From dd17839c41ffd728fbe82e1eac37090f2b2685b2 Mon Sep 17 00:00:00 2001 From: Dmitry Voronin Date: Sun, 8 Dec 2024 04:04:34 +0300 Subject: [PATCH] Add syncthing. --- config/Syncthing.nix | 31 +++++++++ home/file/mako/default.nix | 2 +- home/file/sway/module/Waybar.nix | 1 + host/x86_64-linux/desktop/default.nix | 5 +- host/x86_64-linux/home/Mumble.nix | 1 + host/x86_64-linux/home/Network.nix | 7 +- host/x86_64-linux/home/Photoprocess.nix | 87 ------------------------- host/x86_64-linux/home/default.nix | 7 ++ host/x86_64-linux/home/nginx/Sync.nix | 24 +++++++ option/Syncthing.nix | 43 ++++++++++++ 10 files changed, 113 insertions(+), 95 deletions(-) create mode 100644 config/Syncthing.nix delete mode 100644 host/x86_64-linux/home/Photoprocess.nix create mode 100644 host/x86_64-linux/home/nginx/Sync.nix create mode 100644 option/Syncthing.nix diff --git a/config/Syncthing.nix b/config/Syncthing.nix new file mode 100644 index 00000000..b0cb84be --- /dev/null +++ b/config/Syncthing.nix @@ -0,0 +1,31 @@ +{ + config, + lib, + ... +}: let + cfg = config.module.syncthing; +in { + options.module.syncthing = { + enable = lib.mkEnableOption "the file sync."; + dataDir = lib.mkOption { + default = "/home/${cfg.user}/sync"; + type = lib.types.str; + }; + settings = lib.mkOption { + default = { }; + type = lib.types.attrs; + }; + user = lib.mkOption { + default = "voronind"; + type = lib.types.str; + }; + group = lib.mkOption { + default = "users"; + type = lib.types.str; + }; + openDefaultPorts = lib.mkOption { + default = true; + type = lib.types.bool; + }; + }; +} diff --git a/home/file/mako/default.nix b/home/file/mako/default.nix index b6242bf2..8d383a46 100644 --- a/home/file/mako/default.nix +++ b/home/file/mako/default.nix @@ -6,7 +6,7 @@ }: let alpha = config.module.style.opacity.hex; color = config.module.style.color; - max = 5; + max = 3; in { file = (pkgs.formats.iniWithGlobalSection { }).generate "MakoConfig" { globalSection = { diff --git a/home/file/sway/module/Waybar.nix b/home/file/sway/module/Waybar.nix index d846516a..8fd90abc 100644 --- a/home/file/sway/module/Waybar.nix +++ b/home/file/sway/module/Waybar.nix @@ -4,5 +4,6 @@ exec waybar exec nm-applet exec blueman-applet + exec syncthingtray ''; } diff --git a/host/x86_64-linux/desktop/default.nix b/host/x86_64-linux/desktop/default.nix index 7f8dfe11..64a00483 100644 --- a/host/x86_64-linux/desktop/default.nix +++ b/host/x86_64-linux/desktop/default.nix @@ -7,8 +7,9 @@ module = { builder.client.enable = true; - package.extra = true; - print.enable = true; + package.extra = true; + print.enable = true; + syncthing.enable = true; purpose = { desktop = true; gaming = true; diff --git a/host/x86_64-linux/home/Mumble.nix b/host/x86_64-linux/home/Mumble.nix index e4c9ed0e..9c7b5bbb 100644 --- a/host/x86_64-linux/home/Mumble.nix +++ b/host/x86_64-linux/home/Mumble.nix @@ -7,5 +7,6 @@ registerHostname = "chat.voronind.com"; sslCert = "/etc/letsencrypt/live/voronind.com/fullchain.pem"; sslKey = "/etc/letsencrypt/live/voronind.com/privkey.pem"; + extraConfig = ''''; }; } diff --git a/host/x86_64-linux/home/Network.nix b/host/x86_64-linux/home/Network.nix index 40714dcd..c4226e4e 100644 --- a/host/x86_64-linux/home/Network.nix +++ b/host/x86_64-linux/home/Network.nix @@ -168,11 +168,8 @@ in { iptables -t nat -A POSTROUTING -s 10.0.0.0/8 -d 0/0 -o ${wan} -j MASQUERADE # Full access from Lan. - iptables -I INPUT -j ACCEPT -i ${lan} -d ${internal} - ip6tables -I INPUT -j ACCEPT -i ${lan} -d ${internal6} - - # Allow DHCP. - iptables -I INPUT -j ACCEPT -i ${lan} -p udp --dport 67 + iptables -I INPUT -j ACCEPT -i ${lan} + ip6tables -I INPUT -j ACCEPT -i ${lan} # Public email server. ip46tables -I INPUT -j ACCEPT -i ${wan} -p tcp --dport 25 diff --git a/host/x86_64-linux/home/Photoprocess.nix b/host/x86_64-linux/home/Photoprocess.nix deleted file mode 100644 index a626730a..00000000 --- a/host/x86_64-linux/home/Photoprocess.nix +++ /dev/null @@ -1,87 +0,0 @@ -# Takes pictures from first photo dir, processes and stores to the second one. -{ - lib, - pkgs, - secret, - util, - ... -} @args: let - imgInput = "/storage/hot/data/nextcloud/data/cakee/files/photo"; - imgOutput = "/storage/cold_1/backup/tmp/photo"; -in { - systemd.services.photosprocess = let - script = pkgs.writeText "PhotoprocessScript" (util.trimTabs '' - function notify_silent() { - curl -X POST -H 'Content-Type: Application/json' -d "${secret.tg.dt "true"}" ${secret.tg.bt} &> /dev/null - } - - cd ${imgInput} - - # Convert png to jpg. - for img in $(ls *.png) $(ls *.PNG); do - filename=''${img%.