Sops-Nix

system-modules/syncthing.nix

@@ -1,37 +1,56 @@
-{ pkgs, lib, user, host, secrets, ...}:
+{ config, pkgs, lib, user, host, secrets, ...}:
 let 
-  devices = {
-    north = { name = "NxNORTH"; id = ""; };
-    xps = { name = "NxXPS"; id = ""; };
-    ace = { name = "NxACE"; id = ""; };
-    s21u = { name = "NxS21U"; id = ""; };
-    diane = { name = "diane"; id = ""; };
-    daniel = { name = "daniel"; id = ""; };
-    tessa = { name = "tessa"; id = ""; };
-    georg = { name = "georg"; id = ""; };
-  };
+  # helper funcitons
   conv = _: device: with device; { "${name}" = {id = id;};}; 
+  justname = devices: (builtins.map (device: device.name)) devices;
+  todevice = key: name: { inherit name; id = secrets.syncthing.id.${key}; };
+  
+  devices = builtins.mapAttrs todevice {
+    north = "NxNORTH";
+    xps = "NxXPS";
+    ace = "NxACE";
+    s21u = "NxS21U";
+    diane = "diane";
+    daniel = "daniel";
+    tessa = "tessa";
+    georg = "georg";
+  };
+
   dirs = {
     default = { name = "sync"; path = "/home/${user}/sync"; };
   };
-  justname = devices: (builtins.map (device: device.name)) devices;
-  cd = /home/${user}/.config/syncthing;
+  cd = "/home/${user}/.config/syncthing";
 in 
 lib.mkIf (user != "tv")
 {
-  services.syncthing = {
+
+  sops.secrets = {
+    "syncthing/${host}-cert.pem" = {
+      owner = user;
+      # path = "/home/${user}/.config/syncthing/cert.pem";
+    };
+    "syncthing/${host}-key.pem" = {
+      owner = user;
+      # path = "/home/${user}/.config/syncthing/key.pem";
+    };
+  };
+
+  services.syncthing = with (builtins.mapAttrs conv devices); {
     enable = true;
     user = "${user}";
     dataDir = "/home/${user}/.local/share/syncthing"; # useless ?
     configDir = cd; 
-    # key = builtins.toFile "key.pem" secrets.syncthing.${host}.key;
-    # cert = builtins.toFile "cert.pem" secrets.syncthing.${host}.cert;
-    # overrideDevices = true;    
-    # overrideFolders = true;    
+    # key = "/home/${user}/.config/syncthing/key.pem";
+    # cert = "/home/${user}/.config/syncthing/cert.pem";
+    key = config.sops.secrets."syncthing/${host}-key.pem".path;
+    cert = config.sops.secrets."syncthing/${host}-cert.pem".path;
+    overrideDevices = true;    
+    overrideFolders = true;    
+    guiAddress = if ( host == "NxACE" ) then "0.0.0.0:8384" else "127.0.0.1:8384";
     settings = {
       devices = with (builtins.mapAttrs conv devices); if (host == "NxXPS") then (
         north // ace // s21u
-      ) else if (host == "NxNORTH") then (
+      ) else if (host == "NxNORTH") then (        
         xps // ace // s21u
       ) else (
         north // xps // s21u // diane // daniel // tessa // georg 
@@ -41,11 +60,26 @@ lib.mkIf (user != "tv")
           path = default.path;
           devices = with devices; (justname [ north ace s21u ]);     
         };
+      } else if (host == "NxNORTH") then {
+        "${default.name}" = {        
+          path = default.path;
+          devices = with devices; (justname [  s21u ]);
+          # devices = with devices; (justname [ xps ace s21u ]);
+        };
       } else {
-        what = "dman";
+        "${default.name}" = {        
+          path = default.path;
+          devices = with devices; (justname [ xps north s21u ]);
+        };
+      };
+      gui = {
+        theme = "black";
+        user = user;
+        password = secrets.syncthing.gui-password; # option to use a file is till in the works... https://github.com/NixOS/nixpkgs/issues/85336
       };
     };
   };
-  
+
+  systemd.services."syncthing".after = [ "sops-nix.service" ];
 }