Add syncthing.
This commit is contained in:
parent
20415a0448
commit
dd17839c41
31
config/Syncthing.nix
Normal file
31
config/Syncthing.nix
Normal file
|
@ -0,0 +1,31 @@
|
|||
{
|
||||
config,
|
||||
lib,
|
||||
...
|
||||
}: let
|
||||
cfg = config.module.syncthing;
|
||||
in {
|
||||
options.module.syncthing = {
|
||||
enable = lib.mkEnableOption "the file sync.";
|
||||
dataDir = lib.mkOption {
|
||||
default = "/home/${cfg.user}/sync";
|
||||
type = lib.types.str;
|
||||
};
|
||||
settings = lib.mkOption {
|
||||
default = { };
|
||||
type = lib.types.attrs;
|
||||
};
|
||||
user = lib.mkOption {
|
||||
default = "voronind";
|
||||
type = lib.types.str;
|
||||
};
|
||||
group = lib.mkOption {
|
||||
default = "users";
|
||||
type = lib.types.str;
|
||||
};
|
||||
openDefaultPorts = lib.mkOption {
|
||||
default = true;
|
||||
type = lib.types.bool;
|
||||
};
|
||||
};
|
||||
}
|
|
@ -6,7 +6,7 @@
|
|||
}: let
|
||||
alpha = config.module.style.opacity.hex;
|
||||
color = config.module.style.color;
|
||||
max = 5;
|
||||
max = 3;
|
||||
in {
|
||||
file = (pkgs.formats.iniWithGlobalSection { }).generate "MakoConfig" {
|
||||
globalSection = {
|
||||
|
|
|
@ -4,5 +4,6 @@
|
|||
exec waybar
|
||||
exec nm-applet
|
||||
exec blueman-applet
|
||||
exec syncthingtray
|
||||
'';
|
||||
}
|
||||
|
|
|
@ -7,8 +7,9 @@
|
|||
|
||||
module = {
|
||||
builder.client.enable = true;
|
||||
package.extra = true;
|
||||
print.enable = true;
|
||||
package.extra = true;
|
||||
print.enable = true;
|
||||
syncthing.enable = true;
|
||||
purpose = {
|
||||
desktop = true;
|
||||
gaming = true;
|
||||
|
|
|
@ -7,5 +7,6 @@
|
|||
registerHostname = "chat.voronind.com";
|
||||
sslCert = "/etc/letsencrypt/live/voronind.com/fullchain.pem";
|
||||
sslKey = "/etc/letsencrypt/live/voronind.com/privkey.pem";
|
||||
extraConfig = '''';
|
||||
};
|
||||
}
|
||||
|
|
|
@ -168,11 +168,8 @@ in {
|
|||
iptables -t nat -A POSTROUTING -s 10.0.0.0/8 -d 0/0 -o ${wan} -j MASQUERADE
|
||||
|
||||
# Full access from Lan.
|
||||
iptables -I INPUT -j ACCEPT -i ${lan} -d ${internal}
|
||||
ip6tables -I INPUT -j ACCEPT -i ${lan} -d ${internal6}
|
||||
|
||||
# Allow DHCP.
|
||||
iptables -I INPUT -j ACCEPT -i ${lan} -p udp --dport 67
|
||||
iptables -I INPUT -j ACCEPT -i ${lan}
|
||||
ip6tables -I INPUT -j ACCEPT -i ${lan}
|
||||
|
||||
# Public email server.
|
||||
ip46tables -I INPUT -j ACCEPT -i ${wan} -p tcp --dport 25
|
||||
|
|
|
@ -1,87 +0,0 @@
|
|||
# Takes pictures from first photo dir, processes and stores to the second one.
|
||||
{
|
||||
lib,
|
||||
pkgs,
|
||||
secret,
|
||||
util,
|
||||
...
|
||||
} @args: let
|
||||
imgInput = "/storage/hot/data/nextcloud/data/cakee/files/photo";
|
||||
imgOutput = "/storage/cold_1/backup/tmp/photo";
|
||||
in {
|
||||
systemd.services.photosprocess = let
|
||||
script = pkgs.writeText "PhotoprocessScript" (util.trimTabs ''
|
||||
function notify_silent() {
|
||||
curl -X POST -H 'Content-Type: Application/json' -d "${secret.tg.dt "true"}" ${secret.tg.bt} &> /dev/null
|
||||
}
|
||||
|
||||
cd ${imgInput}
|
||||
|
||||
# Convert png to jpg.
|
||||
for img in $(ls *.png) $(ls *.PNG); do
|
||||
filename=''${img%.*}
|
||||
convert "$filename.png" "$filename.jpg"
|
||||
done
|
||||
rm *.png *.PNG
|
||||
|
||||
# Rename bad extensions.
|
||||
for img in $(ls *.jpeg) $(ls *.JPG) $(ls *.JPEG); do
|
||||
filename=''${img%.*}
|
||||
mv "$img" "$filename.jpg"
