Add syncthing service

inverted-tree · inverted-tree · commit fef2b0ec1fd1 · 2025-07-03T21:28:14.000+02:00
The itxs host now has a syncthing service running to sync backups and
documents to the backup dir.
diff --git a/hosts/itxserver/configuration.nix b/hosts/itxserver/configuration.nix
@@ -22,6 +22,19 @@ in
     inputs.sops-nix.nixosModules.sops
   ];
 
+  sops = {
+    defaultSopsFormat = "dotenv";
+    age.keyFile = "/home/lukas/.config/sops/age/keys.txt";
+    secrets.syncthing-user = {
+      sopsFile = ../../secrets/syncthing.env.enc;
+      key = "user";
+    };
+    secrets.syncthing-password = {
+      sopsFile = ../../secrets/syncthing.env.enc;
+      key = "password";
+    };
+  };
+
   nix.settings.experimental-features = [
     "nix-command"
     "flakes"
@@ -75,8 +88,13 @@ in
         8123
         8888
         32400
+        8384 # Syncthing web GUI
+        22000 # Syncthing traffic
+      ];
+      allowedUDPPorts = [
+        22000 # Syncthing traffic
+        21027 # Syncthing discovery
       ];
-      allowedUDPPorts = [ ];
     };
     search = [ "tabby-crocodile.ts.net" ];
   };
@@ -95,6 +113,7 @@ in
     git
     gnumake
     nixfmt-rfc-style
+    sops
     tailscale
     tree
     vim
@@ -121,6 +140,37 @@ in
     };
     envfs.enable = true;
     tailscale.enable = true;
+    syncthing = {
+      enable = true;
+      group = "syncthing";
+      user = "lukas";
+      dataDir = "/home/lukas/sync";
+      configDir = "/home/lukas/.config/syncthing";
+      overrideDevices = true;
+      overrideFolders = true;
+      settings = {
+        gui = {
+          user = config.sops.secrets.syncthing-user;
+          password = config.sops.secrets.syncthing-password;
+          address = "0.0.0.0:8384";
+        };
+        devices = {
+          "MacBook-Pro" = {
+            id = "GZAKPGB-BBVIY5T-2D3EY22-YYMGT5L-R3MNHGX-GYWNRWR-TG4BUMW-BQMBBAU";
+          };
+        };
+        folders = {
+          "Mobile Backups" = {
+            path = "/data/backups/lukas/phone";
+            devices = [ "MacBook-Pro" ];
+          };
+          "Documents" = {
+            path = "/data/backups/lukas/documents";
+            devices = [ "MacBook-Pro" ];
+          };
+        };
+      };
+    };
   };
 
   programs = {
diff --git a/secrets/syncthing.env.enc b/secrets/syncthing.env.enc
@@ -0,0 +1,8 @@
+user=ENC[AES256_GCM,data:gMoBHdI=,iv:hgG/nTMAbh2TM5epIvF2puoElXGUs3lOHvDoEQgS6cs=,tag:exQwpmfrVEb3A8UIBe+OSg==,type:str]
+password=ENC[AES256_GCM,data:5RPTMjvzJSvstU4VuQZyBtzmQZoBYM+3CaR4ABNlfUU=,iv:Yl5MyivftN52TRQei+knP3KsoFfhgN/vj+pD3sz5ogM=,tag:7r+aY6b+3ffeQH1aFCW/wg==,type:str]
+sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtMmEyWURYWWl4Tk5sV09H\nd01SU2xTQUN3a2MyZnhSUC9xRHYwWXVaanhrCmZEeElFMmFsY0ljamtrdG92RENW\nVHVMU3ArME9vWHZCT1I2dkNLaTYwQ1EKLS0tIEpDNzlPNjVHWmFJU3cyZVpDcUE1\nbjdqRGppcG5iSWRJME8xR0M3dDVlNkkKtvvRYeui4b/RgAzjQpElOX33lX2M7V15\ndTgWKHAiSVE2Ta+HcU4BfDFj/fb+f5kipw1ETv59rDVWsGJDpOA3ew==\n-----END AGE ENCRYPTED FILE-----\n
+sops_age__list_0__map_recipient=age1njkfdv4ayqlqak76az6ezhse8hn3gmgt9ntur2edyz3watx2xdqq3jklqm
+sops_lastmodified=2025-07-03T18:19:00Z
+sops_mac=ENC[AES256_GCM,data:XHl+3pEk0be2WlHMv7zOxgXFE8WeVTuKjIwiJjdxczL6qfEFtC9OH5yi4YnfGu5CKdwfqc7c57yRksVGwDgIlzLk3ZErlNWY5gP1R1V+Rg/xstMRibvg7HG1hHV76oPtV6Fht5MLz6tJIba7AVHK7t+37qJm8k10NsRF20sdS1I=,iv:ionftZtVoEKdv8iXu1M7D5qOgPcu+WN4dvj/YHqO7tk=,tag:KOeGqhCSN+TMGcUb4vU0ig==,type:str]
+sops_unencrypted_suffix=_unencrypted
+sops_version=3.10.2
diff --git a/users/lukas.nix b/users/lukas.nix
@@ -6,6 +6,7 @@
     extraGroups = [
       "wheel"
       "docker"
+      "syncthing"
     ];
     shell = pkgs.zsh;
     packages = with pkgs; [
@@ -20,6 +21,7 @@
       python3
       starship
       syncthing
+      tmux
       tree
       usbutils
       wget
