resilio: modularise properly
All checks were successful
continuous-integration/drone/pr Build is passing
continuous-integration/drone/push Build is passing

This commit is contained in:
Jake Hillion 2023-04-08 15:29:11 +01:00
parent 7a6a0dceed
commit 25ae59d96d
6 changed files with 191 additions and 169 deletions

View File

@ -1,11 +1,6 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
{ {
config.system.stateVersion = "22.05";
config.networking.hostName = "gendry";
config.networking.domain = "jakehillion-terminals.ts.hillion.co.uk";
imports = [ imports = [
../../modules/common/default.nix ../../modules/common/default.nix
../../modules/desktop/awesome/default.nix ../../modules/desktop/awesome/default.nix
@ -13,36 +8,68 @@
./bluetooth.nix ./bluetooth.nix
./hardware-configuration.nix ./hardware-configuration.nix
./persist.nix ./persist.nix
./resilio.nix
]; ];
config.boot.loader.systemd-boot.enable = true; config = {
config.boot.loader.efi.canTouchEfiVariables = true; system.stateVersion = "22.05";
networking.hostName = "gendry";
networking.domain = "jakehillion-terminals.ts.hillion.co.uk";
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
## Resilio
custom.resilio.enable = true;
services.resilio.deviceName = "gendry.jakehillion-terminals";
services.resilio.directoryRoot = "/data/sync";
services.resilio.storagePath = "/data/sync/.sync";
custom.resilio.folders =
let
folderNames = [
"dad"
"joseph"
"projects"
"resources"
"sync"
];
mkFolder = name: {
name = name;
secret = {
name = "resilio/plain/${name}";
file = ../../secrets/resilio/plain/${name}.age;
};
};
in
builtins.map (mkFolder) folderNames;
## Tailscale ## Tailscale
config.age.secrets."tailscale/gendry.jakehillion-terminals.ts.hillion.co.uk".file = ../../secrets/tailscale/gendry.jakehillion-terminals.ts.hillion.co.uk.age; age.secrets."tailscale/gendry.jakehillion-terminals.ts.hillion.co.uk".file = ../../secrets/tailscale/gendry.jakehillion-terminals.ts.hillion.co.uk.age;
config.tailscalePreAuth = config.age.secrets."tailscale/gendry.jakehillion-terminals.ts.hillion.co.uk".path; tailscalePreAuth = config.age.secrets."tailscale/gendry.jakehillion-terminals.ts.hillion.co.uk".path;
## Password (for interactive logins) ## Password (for interactive logins)
config.age.secrets."passwords/gendry.jakehillion-terminals.ts.hillion.co.uk/jake".file = ../../secrets/passwords/gendry.jakehillion-terminals.ts.hillion.co.uk/jake.age; age.secrets."passwords/gendry.jakehillion-terminals.ts.hillion.co.uk/jake".file = ../../secrets/passwords/gendry.jakehillion-terminals.ts.hillion.co.uk/jake.age;
config.users.users."jake".passwordFile = config.age.secrets."passwords/gendry.jakehillion-terminals.ts.hillion.co.uk/jake".path; users.users."jake".passwordFile = config.age.secrets."passwords/gendry.jakehillion-terminals.ts.hillion.co.uk/jake".path;
config.security.sudo.wheelNeedsPassword = lib.mkForce true; security.sudo.wheelNeedsPassword = lib.mkForce true;
## Enable btrfs compression ## Enable btrfs compression
config.fileSystems."/data".options = [ "compress=zstd" ]; fileSystems."/data".options = [ "compress=zstd" ];
config.fileSystems."/nix".options = [ "compress=zstd" ]; fileSystems."/nix".options = [ "compress=zstd" ];
## Graphics ## Graphics
config.boot.initrd.kernelModules = [ "amdgpu" ]; boot.initrd.kernelModules = [ "amdgpu" ];
config.services.xserver.videoDrivers = [ "amdgpu" ]; services.xserver.videoDrivers = [ "amdgpu" ];
## Spotify ## Spotify
config.home-manager.users.jake.services.spotifyd.settings = { home-manager.users.jake.services.spotifyd.settings = {
global = { global = {
device_name = "Gendry"; device_name = "Gendry";
device_type = "computer"; device_type = "computer";
bitrate = 320; bitrate = 320;
}; };
}; };
};
} }

