Add syncthing.

This commit is contained in:
Dmitry Voronin 2024-12-08 04:04:34 +03:00
parent 20415a0448
commit dd17839c41
Signed by: voronind
SSH key fingerprint: SHA256:3kBb4iV2ahufEBNq+vFbUe4QYfHt98DHQjN7QaptY9k
10 changed files with 113 additions and 95 deletions

31
config/Syncthing.nix Normal file
View file

@ -0,0 +1,31 @@
{
config,
lib,
...
}: let
cfg = config.module.syncthing;
in {
options.module.syncthing = {
enable = lib.mkEnableOption "the file sync.";
dataDir = lib.mkOption {
default = "/home/${cfg.user}/sync";
type = lib.types.str;
};
settings = lib.mkOption {
default = { };
type = lib.types.attrs;
};
user = lib.mkOption {
default = "voronind";
type = lib.types.str;
};
group = lib.mkOption {
default = "users";
type = lib.types.str;
};
openDefaultPorts = lib.mkOption {
default = true;
type = lib.types.bool;
};
};
}

View file

@ -6,7 +6,7 @@
}: let
alpha = config.module.style.opacity.hex;
color = config.module.style.color;
max = 5;
max = 3;
in {
file = (pkgs.formats.iniWithGlobalSection { }).generate "MakoConfig" {
globalSection = {

View file

@ -4,5 +4,6 @@
exec waybar
exec nm-applet
exec blueman-applet
exec syncthingtray
'';
}

View file

@ -7,8 +7,9 @@
module = {
builder.client.enable = true;
package.extra = true;
print.enable = true;
package.extra = true;
print.enable = true;
syncthing.enable = true;
purpose = {
desktop = true;
gaming = true;

View file

@ -7,5 +7,6 @@
registerHostname = "chat.voronind.com";
sslCert = "/etc/letsencrypt/live/voronind.com/fullchain.pem";
sslKey = "/etc/letsencrypt/live/voronind.com/privkey.pem";
extraConfig = '''';
};
}

View file

@ -168,11 +168,8 @@ in {
iptables -t nat -A POSTROUTING -s 10.0.0.0/8 -d 0/0 -o ${wan} -j MASQUERADE
# Full access from Lan.
iptables -I INPUT -j ACCEPT -i ${lan} -d ${internal}
ip6tables -I INPUT -j ACCEPT -i ${lan} -d ${internal6}
# Allow DHCP.
iptables -I INPUT -j ACCEPT -i ${lan} -p udp --dport 67
iptables -I INPUT -j ACCEPT -i ${lan}
ip6tables -I INPUT -j ACCEPT -i ${lan}
# Public email server.
ip46tables -I INPUT -j ACCEPT -i ${wan} -p tcp --dport 25

View file

@ -1,87 +0,0 @@
# Takes pictures from first photo dir, processes and stores to the second one.
{
lib,
pkgs,
secret,
util,
...
} @args: let
imgInput = "/storage/hot/data/nextcloud/data/cakee/files/photo";
imgOutput = "/storage/cold_1/backup/tmp/photo";
in {
systemd.services.photosprocess = let
script = pkgs.writeText "PhotoprocessScript" (util.trimTabs ''
function notify_silent() {
curl -X POST -H 'Content-Type: Application/json' -d "${secret.tg.dt "true"}" ${secret.tg.bt} &> /dev/null
}
cd ${imgInput}
# Convert png to jpg.
for img in $(ls *.png) $(ls *.PNG); do
filename=''${img%.*}
convert "$filename.png" "$filename.jpg"
done
rm *.png *.PNG
# Rename bad extensions.
for img in $(ls *.jpeg) $(ls *.JPG) $(ls *.JPEG); do
filename=''${img%.*}
mv "$img" "$filename.jpg"
done
# Compress jpg.
mogrify -resize 2073600@ *.jpg
jpegoptim --size=1000k *.jpg
# Rename to hash.
for file in *; do
if [[ -f "$file" ]]; then
extension="''${file##*.}"
if [ -f "$file" ] && [ "$extension" != "$file" ]; then
new_name="''${file%$extension}"
else
new_name="$file"
extension=""
fi
new_name=$(sha1sum "$file" | cut -d\ -f1)
if [[ "$extension" != "" ]]; then
new_name="''${new_name,,}.$extension"
else
new_name="''${new_name,,}"
fi
mv "$file" "$new_name"
fi
done
# Move to images.
total_photos=$(ls | wc -l)
mv *.jpg ${imgOutput}
notify_silent "Photos processed: $total_photos"
'');
in util.mkStaticSystemdService {
enable = true;
description = "Process uploaded photos";
serviceConfig = {
ExecStart = "-${lib.getExe pkgs.bashInteractive} ${script}";
Restart = "on-failure";
Type = "oneshot";
};
path = with pkgs; [
curl
imagemagick
jpegoptim
];
};
systemd.timers.photosprocess = {
timerConfig = {
OnCalendar = "daily";
Persistent = true;
Unit = "photosprocess.service";
};
wantedBy = [
"timers.target"
];
};
}

View file

@ -13,6 +13,13 @@
router = true;
server = true;
};
syncthing = {
enable = true;
dataDir = "/storage/hot/sync";
openDefaultPorts = false;
user = "root";
group = "root";
};
dpi.bypass = {
enable = true;
params = [

View file

@ -0,0 +1,24 @@
{
util,
...
}: {
"sync.voronind.com".extraConfig = util.trimTabs ''
listen 443 ssl;
location / {
allow 10.0.0.0/8;
allow fd09:8d46:b26::/48;
deny all;
proxy_set_header Host "localhost";
proxy_set_header X-Forwarded-Host "localhost";
proxy_pass http://127.0.0.1:8384$request_uri;
}
ssl_certificate /etc/letsencrypt/live/voronind.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/voronind.com/privkey.pem;
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
'';
}

43
option/Syncthing.nix Normal file
View file

@ -0,0 +1,43 @@
{
config,
lib,
pkgs,
...
}: let
cfg = config.module.syncthing;
in {
config = lib.mkIf cfg.enable {
environment.systemPackages = with pkgs; [
syncthing
syncthingtray
];
services.syncthing = {
inherit (cfg) enable dataDir user group openDefaultPorts;
systemService = true;
settings = lib.recursiveUpdate {
devices = {
"desktop" = { id = "767Z675-SOCY4FL-JNYEBB6-5E2RG5O-XTZR6OP-BGOBZ7G-XVRLMD6-DQEB2AT"; };
"home" = { id = "L5A5IPE-2FPJPHP-RJRV2PV-BLMLC3F-QPHSCUQ-4U3NM2I-AFPOE2A-HOPQZQF"; };
"phone" = { id = "6RO5JXW-2XO4S3E-VCDAHPD-4ADK6LL-HQGMZHU-GD6DE2O-6KNHWXJ-BCSBGQ7"; };
};
folders = {
"save" = {
path = "${cfg.dataDir}/save";
devices = [
"desktop"
"home"
# "work"
];
};
"photo" = {
path = "${cfg.dataDir}/photo";
devices = [
"home"
"phone"
];
};
};
} cfg.settings;
};
};
}