syncthing: OS-level barebones test

To test OS-level passwords
This commit is contained in:
Geoffrey Frogeye 2024-06-18 22:58:58 +02:00
parent a39118d439
commit eab20b4339
Signed by: geoffrey
GPG key ID: C72403E7F82E6AD8
2 changed files with 43 additions and 0 deletions

View file

@ -16,6 +16,7 @@
./printing
./remote-builds
./style
./syncthing
./wireless
];
}

42
os/syncthing/default.nix Normal file
View file

@ -0,0 +1,42 @@
{ pkgs, lib, config, ... }:
let
cfg = config.services.syncthing;
service = "syncthing";
secretsDir = "/etc/secrets/${service}";
password = {
path = "syncthing/${config.networking.hostName}";
selector = "@";
generator = ''(t="$(mktemp -d)" && ${lib.getExe pkgs.syncthing} generate --home="$t" &> /dev/null && cat "$t"/{cert,key}.pem && rm -rf "$t")'';
};
in
{
config = lib.mkIf cfg.enable {
services.${service} = {
guiAddress = "127.0.0.1:8385"; # DEBUG
openDefaultPorts = true;
configDir = "/var/lib/${service}";
databaseDir = "/var/cache/${service}";
dataDir = cfg.databaseDir; # Don't really care
key = "${secretsDir}/key.pem";
cert = "${secretsDir}/cert.pem";
};
systemd.services.${service} = {
serviceConfig.ExecStartPre = [
"+${pkgs.writeShellScript "syncthing-create-folders" ''
install -Dm700 -o ${cfg.user} -g ${cfg.group} -d ${cfg.configDir}
install -Dm700 -o ${cfg.user} -g ${cfg.group} -d ${cfg.databaseDir}
''}"
];
};
vivarium.passwordFiles = {
${cfg.key}.password = password // {
transform = "${lib.getExe pkgs.openssl} pkey";
};
${cfg.cert}.password = password // {
transform = "${lib.getExe pkgs.openssl} x509";
};
};
};
}