner = user.name; sopsFile = ../../secrets/syncthing.yaml; };
      in
      {
        "syncthing/server/key.pem" = opts;
        "syncthing/server/cert.pem" = opts;
      };
    services.syncthing = {
      enable = true;
      key = config.sops.secrets."syncthing/server/key.pem".path;
      cert = config.sops.secrets."syncthing/server/cert.pem".path;
      settings = {
        options.urAccepted = 1; # Allow anonymous usage reporting.
        folders = {
          "/nas/redmage/images/windows" = {
            label = "Redmage/Windows";
            id = "Redmage/Windows";
            devices = [
              "windows"
            ];
          };
-      overrideFolders = false;
+          "/nas/redmage/images/laptop-kerja" = {
-      overrideDevices = false;
+            label = "Redmage/Laptop-Kerja";
            id = "Redmage/Laptop-Kerja";
          };
          "/nas/redmage/images/s20fe-sfw" = {
            label = "Redmage/S20FE";
            id = "Redmage/S20FE";
            devices = [
              "s20fe"
            ];
          };
          "/nas/Syncthing/Sync/Japanese-Homework" = {
            label = "Japanese Homework";
            id = "Japanese-Homework";
            devices = [
              "s20fe"
              "onyx"
              "windows"
            ];
          };
          "/nas/kavita/library/light-novels" = {
            label = "Light Novels";
            id = "Light-Novels";
            devices = [
              "onyx"
            ];
          };
        };
        devices = {
          s20fe = {
            name = "Samsung S20FE";
            id = "ASH4PGY-H2ANIMX-RJJRODR-AD6KH5X-632CAG2-5NCDSGN-I27XNAC-EMVL6A7";
            autoAcceptFolders = true;
          };
          onyx = {
            name = "Onyx Note Air 3";
            id = "FZMFBD5-5PS566H-XJGV3FO-NQVSMX5-3VHPS7V-SUT27WA-MXHFBYT-BDSS6AW";
            autoAcceptFolders = true;
          };
          windows = {
            name = "Windows";
            id = "FSTIYS6-REFXIJX-KPLYC4L-QSZO46L-RV3VTPZ-VWVTE7O-Y663OZN-RTKP3QI";
            autoAcceptFolders = true;
          };
        };
      };
      overrideFolders = true;
      overrideDevices = true;
      openDefaultPorts = true;
      guiAddress = "0.0.0.0:8384";
      user = user.name;
      dataDir = dataDir;
    };
  };
 }
Author	SHA1	Message	Date
Tigor Hutasuhut	96c423a772	syncthing: added windows device	2024-06-20 22:27:31 +07:00
Tigor Hutasuhut	47bb36853e	syncthing: now set declaratively	2024-06-20 20:28:21 +07:00
Tigor Hutasuhut	66426cf9d6	rust-motd: removed service_status section since it's relatively useless	2024-06-20 15:52:53 +07:00
Tigor Hutasuhut	9007b42d93	rust-motd: added configuration for rust-motd service	2024-06-20 15:48:18 +07:00
Tigor Hutasuhut	e9dc037124	forgejo: update runner dependencies	2024-06-20 14:15:21 +07:00
Tigor Hutasuhut	635735c39e	forgejo: added ubuntu label to the container	2024-06-19 18:08:59 +07:00