diff --git a/hosts/vm.strangervm.ts.hillion.co.uk/default.nix b/hosts/vm.strangervm.ts.hillion.co.uk/default.nix index e03ce47..43ef260 100644 --- a/hosts/vm.strangervm.ts.hillion.co.uk/default.nix +++ b/hosts/vm.strangervm.ts.hillion.co.uk/default.nix @@ -7,10 +7,12 @@ networking.domain = "strangervm.ts.hillion.co.uk"; imports = [ - ./hardware-configuration.nix ../../modules/common/default.nix - ../../modules/secrets/tailscale/vm.strangervm.ts.hillion.co.uk.nix + ../../modules/resilio/default.nix ../../modules/reverse-proxy/global.nix + ../../modules/secrets/resilio/encrypted.nix + ../../modules/secrets/tailscale/vm.strangervm.ts.hillion.co.uk.nix + ./hardware-configuration.nix ]; boot.loader.grub = { @@ -23,5 +25,10 @@ prefixLength = 24; }]; networking.defaultGateway = "10.72.164.1"; + + ## Resilio Sync (Encrypted) + services.resilio.enable = true; + services.resilio.deviceName = "vm.strangervm"; + services.resilio.directoryRoot = "/data/sync"; } diff --git a/hosts/vm.strangervm.ts.hillion.co.uk/hardware-configuration.nix b/hosts/vm.strangervm.ts.hillion.co.uk/hardware-configuration.nix index eb1c88d..776bd60 100644 --- a/hosts/vm.strangervm.ts.hillion.co.uk/hardware-configuration.nix +++ b/hosts/vm.strangervm.ts.hillion.co.uk/hardware-configuration.nix @@ -18,6 +18,11 @@ fsType = "ext4"; }; + fileSystems."/data" = + { device = "/dev/disk/by-uuid/01a351b8-cf66-4a31-9804-0b4145e69153"; + fsType = "btrfs"; + }; + swapDevices = [ ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking @@ -26,7 +31,7 @@ # with explicit per-interface declarations with `networking.interfaces..useDHCP`. networking.useDHCP = lib.mkDefault true; # networking.interfaces.ens18.useDHCP = lib.mkDefault true; + # networking.interfaces.tailscale0.useDHCP = lib.mkDefault true; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; } - diff --git a/modules/common/default.nix b/modules/common/default.nix index da5bbdf..3ade4b4 100644 --- a/modules/common/default.nix +++ b/modules/common/default.nix @@ -18,6 +18,7 @@ options = "--delete-older-than 90d"; }; }; + nixpkgs.config.allowUnfree = true; time.timeZone = "Europe/London"; i18n.defaultLocale = "en_GB.UTF-8"; diff --git a/modules/resilio/default.nix b/modules/resilio/default.nix new file mode 100644 index 0000000..6f39102 --- /dev/null +++ b/modules/resilio/default.nix @@ -0,0 +1,23 @@ +{ pkgs, lib, config, ... }: + +{ + options.resilioFolders = lib.mkOption { + type = with lib.types; uniq (listOf attrs); + default = []; + }; + + config.services.resilio.sharedFolders = + let + mkFolder = name: secret: { + directory = "${config.services.resilio.directoryRoot}/${name}"; + secret = "${secret}"; + knownHosts = []; + searchLAN = true; + useDHT = true; + useRelayServer = true; + useSyncTrash = false; + useTracker = true; + }; + in builtins.map (folder: mkFolder folder.name folder.secret) config.resilioFolders; +} + diff --git a/modules/secrets b/modules/secrets index f79ce8b..5e88b57 160000 --- a/modules/secrets +++ b/modules/secrets @@ -1 +1 @@ -Subproject commit f79ce8b5b5eb6e558363ba63f5f31cf7cf023cf1 +Subproject commit 5e88b57ee4dbf292b74a52351dd87cddc12a2356