vps: add syncthing

2025-01-22 20:18:04 -06:00 · 2025-01-22 20:18:04 -06:00 · 9497baa2d1
parent 8c2e1b74ef
commit 9497baa2d1
2 changed files with 45 additions and 0 deletions
--- a/sys/platforms/vps/srv/default.nix
+++ b/sys/platforms/vps/srv/default.nix
@ -21,5 +21,6 @@ with lib; {
    ./trilium.nix
    # ./firefly.nix gnucash is better
    ./roundcube.nix
+    ./syncthing.nix
  ];
 }
--- a/sys/platforms/vps/srv/syncthing.nix
+++ b/sys/platforms/vps/srv/syncthing.nix
@ -0,0 +1,44 @@
+{
+  lib,
+  pkgs,
+  ...
+}:
+with lib; {
+  users.groups.syncthingnginx.members = ["acme" "syncthing" "nginx"];
+  security.acme.certs."cloud.posixlycorrect.com".group = "syncthingnginx";
+
+  networking.firewall.allowedTCPPorts = [22000];
+  networking.firewall.allowedUDPPorts = [22000 21027];
+
+  services = {
+    nginx = {
+      virtualHosts."cloud.posixlycorrect.com" = {
+        enableACME = true;
+        forceSSL = true;
+        extraConfig = ''
+          proxy_headers_hash_max_size 512;
+          proxy_headers_hash_bucket_size 128;
+        '';
+        locations."/" = {
+          proxyPass = "http://127.0.0.1:8384";
+        };
+      };
+    };
+
+    syncthing = {
+      enable = true;
+      systemService = true;
+      overrideFolders = false;
+      overrideDevices = false;
+      openDefaultPorts = false;
+      key = "/var/lib/acme/cloud.posixlycorrect.com/key.pem";
+      cert = "/var/lib/acme/cloud.posixlycorrect.com/cert.pem";
+      guiAddress = "127.0.0.1:8384";
+      settings = {
+        options = {
+          urAccepted = -1;
+        };
+      };
+    };
+  };
+}