syncthing: OS-level barebones test
To test OS-level passwords
This commit is contained in:
parent
a39118d439
commit
eab20b4339
|
@ -16,6 +16,7 @@
|
||||||
./printing
|
./printing
|
||||||
./remote-builds
|
./remote-builds
|
||||||
./style
|
./style
|
||||||
|
./syncthing
|
||||||
./wireless
|
./wireless
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
42
os/syncthing/default.nix
Normal file
42
os/syncthing/default.nix
Normal file
|
@ -0,0 +1,42 @@
|
||||||
|
{ pkgs, lib, config, ... }:
|
||||||
|
let
|
||||||
|
cfg = config.services.syncthing;
|
||||||
|
service = "syncthing";
|
||||||
|
secretsDir = "/etc/secrets/${service}";
|
||||||
|
password = {
|
||||||
|
path = "syncthing/${config.networking.hostName}";
|
||||||
|
selector = "@";
|
||||||
|
generator = ''(t="$(mktemp -d)" && ${lib.getExe pkgs.syncthing} generate --home="$t" &> /dev/null && cat "$t"/{cert,key}.pem && rm -rf "$t")'';
|
||||||
|
};
|
||||||
|
in
|
||||||
|
{
|
||||||
|
config = lib.mkIf cfg.enable {
|
||||||
|
services.${service} = {
|
||||||
|
guiAddress = "127.0.0.1:8385"; # DEBUG
|
||||||
|
|
||||||
|
openDefaultPorts = true;
|
||||||
|
configDir = "/var/lib/${service}";
|
||||||
|
databaseDir = "/var/cache/${service}";
|
||||||
|
dataDir = cfg.databaseDir; # Don't really care
|
||||||
|
|
||||||
|
key = "${secretsDir}/key.pem";
|
||||||
|
cert = "${secretsDir}/cert.pem";
|
||||||
|
};
|
||||||
|
systemd.services.${service} = {
|
||||||
|
serviceConfig.ExecStartPre = [
|
||||||
|
"+${pkgs.writeShellScript "syncthing-create-folders" ''
|
||||||
|
install -Dm700 -o ${cfg.user} -g ${cfg.group} -d ${cfg.configDir}
|
||||||
|
install -Dm700 -o ${cfg.user} -g ${cfg.group} -d ${cfg.databaseDir}
|
||||||
|
''}"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
vivarium.passwordFiles = {
|
||||||
|
${cfg.key}.password = password // {
|
||||||
|
transform = "${lib.getExe pkgs.openssl} pkey";
|
||||||
|
};
|
||||||
|
${cfg.cert}.password = password // {
|
||||||
|
transform = "${lib.getExe pkgs.openssl} x509";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
Loading…
Reference in a new issue