*} - convert "$filename.png" "$filename.jpg" - done - rm *.png *.PNG - - # Rename bad extensions. - for img in $(ls *.jpeg) $(ls *.JPG) $(ls *.JPEG); do - filename=''${img%.*} - mv "$img" "$filename.jpg" - done - - # Compress jpg. - mogrify -resize 2073600@ *.jpg - jpegoptim --size=1000k *.jpg - - # Rename to hash. - for file in *; do - if [[ -f "$file" ]]; then - extension="''${file##*.}" - if [ -f "$file" ] && [ "$extension" != "$file" ]; then - new_name="''${file%$extension}" - else - new_name="$file" - extension="" - fi - new_name=$(sha1sum "$file" | cut -d\ -f1) - if [[ "$extension" != "" ]]; then - new_name="''${new_name,,}.$extension" - else - new_name="''${new_name,,}" - fi - mv "$file" "$new_name" - fi - done - - # Move to images. - total_photos=$(ls | wc -l) - mv *.jpg ${imgOutput} - notify_silent "Photos processed: $total_photos" - ''); - in util.mkStaticSystemdService { - enable = true; - description = "Process uploaded photos"; - serviceConfig = { - ExecStart = "-${lib.getExe pkgs.bashInteractive} ${script}"; - Restart = "on-failure"; - Type = "oneshot"; - }; - path = with pkgs; [ - curl - imagemagick - jpegoptim - ]; - }; - - systemd.timers.photosprocess = { - timerConfig = { - OnCalendar = "daily"; - Persistent = true; - Unit = "photosprocess.service"; - }; - wantedBy = [ - "timers.target" - ]; - }; -} diff --git a/host/x86_64-linux/home/default.nix b/host/x86_64-linux/home/default.nix index b174c1ca..03361de6 100644 --- a/host/x86_64-linux/home/default.nix +++ b/host/x86_64-linux/home/default.nix @@ -13,6 +13,13 @@ router = true; server = true; }; + syncthing = { + enable = true; + dataDir = "/storage/hot/sync"; + openDefaultPorts = false; + user = "root"; + group = "root"; + }; dpi.bypass = { enable = true; params = [ diff --git a/host/x86_64-linux/home/nginx/Sync.nix b/host/x86_64-linux/home/nginx/Sync.nix new file mode 100644 index 00000000..8a57f65e --- /dev/null +++ b/host/x86_64-linux/home/nginx/Sync.nix @@ -0,0 +1,24 @@ +{ + util, + ... +}: { + "sync.voronind.com".extraConfig = util.trimTabs '' + listen 443 ssl; + + location / { + allow 10.0.0.0/8; + allow fd09:8d46:b26::/48; + deny all; + + proxy_set_header Host "localhost"; + proxy_set_header X-Forwarded-Host "localhost"; + + proxy_pass http://127.0.0.1:8384$request_uri; + } + + ssl_certificate /etc/letsencrypt/live/voronind.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/voronind.com/privkey.pem; + include /etc/letsencrypt/conf/options-ssl-nginx.conf; + ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem; + ''; +} diff --git a/option/Syncthing.nix b/option/Syncthing.nix new file mode 100644 index 00000000..10e63b11 --- /dev/null +++ b/option/Syncthing.nix @@ -0,0 +1,43 @@ +{ + config, + lib, + pkgs, + ... +}: let + cfg = config.module.syncthing; +in { + config = lib.mkIf cfg.enable { + environment.systemPackages = with pkgs; [ + syncthing + syncthingtray + ]; + services.syncthing = { + inherit (cfg) enable dataDir user group openDefaultPorts; + systemService = true; + settings = lib.recursiveUpdate { + devices = { + "desktop" = { id = "767Z675-SOCY4FL-JNYEBB6-5E2RG5O-XTZR6OP-BGOBZ7G-XVRLMD6-DQEB2AT"; }; + "home" = { id = "L5A5IPE-2FPJPHP-RJRV2PV-BLMLC3F-QPHSCUQ-4U3NM2I-AFPOE2A-HOPQZQF"; }; + "phone" = { id = "6RO5JXW-2XO4S3E-VCDAHPD-4ADK6LL-HQGMZHU-GD6DE2O-6KNHWXJ-BCSBGQ7"; }; + }; + folders = { + "save" = { + path = "${cfg.dataDir}/save"; + devices = [ + "desktop" + "home" + # "work" + ]; + }; + "photo" = { + path = "${cfg.dataDir}/photo"; + devices = [ + "home" + "phone" + ]; + }; + }; + } cfg.settings; + }; + }; +}