Add syncthing.

config/Syncthing.nix

@@ -0,0 +1,31 @@
+{
+	config,
+	lib,
+	...
+}: let
+	cfg = config.module.syncthing;
+in {
+	options.module.syncthing = {
+		enable = lib.mkEnableOption "the file sync.";
+		dataDir = lib.mkOption {
+			default = "/home/${cfg.user}/sync";
+			type    = lib.types.str;
+		};
+		settings = lib.mkOption {
+			default = { };
+			type    = lib.types.attrs;
+		};
+		user = lib.mkOption {
+			default = "voronind";
+			type    = lib.types.str;
+		};
+		group = lib.mkOption {
+			default = "users";
+			type    = lib.types.str;
+		};
+		openDefaultPorts = lib.mkOption {
+			default = true;
+			type    = lib.types.bool;
+		};
+	};
+}

home/file/mako/default.nix

@@ -6,7 +6,7 @@
 }: let
 	alpha = config.module.style.opacity.hex;
 	color = config.module.style.color;
-	max   = 5;
+	max   = 3;
 in {
 	file = (pkgs.formats.iniWithGlobalSection { }).generate "MakoConfig" {
 		globalSection = {

home/file/sway/module/Waybar.nix

@@ -4,5 +4,6 @@
 		exec waybar
 		exec nm-applet
 		exec blueman-applet
+		exec syncthingtray
 	'';
 }

host/x86_64-linux/desktop/default.nix

@@ -9,6 +9,7 @@
 		builder.client.enable = true;
 		package.extra    = true;
 		print.enable     = true;
+		syncthing.enable = true;
 		purpose = {
 			desktop = true;
 			gaming  = true;

host/x86_64-linux/home/Mumble.nix

@@ -7,5 +7,6 @@
 		registerHostname = "chat.voronind.com";
 		sslCert = "/etc/letsencrypt/live/voronind.com/fullchain.pem";
 		sslKey  = "/etc/letsencrypt/live/voronind.com/privkey.pem";
+		extraConfig = '''';
 	};
 }

host/x86_64-linux/home/Network.nix

@@ -168,11 +168,8 @@ in {
 				iptables -t nat -A POSTROUTING -s 10.0.0.0/8 -d 0/0 -o ${wan} -j MASQUERADE
 
 				# Full access from Lan.
-				iptables -I INPUT -j ACCEPT -i ${lan} -d ${internal}
+				iptables  -I INPUT -j ACCEPT -i ${lan}
-				ip6tables -I INPUT -j ACCEPT -i ${lan} -d ${internal6}
+				ip6tables -I INPUT -j ACCEPT -i ${lan}
-
-				# Allow DHCP.
-				iptables -I INPUT -j ACCEPT -i ${lan} -p udp --dport 67
 
