about summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--hosts/tahoe/secrets/secrets.nix10
-rw-r--r--hosts/tahoe/secrets/syncthing/cert.agebin0 -> 1248 bytes
-rw-r--r--hosts/tahoe/secrets/syncthing/key.age10
-rw-r--r--modules/services/syncthing/default.nix10
4 files changed, 27 insertions, 3 deletions
diff --git a/hosts/tahoe/secrets/secrets.nix b/hosts/tahoe/secrets/secrets.nix
index 60b8550..01ff035 100644
--- a/hosts/tahoe/secrets/secrets.nix
+++ b/hosts/tahoe/secrets/secrets.nix
@@ -18,6 +18,16 @@ in {
     owner = "drone";
   };
 
+  "syncthing/key.age" = {
+    publicKeys = all;
+    owner = "fcuny";
+  };
+
+  "syncthing/cert.age" = {
+    publicKeys = all;
+    owner = "fcuny";
+  };
+
   "unifi/unifi-poller.age".publicKeys = all;
 
   "restic/repo-systems.age".publicKeys = all;
diff --git a/hosts/tahoe/secrets/syncthing/cert.age b/hosts/tahoe/secrets/syncthing/cert.age
new file mode 100644
index 0000000..aceb120
--- /dev/null
+++ b/hosts/tahoe/secrets/syncthing/cert.age
Binary files differdiff --git a/hosts/tahoe/secrets/syncthing/key.age b/hosts/tahoe/secrets/syncthing/key.age
new file mode 100644
index 0000000..8c22933
--- /dev/null
+++ b/hosts/tahoe/secrets/syncthing/key.age
@@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> ssh-ed25519 dtgBNg ChSBoRw7XwKHqNfO43UkA1mL3gYzVrt9u2CYpxw6oSI
+witLAp/ilF/wcWnGx0QReqe7mBdR3lZspzOjpEpMi1I
+-> ssh-ed25519 wtownA NdY9VIDwwMlAfw39yIMsAGUMIRghUOBWlZ4ham9DRSc
+HucEPuec5Y3MGvp3kIZa/NFWxSGPhL01qE1P4L24P8g
+-> 2/x-grease Op@o& x
+u7C9+kZlujVO76tqT07yS+pYtUa7lyTu4ksZeXhTlgAGP59Zl5tq7DkT
+--- ddK2/N4jHQ2jB1nvuQWfElP+LR+pgQW0Ozzc3n7FhSs
+<Yv(3yܲđk*r '-+wnv0|*@-Rԙ*rg[$f]X6+M6nsuD`=V{Àw2E?"yWWXP2spang?<su=rEhb^`1VX;gv˜ףp#U4@;kTô+btv򋏚5I"N1mh!8T``v[$
+:痙uj0cS(GVqtem+T>vRI
\ No newline at end of file
diff --git a/modules/services/syncthing/default.nix b/modules/services/syncthing/default.nix
index bbd4fb9..ea8c4d6 100644
--- a/modules/services/syncthing/default.nix
+++ b/modules/services/syncthing/default.nix
@@ -1,5 +1,7 @@
 { config, pkgs, lib, ... }:
-let cfg = config.my.services.syncthing;
+let
+  cfg = config.my.services.syncthing;
+  secrets = config.age.secrets;
 in {
   options.my.services.syncthing = with lib; {
     enable = mkEnableOption "syncthing service";
@@ -9,9 +11,11 @@ in {
     services.syncthing = {
       enable = true;
       openDefaultPorts = true;
-      user = users.users.fcuny;
+      user = "fcuny";
       group = "users";
-      dataDir = "${users.users.fcuny.home}/.syncthing";
+      dataDir = "/home/fcuny/.local/state/syncthing";
+      cert = secrets."syncthing/cert".path;
+      key = secrets."syncthing/key".path;
     };
   };
 }
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-10-16 20:53:56 +0000