nixos/modules/resilio.nix

{ pkgs, lib, config, ... }:

let
  cfg = config.custom.resilio;
in
{
  options.custom.resilio = {
    enable = lib.mkEnableOption "resilio";

    extraUsers = lib.mkOption {
      type = with lib.types; listOf str;
      default = [ config.custom.user ];
    };

    folders = lib.mkOption {
      type = with lib.types; uniq (listOf attrs);
      default = [ ];
    };
  };

  config = lib.mkIf cfg.enable {
    users.users =
      let
        mkUser =
          (user: {
            name = user;
            value = {
              extraGroups = [ "rslsync" ];
            };
          });
      in
      builtins.listToAttrs (builtins.map mkUser cfg.extraUsers);

    age.secrets =
      let
        mkSecret = (secret: {
          name = secret.name;
          value = {
            file = secret.file;
            owner = "rslsync";
            group = "rslsync";
          };
        });
      in
      builtins.listToAttrs (builtins.map (folder: mkSecret folder.secret) cfg.folders);

    services.resilio = {
      enable = true;
      sharedFolders =
        let
          mkFolder = name: secret: {
            directory = "${config.services.resilio.directoryRoot}/${name}";
            secretFile = "${config.age.secrets."${secret.name}".path}";
            knownHosts = [ ];
            searchLAN = true;
            useDHT = true;
            useRelayServer = true;
            useSyncTrash = false;
            useTracker = true;
          };
        in
        builtins.map (folder: mkFolder folder.name folder.secret) cfg.folders;
    };

    systemd.services.resilio.unitConfig.RequiresMountsFor = builtins.map (folder: "${config.services.resilio.directoryRoot}/${folder.name}") cfg.folders;
  };
}
caddy: update to unstable The default config for automatic ACME no longer works in Caddy <2.8.0. This is due to changes with ZeroSSL's auth. Update to unstable Caddy which is new enough to renew certs again. Context: https://github.com/caddyserver/caddy/releases/tag/v2.8.0 Add `pkgs.unstable` as an overlay as recommended on the NixOS wiki. This is needed here as Caddy must be runnable on all architectures. 2024-09-04 23:10:42 +01:00			`{ pkgs, lib, config, ... }:`
resilio: modularise properly 2023-04-08 15:29:11 +01:00
			`let`
			`cfg = config.custom.resilio;`
			`in`
			`{`
			`options.custom.resilio = {`
			`enable = lib.mkEnableOption "resilio";`

			`extraUsers = lib.mkOption {`
			`type = with lib.types; listOf str;`
			`default = [ config.custom.user ];`
			`};`

			`folders = lib.mkOption {`
			`type = with lib.types; uniq (listOf attrs);`
			`default = [ ];`
			`};`
			`};`

			`config = lib.mkIf cfg.enable {`
			`users.users =`
			`let`
			`mkUser =`
			`(user: {`
			`name = user;`
			`value = {`
			`extraGroups = [ "rslsync" ];`
			`};`
			`});`
			`in`
			`builtins.listToAttrs (builtins.map mkUser cfg.extraUsers);`

			`age.secrets =`
			`let`
			`mkSecret = (secret: {`
			`name = secret.name;`
			`value = {`
			`file = secret.file;`
			`owner = "rslsync";`
			`group = "rslsync";`
			`};`
			`});`
			`in`
			`builtins.listToAttrs (builtins.map (folder: mkSecret folder.secret) cfg.folders);`

			`services.resilio = {`
			`enable = true;`
			`sharedFolders =`
			`let`
			`mkFolder = name: secret: {`
			`directory = "${config.services.resilio.directoryRoot}/${name}";`
			`secretFile = "${config.age.secrets."${secret.name}".path}";`
			`knownHosts = [ ];`
			`searchLAN = true;`
			`useDHT = true;`
			`useRelayServer = true;`
			`useSyncTrash = false;`
			`useTracker = true;`
			`};`
			`in`
			`builtins.map (folder: mkFolder folder.name folder.secret) cfg.folders;`
			`};`
resilio: require mounts be available Without this resilio fails on boot on tywin.storage where the paths are on a ZFS array which gets mounted reliably later than the resilio service attempts to start. 2024-09-14 02:27:37 +01:00
			`systemd.services.resilio.unitConfig.RequiresMountsFor = builtins.map (folder: "${config.services.resilio.directoryRoot}/${folder.name}") cfg.folders;`
resilio: modularise properly 2023-04-08 15:29:11 +01:00			`};`
			`}`