added syncthing password

2024-12-23 00:13:41 +01:00 · 2024-12-23 00:13:41 +01:00 · 985b5344f6
commit 985b5344f6
parent a94fee1cd2
5 changed files with 20 additions and 18 deletions
--- a/flake.nix
+++ b/flake.nix
@ -72,6 +72,7 @@
              home-manager.useGlobalPkgs = true;
              home-manager.useUserPackages = true;
            }
+          attrs.sops-nix.nixosModules.sops
          attrs.disko.nixosModules.disko
          attrs.stylix.nixosModules.stylix
          attrs.nixvim.nixosModules.nixvim
@ -101,6 +102,7 @@
              home-manager.useGlobalPkgs = true;
              home-manager.useUserPackages = true;
            }
+          attrs.sops-nix.nixosModules.sops
          attrs.disko.nixosModules.disko
          attrs.stylix.nixosModules.stylix
          attrs.nixvim.nixosModules.nixvim
@ -132,6 +134,7 @@
              home-manager.useGlobalPkgs = true;
              home-manager.useUserPackages = true;
            }
+          attrs.sops-nix.nixosModules.sops
          attrs.disko.nixosModules.disko
          attrs.stylix.nixosModules.stylix
          attrs.nixvim.nixosModules.nixvim
@ -163,6 +166,7 @@
              home-manager.useGlobalPkgs = true;
              home-manager.useUserPackages = true;
            }
+          attrs.sops-nix.nixosModules.sops
          attrs.disko.nixosModules.disko
          attrs.stylix.nixosModules.stylix
          attrs.nixvim.nixosModules.nixvim
--- a/modules/common/sops.nix
+++ b/modules/common/sops.nix
@ -1,9 +1,6 @@
-{ attrs, ... }:
+{ ... }:
 {

-  imports = [
-    attrs.sops-nix.nixosModules.sops
-  ];

  sops.defaultSopsFile = ../../secrets/secrets.yaml;
  sops.defaultSopsFormat = "yaml";
@ -13,6 +10,12 @@
  sops.secrets."ssh/root/private" = {
    owner = "root";
  };
+
  sops.secrets."syncthing/password" = {
+    mode = "440";
+    group = "syncthing";
  };
+
+  users.groups.syncthing = { };
+
 }
--- a/modules/common/syncthing.nix
+++ b/modules/common/syncthing.nix
@ -1,4 +1,4 @@
-{ lib, types, config, ... }:
+{ lib, config, ... }:
 let
  deviceList = builtins.attrNames config.common.syncthing.devices;
 in
@ -20,18 +20,13 @@ in
    };
  };

-  config.services.syncthing = lib.mkIf config.common.syncthing.enable {
+  config.home-manager.users.willifan.services.syncthing = lib.mkIf config.common.syncthing.enable {
    enable = lib.mkDefault true;
-    user = lib.mkDefault "willifan";
-    dataDir = lib.mkDefault "/mnt/data";
-    configDir = lib.mkDefault "/mnt/data/.config/syncthing";
    overrideDevices = lib.mkDefault true;
    overrideFolders = lib.mkDefault true;
+    passwordFile = config.sops.secrets."syncthing/password".path;
    settings = {
-      gui = {
-        user = lib.mkDefault "willifan";
-        password = lib.mkDefault "temppassword";
-      };
+      gui.user = "willifan";
      devices = config.common.syncthing.devices;
      folders = lib.mkDefault {
        "Documents" = {
--- a/secrets/secrets.yaml
+++ b/secrets/secrets.yaml
@ -3,7 +3,7 @@ ssh:
    root:
        private: ENC[AES256_GCM,data:DX6CCw==,iv:d+ju8wDKcuiEb5W2/xKMUu7TtyrLPvfZggrNCjJj/qc=,tag:kwTVpW706rgH9JGXhiu8yg==,type:str]
 syncthing:
-    password: ENC[AES256_GCM,data:LzF/9A==,iv:+w/Fg0hMGAw4FKvY0cnT5bKVNhwLf18EOFV4hnApzbI=,tag:qjGxsCb0m9yMvhEyIn/HJw==,type:str]
+    password: ENC[AES256_GCM,data:GcHxNKGqzjELPefKVlzErm9Ysqk=,iv:3izHDNULVumtR8nvQtvGI5j5FvUoLv9crnRmRBzzLD0=,tag:jq6b1SUnJx+qqiHenHV4VA==,type:str]
 sops:
    kms: []
    gcp_kms: []
@ -19,8 +19,8 @@ sops:
            K1NUZDI1SDQ2UVIyVWdkYW5PYWF1TDQKPFPXOdYOsqoh/ivAUl9SgJQeEI4yBJuq
            vfK/44pf9CcoWG0+J1di2pklliXRKqSrC63bdUgRVKOZwdxZOkQUKw==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-12-08T16:40:52Z"
-    mac: ENC[AES256_GCM,data:FjDaDzAYWCWS9SsGKfh0yfofuzjW+p2hbt3tEYQhlWHU+VrEOOopaZXQ/Ut2QfafsEX3NV9TCJAhQsy4WsDs7Jz0XqfoydmDomhyOWMXOz9mpxFR+oKvct2bM5Ai0vibBaEJjPIw8ELFIeDI19V0IPmAFSdGeUgameKMn8Lpc4U=,iv:opqmhUsyYM4mhBqN8Nf1ec0E72rMbfxgD05ffKYDbWo=,tag:X6XR7oVcGg8sMXNGz58K4g==,type:str]
+    lastmodified: "2024-12-22T22:52:20Z"
+    mac: ENC[AES256_GCM,data:PyP4U9d5goV+kBk4Of9bBCW2emQK6pk8yCFfHK+1VlTZGK3UtbSUQ3l7nuLOhXrWg52gk7tQL2Wznq7GJCZ4ffHHDTwZC9OpcoOSKxoroEtlHxu7DUwR4E/Jz8DD0Y8yYpQ3psx5jZeBFSX8y60Xd4OMYq5Z9sJ9NdLw0QUt3JE=,iv:XlVylWl7rs9nhSdPVqN9rjLMVxf9Y8m049viK3pPWXI=,tag:TIbdl7ta8hMI9Re+Lo31Og==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
-    version: 3.9.1
+    version: 3.9.2
--- a/users/willifan/common/user.nix
+++ b/users/willifan/common/user.nix
@ -3,7 +3,7 @@
  users.users.willifan = {
    isNormalUser = true;
    description = "willifan";
-    extraGroups = [ "networkmanager" "wheel" ];
+    extraGroups = [ "networkmanager" "wheel" "syncthing" ];
  };

 }