|
||||
done
|
||||
|
||||
# Compress jpg.
|
||||
mogrify -resize 2073600@ *.jpg
|
||||
jpegoptim --size=1000k *.jpg
|
||||
|
||||
# Rename to hash.
|
||||
for file in *; do
|
||||
if [[ -f "$file" ]]; then
|
||||
extension="''${file##*.}"
|
||||
if [ -f "$file" ] && [ "$extension" != "$file" ]; then
|
||||
new_name="''${file%$extension}"
|
||||
else
|
||||
new_name="$file"
|
||||
extension=""
|
||||
fi
|
||||
new_name=$(sha1sum "$file" | cut -d\ -f1)
|
||||
if [[ "$extension" != "" ]]; then
|
||||
new_name="''${new_name,,}.$extension"
|
||||
else
|
||||
new_name="''${new_name,,}"
|
||||
fi
|
||||
mv "$file" "$new_name"
|
||||
fi
|
||||
done
|
||||
|
||||
# Move to images.
|
||||
total_photos=$(ls | wc -l)
|
||||
mv *.jpg ${imgOutput}
|
||||
notify_silent "Photos processed: $total_photos"
|
||||
'');
|
||||
in util.mkStaticSystemdService {
|
||||
enable = true;
|
||||
description = "Process uploaded photos";
|
||||
serviceConfig = {
|
||||
ExecStart = "-${lib.getExe pkgs.bashInteractive} ${script}";
|
||||
Restart = "on-failure";
|
||||
Type = "oneshot";
|
||||
};
|
||||
path = with pkgs; [
|
||||
curl
|
||||
imagemagick
|
||||
jpegoptim
|
||||
];
|
||||
};
|
||||
|
||||
systemd.timers.photosprocess = {
|
||||
timerConfig = {
|
||||
OnCalendar = "daily";
|
||||
Persistent = true;
|
||||
Unit = "photosprocess.service";
|
||||
};
|
||||
wantedBy = [
|
||||
"timers.target"
|
||||
];
|
||||
};
|
||||
}
|
|
@ -13,6 +13,13 @@
|
|||
router = true;
|
||||
server = true;
|
||||
};
|
||||
syncthing = {
|
||||
enable = true;
|
||||
dataDir = "/storage/hot/sync";
|
||||
openDefaultPorts = false;
|
||||
user = "root";
|
||||
group = "root";
|
||||
};
|
||||
dpi.bypass = {
|
||||
enable = true;
|
||||
params = [
|
||||
|
|
24
host/x86_64-linux/home/nginx/Sync.nix
Normal file
24
host/x86_64-linux/home/nginx/Sync.nix
Normal file
|
@ -0,0 +1,24 @@
|
|||
{
|
||||
util,
|
||||
...
|
||||
}: {
|
||||
"sync.voronind.com".extraConfig = util.trimTabs ''
|
||||
listen 443 ssl;
|
||||
|
||||
location / {
|
||||
allow 10.0.0.0/8;
|
||||
allow fd09:8d46:b26::/48;
|
||||
deny all;
|
||||
|
||||
proxy_set_header Host "localhost";
|
||||
proxy_set_header X-Forwarded-Host "localhost";
|
||||
|
||||
proxy_pass http://127.0.0.1:8384$request_uri;
|
||||
}
|
||||
|
||||
ssl_certificate /etc/letsencrypt/live/voronind.com/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/voronind.com/privkey.pem;
|
||||
include /etc/letsencrypt/conf/options-ssl-nginx.conf;
|
||||
ssl_dhparam /etc/letsencrypt/conf/ssl-dhparams.pem;
|
||||
'';
|
||||
}
|
43
option/Syncthing.nix
Normal file
43
option/Syncthing.nix
Normal file
|
@ -0,0 +1,43 @@
|
|||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}: let
|
||||
cfg = config.module.syncthing;
|
||||
in {
|
||||
config = lib.mkIf cfg.enable {
|
||||
environment.systemPackages = with pkgs; [
|
||||
syncthing
|
||||
syncthingtray
|
||||
];
|
||||
services.syncthing = {
|
||||
inherit (cfg) enable dataDir user group openDefaultPorts;
|
||||
systemService = true;
|
||||
settings = lib.recursiveUpdate {
|
||||
devices = {
|
||||
"desktop" = { id = "767Z675-SOCY4FL-JNYEBB6-5E2RG5O-XTZR6OP-BGOBZ7G-XVRLMD6-DQEB2AT"; };
|
||||
"home" = { id = "L5A5IPE-2FPJPHP-RJRV2PV-BLMLC3F-QPHSCUQ-4U3NM2I-AFPOE2A-HOPQZQF"; };
|
||||
"phone" = { id = "6RO5JXW-2XO4S3E-VCDAHPD-4ADK6LL-HQGMZHU-GD6DE2O-6KNHWXJ-BCSBGQ7"; };
|
||||
};
|
||||
folders = {
|
||||
"save" = {
|
||||
path = "${cfg.dataDir}/save";
|
||||
devices = [
|
||||
"desktop"
|
||||
"home"
|
||||
# "work"
|
||||
];
|
||||
};
|
||||
"photo" = {
|
||||
path = "${cfg.dataDir}/photo";
|
||||
devices = [
|
||||
"home"
|
||||
"phone"
|
||||
];
|
||||
};
|
||||
};
|
||||
} cfg.settings;
|
||||
};
|
||||
};
|
||||
}
|
Loading…
Reference in a new issue