View File

@ -1,44 +0,0 @@
{ config, pkgs, lib, ... }:
let
folderNames = [
"dad"
"joseph"
"projects"
"resources"
"sync"
];
in
{
imports = [
../../modules/resilio/default.nix
];
## Resilio Sync (Unencrypted)
config.services.resilio.enable = true;
config.services.resilio.deviceName = "gendry.jakehillion-terminals";
config.services.resilio.directoryRoot = "/data/sync";
config.services.resilio.storagePath = "/data/sync/.sync";
config.age.secrets =
let
mkSecret = name: {
name = "resilio/plain/${name}";
value = {
file = ../../secrets/resilio/plain/${name}.age;
owner = "rslsync";
group = "rslsync";
};
};
in
builtins.listToAttrs (builtins.map (mkSecret) folderNames);
config.resilioFolders =
let
mkFolder = name: {
name = name;
secretFile = config.age.secrets."resilio/plain/${name}".path;
};
in
builtins.map (mkFolder) folderNames;
}

View File

@ -1,35 +1,35 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
{ {
config.system.stateVersion = "22.05";
config.networking.hostName = "vm";
config.networking.domain = "strangervm.ts.hillion.co.uk";
imports = [ imports = [
../../modules/common/default.nix ../../modules/common/default.nix
../../modules/drone/server.nix ../../modules/drone/server.nix
../../modules/matrix/default.nix ../../modules/matrix/default.nix
../../modules/resilio/default.nix
./hardware-configuration.nix ./hardware-configuration.nix
]; ];
config.boot.loader.grub = { config = {
system.stateVersion = "22.05";
networking.hostName = "vm";
networking.domain = "strangervm.ts.hillion.co.uk";
boot.loader.grub = {
enable = true; enable = true;
device = "/dev/sda"; device = "/dev/sda";
}; };
## Custom Services ## Custom Services
config.custom.www.global.enable = true; custom.www.global.enable = true;
## Networking ## Networking
config.networking.interfaces.ens18.ipv4.addresses = [{ networking.interfaces.ens18.ipv4.addresses = [{
address = "10.72.164.3"; address = "10.72.164.3";
prefixLength = 24; prefixLength = 24;
}]; }];
config.networking.defaultGateway = "10.72.164.1"; networking.defaultGateway = "10.72.164.1";
config.networking.firewall = { networking.firewall = {
allowedTCPPorts = lib.mkForce [ allowedTCPPorts = lib.mkForce [
22 # SSH 22 # SSH
]; ];
@ -48,43 +48,34 @@
}; };
## Tailscale ## Tailscale
config.age.secrets."tailscale/vm.strangervm.ts.hillion.co.uk".file = ../../secrets/tailscale/vm.strangervm.ts.hillion.co.uk.age; age.secrets."tailscale/vm.strangervm.ts.hillion.co.uk".file = ../../secrets/tailscale/vm.strangervm.ts.hillion.co.uk.age;
config.tailscalePreAuth = config.age.secrets."tailscale/vm.strangervm.ts.hillion.co.uk".path; tailscalePreAuth = config.age.secrets."tailscale/vm.strangervm.ts.hillion.co.uk".path;
## Resilio Sync (Encrypted) ## Resilio Sync (Encrypted)
config.services.resilio.enable = true; custom.resilio.enable = true;
config.services.resilio.deviceName = "vm.strangervm"; services.resilio.deviceName = "vm.strangervm";
config.services.resilio.directoryRoot = "/data/sync"; services.resilio.directoryRoot = "/data/sync";
config.services.resilio.storagePath = "/data/sync/.sync"; services.resilio.storagePath = "/data/sync/.sync";
config.age.secrets."resilio/encrypted/dad" = { custom.resilio.folders =
file = ../../secrets/resilio/encrypted/dad.age; let
owner = "rslsync"; folderNames = [
group = "rslsync"; "dad"
}; "projects"
config.age.secrets."resilio/encrypted/projects" = { "resources"
file = ../../secrets/resilio/encrypted/projects.age; "sync"
owner = "rslsync";
group = "rslsync";
};
config.age.secrets."resilio/encrypted/resources" = {
file = ../../secrets/resilio/encrypted/resources.age;
owner = "rslsync";
group = "rslsync";
};
config.age.secrets."resilio/encrypted/sync" = {
file = ../../secrets/resilio/encrypted/sync.age;
owner = "rslsync";
group = "rslsync";
};
config.resilioFolders = [
{ name = "dad"; secretFile = config.age.secrets."resilio/encrypted/dad".path; }
{ name = "projects"; secretFile = config.age.secrets."resilio/encrypted/projects".path; }
{ name = "resources"; secretFile = config.age.secrets."resilio/encrypted/resources".path; }
{ name = "sync"; secretFile = config.age.secrets."resilio/encrypted/sync".path; }
]; ];
mkFolder = name: {
name = name;
secret = {
name = "resilio/encrypted/${name}";
file = ../../secrets/resilio/encrypted/${name}.age;
};
};
in
builtins.map (mkFolder) folderNames;
## Backups ## Backups
config.services.postgresqlBackup.location = "/data/backup/postgres"; services.postgresqlBackup.location = "/data/backup/postgres";
};
} }

