From 9497baa2d193ce7240e1ea61ce3fe46a944f6c52 Mon Sep 17 00:00:00 2001 From: Fabian Montero Date: Wed, 22 Jan 2025 20:18:04 -0600 Subject: [PATCH] vps: add syncthing --- sys/platforms/vps/srv/default.nix | 1 + sys/platforms/vps/srv/syncthing.nix | 44 +++++++++++++++++++++++++++++ 2 files changed, 45 insertions(+) create mode 100644 sys/platforms/vps/srv/syncthing.nix diff --git a/sys/platforms/vps/srv/default.nix b/sys/platforms/vps/srv/default.nix index cf7adb0..5fedff9 100644 --- a/sys/platforms/vps/srv/default.nix +++ b/sys/platforms/vps/srv/default.nix @@ -21,5 +21,6 @@ with lib; { ./trilium.nix # ./firefly.nix gnucash is better ./roundcube.nix + ./syncthing.nix ]; } diff --git a/sys/platforms/vps/srv/syncthing.nix b/sys/platforms/vps/srv/syncthing.nix new file mode 100644 index 0000000..0f08487 --- /dev/null +++ b/sys/platforms/vps/srv/syncthing.nix @@ -0,0 +1,44 @@ +{ + lib, + pkgs, + ... +}: +with lib; { + users.groups.syncthingnginx.members = ["acme" "syncthing" "nginx"]; + security.acme.certs."cloud.posixlycorrect.com".group = "syncthingnginx"; + + networking.firewall.allowedTCPPorts = [22000]; + networking.firewall.allowedUDPPorts = [22000 21027]; + + services = { + nginx = { + virtualHosts."cloud.posixlycorrect.com" = { + enableACME = true; + forceSSL = true; + extraConfig = '' + proxy_headers_hash_max_size 512; + proxy_headers_hash_bucket_size 128; + ''; + locations."/" = { + proxyPass = "http://127.0.0.1:8384"; + }; + }; + }; + + syncthing = { + enable = true; + systemService = true; + overrideFolders = false; + overrideDevices = false; + openDefaultPorts = false; + key = "/var/lib/acme/cloud.posixlycorrect.com/key.pem"; + cert = "/var/lib/acme/cloud.posixlycorrect.com/cert.pem"; + guiAddress = "127.0.0.1:8384"; + settings = { + options = { + urAccepted = -1; + }; + }; + }; + }; +}