{ pkgs, lib, config, ... }: let cfg = config.services.syncthing; service = "syncthing"; secretsDir = "/etc/secrets/${service}"; password = { path = "syncthing/${config.networking.hostName}"; selector = "@"; generator = ''(t="$(mktemp -d)" && ${lib.getExe pkgs.syncthing} generate --home="$t" &> /dev/null && cat "$t"/{cert,key}.pem && rm -rf "$t")''; }; in { config = lib.mkIf cfg.enable { services.${service} = { guiAddress = "127.0.0.1:8385"; # DEBUG openDefaultPorts = true; configDir = "/var/lib/${service}"; databaseDir = "/var/cache/${service}"; dataDir = cfg.databaseDir; # Don't really care key = "${secretsDir}/key.pem"; cert = "${secretsDir}/cert.pem"; }; systemd.services.${service} = { serviceConfig.ExecStartPre = [ "+${pkgs.writeShellScript "syncthing-create-folders" '' install -Dm700 -o ${cfg.user} -g ${cfg.group} -d ${cfg.configDir} install -Dm700 -o ${cfg.user} -g ${cfg.group} -d ${cfg.databaseDir} ''}" ]; }; vivarium.passwordFiles = { ${cfg.key}.password = password // { transform = "${lib.getExe pkgs.openssl} pkey"; }; ${cfg.cert}.password = password // { transform = "${lib.getExe pkgs.openssl} x509"; }; }; }; }