From 062609fabf4c6013af6c5c8643fdf57e961dab40 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Motiejus=20Jak=C5=A1tys?= <motiejus@jakstys.lt>
Date: Wed, 5 Jun 2024 23:04:52 +0300
Subject: [PATCH] use secrets in syncthing

---
 flake.nix                              | 2 ++
 modules/services/syncthing/default.nix | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/flake.nix b/flake.nix
index 7ab8739..3105b8b 100644
--- a/flake.nix
+++ b/flake.nix
@@ -244,6 +244,8 @@
                 motiejus-passwd-hash.file = ./secrets/motiejus_passwd_hash.age;
                 root-passwd-hash.file = ./secrets/root_passwd_hash.age;
                 sasl-passwd.file = ./secrets/postfix_sasl_passwd.age;
+                syncthing-key.file = ./secrets/fwminex/syncthing/key.pem.age;
+                syncthing-cert.file = ./secrets/fwminex/syncthing/cert.pem.age;
               };
             }
           ];
diff --git a/modules/services/syncthing/default.nix b/modules/services/syncthing/default.nix
index 27c87af..3ee318a 100644
--- a/modules/services/syncthing/default.nix
+++ b/modules/services/syncthing/default.nix
@@ -126,6 +126,8 @@ in {
     services.syncthing = {
       inherit (cfg) enable user group dataDir;
       openDefaultPorts = true;
+      key = config.age.secrets.syncthing-key.path;
+      cert = config.age.secrets.syncthing-cert.path;
 
       settings = {
         devices =