 				# Public email server.
 				ip46tables -I INPUT -j ACCEPT -i ${wan} -p tcp --dport 25

host/x86_64-linux/home/Photoprocess.nix

@@ -1,87 +0,0 @@
-# Takes pictures from first photo dir, processes and stores to the second one.
-{
-	lib,
-	pkgs,
-	secret,
-	util,
-	...
-} @args: let
-	imgInput  = "/storage/hot/data/nextcloud/data/cakee/files/photo";
-	imgOutput = "/storage/cold_1/backup/tmp/photo";
-in {
-	systemd.services.photosprocess = let
-		script = pkgs.writeText "PhotoprocessScript" (util.trimTabs ''
-			function notify_silent() {
-				curl -X POST -H 'Content-Type: Application/json' -d "${secret.tg.dt "true"}" ${secret.tg.bt} &> /dev/null
-			}
-
-			cd ${imgInput}
-
-			# Convert png to jpg.
-			for img in $(ls *.png) $(ls *.PNG); do
-				filename=''${img%.*}
-				convert "$filename.png" "$filename.jpg"
-			done
-			rm *.png *.PNG
-
-			# Rename bad extensions.
-			for img in $(ls *.jpeg) $(ls *.JPG) $(ls *.JPEG); do
-				filename=''${img%.*}
-				mv "$img" "$filename.jpg"
-			done
-
-			# Compress jpg.
-			mogrify -resize 2073600@ *.jpg
-			jpegoptim --size=1000k *.jpg
-
-			# Rename to hash.
-			for file in *; do
-				if [[ -f "$file" ]]; then
-					extension="''${file##*.}"
-					if [ -f "$file" ] && [ "$extension" != "$file" ]; then
-						new_name="''${file%$extension}"
-					else
-						new_name="$file"
-						extension=""
-					fi
-					new_name=$(sha1sum "$file" | cut -d\  -f1)
-					if [[ "$extension" != "" ]]; then
-						new_name="''${new_name,,}.$extension"
-					else
-						new_name="''${new_name,,}"
-					fi
-					mv "$file" "$new_name"
-				fi
-			done
-
-			# Move to images.
-			total_photos=$(ls | wc -l)
-			mv *.jpg ${imgOutput}
-			notify_silent "Photos processed: $total_photos"
-		'');
-	in util.mkStaticSystemdService {
-			enable = true;
-			description = "Process uploaded photos";
-			serviceConfig = {
-				ExecStart = "-${lib.getExe pkgs.bashInteractive} ${script}";
-				Restart   = "on-failure";
-				Type      = "oneshot";
-			};
-			path = with pkgs; [
-				curl
-				imagemagick
-				jpegoptim
-			];
-		};
-
-	systemd.timers.photosprocess = {
-		timerConfig = {
-			OnCalendar = "daily";
-			Persistent = true;
-			Unit       = "photosprocess.service";
-		};
-		wantedBy = [
-			"timers.target"
-		];
-	};
-}

host/x86_64-linux/home/default.nix

@@ -13,6 +13,13 @@
 			router  = true;
 			server  = true;
 		};
+		syncthing = {
+			enable  = true;
+			dataDir = "/storage/hot/sync";
+			openDefaultPorts = false;
+			user  = "root";
+			group = "root";
+		};
 		dpi.bypass = {
 			enable = true;
 			params = [

host/x86_64-linux/home/nginx/Sync.nix

@@ -0,0 +1,24 @@
+{
+	util,
+	...
+}: {
+	"sync.voronind.com".extraConfig = util.trimTabs ''
+		listen 443 ssl;
+
+		location / {
+			allow 10.0.0.0/8;
+			allow fd09:8d46:b26::/48;
+			deny all;
+
+			proxy_set_header Host "localhost";
+			proxy_set_header X-Forwarded-Host "localhost";
+
+			proxy_pass http://127.0.0.1:8384$request_uri;
+		}
+
+		ssl_certificate /etc/letsencrypt/live/voronind.com/fullchain.pem;
+		ssl_certificate_key /etc/letsencrypt/live/voronind.com/privkey.pem;
+		include /etc/letsencrypt/conf/options-ssl-nginx.conf;
+		ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
+	'';
+}

option/Syncthing.nix

@@ -0,0 +1,43 @@
+{
+	config,
+	lib,
+	pkgs,
+	...
+}: let
+	cfg = config.module.syncthing;
+in {
+	config = lib.mkIf cfg.enable {
+		environment.systemPackages = with pkgs; [
+			syncthing
+			syncthingtray
+		];
+		services.syncthing = {
+			inherit (cfg) enable dataDir user group openDefaultPorts;
+			systemService = true;
+			settings = lib.recursiveUpdate {
+				devices = {
+					"desktop" = { id = "767Z675-SOCY4FL-JNYEBB6-5E2RG5O-XTZR6OP-BGOBZ7G-XVRLMD6-DQEB2AT"; };
+					"home"    = { id = "L5A5IPE-2FPJPHP-RJRV2PV-BLMLC3F-QPHSCUQ-4U3NM2I-AFPOE2A-HOPQZQF"; };
+					"phone"   = { id = "6RO5JXW-2XO4S3E-VCDAHPD-4ADK6LL-HQGMZHU-GD6DE2O-6KNHWXJ-BCSBGQ7"; };
+				};
+				folders = {
+					"save" = {
+						path = "${cfg.dataDir}/save";
+						devices = [
+							"desktop"
+							"home"
+							# "work"
+						];
+					};
+					"photo" = {
+						path = "${cfg.dataDir}/photo";
+						devices = [
+							"home"
+							"phone"
+						];
+					};
+				};
+			} cfg.settings;
+		};
+	};
+}