diff --git a/data.nix b/data.nix index 7b5b079..6b124fb 100644 --- a/data.nix +++ b/data.nix @@ -16,12 +16,22 @@ rec { publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHtYsaht57g2sp6UmLHqsCK+fHjiiZ0rmGceFmFt88pY"; initrdPubKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKns3+EIPqKeoB5OIxANIkppb5ICOmkW8X1DOKJPeRWr"; publicIP = "88.223.107.21"; + jakstIP = "100.89.176.4"; }; "hel1-a.servers.jakst" = { extraHostNames = ["hel1-a.jakstys.lt" "git.jakstys.lt" "vpn.jakstys.lt" "jakstys.lt" "www.jakstys.lt"]; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF6Wd2lKrpP2Gqul10obMo2dc1xKaaLv0I4FAnfIaFKu"; initrdPubKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEzt0eaSRTAfM2295x4vACEd5VFqVeYJPV/N9ZUq+voP"; publicIP = "65.21.7.119"; + jakstIP = "100.89.176.3"; + }; + "fwmine.motiejus.jakst" = { + publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIPi4N6NhUjAwZNSbi/Eb9zliZtrCzNEHmKb4UGRsJqF"; + jakstIP = "100.89.176.6"; + }; + "mxp10.motiejus.jakst" = { + publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIy9IR7Jq3hRZ5JgwfmeCgSKFrdgujnZt79uxDPVi3tu"; + jakstIP = "100.89.176.1"; }; "zh2769.rsync.net" = { publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJtclizeBy1Uo3D86HpgD3LONGVH0CJ0NT+YfZlldAJd"; diff --git a/hosts/hel1-a/configuration.nix b/hosts/hel1-a/configuration.nix index 2b53633..099d23b 100644 --- a/hosts/hel1-a/configuration.nix +++ b/hosts/hel1-a/configuration.nix @@ -90,7 +90,6 @@ in { isSystemUser = true; uid = myData.uidgid.gitea; }; - }; groups = { @@ -426,7 +425,7 @@ in { networking = { hostName = "hel1-a"; - domain = "jakstys.lt"; + domain = "servers.jakst"; firewall = let coturn = with config.services.coturn; [ { diff --git a/hosts/vno1-oh2/configuration.nix b/hosts/vno1-oh2/configuration.nix index 21dd765..509eb35 100644 --- a/hosts/vno1-oh2/configuration.nix +++ b/hosts/vno1-oh2/configuration.nix @@ -35,6 +35,13 @@ }; }; + services.syncthing = { + enable = true; + dataDir = "/home/motiejus/"; + user = "motiejus"; + group = "users"; + }; + services.zfsunlock = { enable = true; targets."hel1-a.servers.jakst" = { @@ -89,7 +96,7 @@ networking = { hostId = "f9117e1b"; hostName = "vno1-oh2"; - domain = "jakstys.lt"; + domain = "servers.jakst"; defaultGateway = "192.168.189.4"; nameservers = ["192.168.189.4"]; interfaces.enp3s0.ipv4.addresses = [ diff --git a/modules/services/default.nix b/modules/services/default.nix index eacf82f..bb9e45e 100644 --- a/modules/services/default.nix +++ b/modules/services/default.nix @@ -5,6 +5,7 @@ ... }: { imports = [ + ./syncthing ./zfsunlock ]; } diff --git a/modules/services/syncthing/default.nix b/modules/services/syncthing/default.nix new file mode 100644 index 0000000..fedaa2d --- /dev/null +++ b/modules/services/syncthing/default.nix @@ -0,0 +1,96 @@ +{ + config, + lib, + myData, + ... +}: let + guiPort = 8384; +in { + options.mj.services.syncthing = with lib.types; { + enable = lib.mkEnableOption "Enable services syncthing settings"; + user = lib.mkOption {type = str;}; + group = lib.mkOption {type = str;}; + dataDir = lib.mkOption {type = path;}; + }; + + config = lib.mkIf config.mj.services.syncthing.enable { + networking.firewall.extraCommands = let + hosts = lib.attrVals ["mxp10.motiejus.jakst" "fwmine.motiejus.jakst"] myData.hosts; + ips = lib.catAttrs "jakstIP" hosts; + lines = map (ip: "iptables -A INPUT -p tcp --dport 8384 -s ${ip} -j ACCEPT") ips; + in + lib.concatLines lines; + + services.syncthing = { + enable = config.mj.services.syncthing.enable; + openDefaultPorts = true; + guiAddress = let + fqdn = with config.networking; "${hostName}.${domain}"; + jakstIP = lib.getAttrFromPath [fqdn "jakstIP"] myData.hosts; + guiPortStr = builtins.toString guiPort; + in "${jakstIP}:${guiPortStr}"; + user = config.mj.services.syncthing.user; + group = config.mj.services.syncthing.group; + dataDir = config.mj.services.syncthing.dataDir; + + extraOptions.gui.insecureAdminAccess = true; + + devices = + {} + // (lib.optionalAttrs (config.networking.hostName == "vno1-oh2") { + "fwmine".id = "GKSUKZE-AOBQOWY-CNLZ2ZI-WNKATYE-MV4Y452-J3VCJ5C-EAANXRX-2P6EHA6"; + "mxp10".id = "LO54QZZ-5J3G62P-WUVM3MW-7J3VWHD-BG76TOQ-5S7PZSY-JU45K3I-X3ZL4AN"; + "rzj-744P2PE".id = "UW6ISH2-NW6X6AW-BJR76TV-TV3BIGZ-PA5QH2M-YEF567T-IWMHKD5-P3XHHAH"; + }) + // {}; + + folders = { + "${config.services.syncthing.dataDir}/annex2/Books" = { + devices = ["mxp10" "fwmine"]; + id = "8lk0n-mm63y"; + label = "Books"; + }; + "${config.services.syncthing.dataDir}/annex2/M-Active" = { + devices = ["mxp10" "fwmine"]; + id = "f6fma-unkxq"; + label = "M-Active"; + }; + "${config.services.syncthing.dataDir}/annex2/M-Camera" = { + devices = ["mxp10" "fwmine"]; + id = "pixel_xl_dtm3-photos"; + label = "M-Active"; + }; + "${config.services.syncthing.dataDir}/annex2/M-Documents" = { + devices = ["fwmine"]; + id = "4fu7z-z6es2"; + label = "M-Documents"; + }; + "${config.services.syncthing.dataDir}/annex2/R-Documents" = { + devices = ["rzj-744P2PE"]; + id = "nm23h-aog6k"; + label = "R-Documents"; + }; + "${config.services.syncthing.dataDir}/annex2/Pictures" = { + devices = ["fwmine"]; + id = "d3hur-cbzyw"; + label = "Pictures"; + }; + "${config.services.syncthing.dataDir}/stud-cache" = { + devices = ["fwmine"]; + id = "2kq7n-jqzxj"; + label = "stud-cache"; + }; + "${config.services.syncthing.dataDir}/video/shared" = { + devices = ["mxp10" "fwmine"]; + id = "byzmw-f6zhg"; + label = "video-shared"; + }; + "${config.services.syncthing.dataDir}/music" = { + devices = ["fwmine" "mxp10"]; + id = "tg94v-cqcwr"; + label = "music"; + }; + }; + }; + }; +}