View File

@ -2,7 +2,15 @@
{ {
imports = [ imports = [
./resilio.nix
./www/global.nix ./www/global.nix
./www/www-repo.nix ./www/www-repo.nix
]; ];
options.custom = {
user = lib.mkOption {
type = lib.types.str;
default = "jake";
};
};
} }

68
modules/resilio.nix Normal file
View File

@ -0,0 +1,68 @@
{ pkgs, lib, config, nixpkgs-unstable, ... }:
let
cfg = config.custom.resilio;
in
{
imports = [ "${nixpkgs-unstable}/nixos/modules/services/networking/resilio.nix" ];
disabledModules = [ "services/networking/resilio.nix" ];
options.custom.resilio = {
enable = lib.mkEnableOption "resilio";
extraUsers = lib.mkOption {
type = with lib.types; listOf str;
default = [ config.custom.user ];
};
folders = lib.mkOption {
type = with lib.types; uniq (listOf attrs);
default = [ ];
};
};
config = lib.mkIf cfg.enable {
users.users =
let
mkUser =
(user: {
name = user;
value = {
extraGroups = [ "rslsync" ];
};
});
in
builtins.listToAttrs (builtins.map mkUser cfg.extraUsers);
age.secrets =
let
mkSecret = (secret: {
name = secret.name;
value = {
file = secret.file;
owner = "rslsync";
group = "rslsync";
};
});
in
builtins.listToAttrs (builtins.map (folder: mkSecret folder.secret) cfg.folders);
services.resilio = {
enable = true;
sharedFolders =
let
mkFolder = name: secret: {
directory = "${config.services.resilio.directoryRoot}/${name}";
secretFile = "${config.age.secrets."${secret.name}".path}";
knownHosts = [ ];
searchLAN = true;
useDHT = true;
useRelayServer = true;
useSyncTrash = false;
useTracker = true;
};
in
builtins.map (folder: mkFolder folder.name folder.secret) cfg.folders;
};
};
}

View File

@ -1,28 +0,0 @@
{ pkgs, lib, config, nixpkgs-unstable, ... }:
{
imports = [ "${nixpkgs-unstable}/nixos/modules/services/networking/resilio.nix" ];
disabledModules = [ "services/networking/resilio.nix" ];
options.resilioFolders = lib.mkOption {
type = with lib.types; uniq (listOf attrs);
default = [ ];
};
config.users.users.jake.extraGroups = [ "rslsync" ];
config.services.resilio.sharedFolders =
let
mkFolder = name: secretFile: {
directory = "${config.services.resilio.directoryRoot}/${name}";
secretFile = "${secretFile}";
knownHosts = [ ];
searchLAN = true;
useDHT = true;
useRelayServer = true;
useSyncTrash = false;
useTracker = true;
};
in
builtins.map (folder: mkFolder folder.name folder.secretFile) config.resilioFolders;
}