From d91013096244ab0026dfc0f53d14ea0bbd3a8d79 Mon Sep 17 00:00:00 2001 From: Franck Cuny Date: Thu, 21 Apr 2022 19:25:59 -0700 Subject: syncthing: configure the keys for tahoe --- hosts/tahoe/secrets/secrets.nix | 10 ++++++++++ hosts/tahoe/secrets/syncthing/cert.age | Bin 0 -> 1248 bytes hosts/tahoe/secrets/syncthing/key.age | 10 ++++++++++ modules/services/syncthing/default.nix | 10 +++++++--- 4 files changed, 27 insertions(+), 3 deletions(-) create mode 100644 hosts/tahoe/secrets/syncthing/cert.age create mode 100644 hosts/tahoe/secrets/syncthing/key.age diff --git a/hosts/tahoe/secrets/secrets.nix b/hosts/tahoe/secrets/secrets.nix index 60b8550..01ff035 100644 --- a/hosts/tahoe/secrets/secrets.nix +++ b/hosts/tahoe/secrets/secrets.nix @@ -18,6 +18,16 @@ in { owner = "drone"; }; + "syncthing/key.age" = { + publicKeys = all; + owner = "fcuny"; + }; + + "syncthing/cert.age" = { + publicKeys = all; + owner = "fcuny"; + }; + "unifi/unifi-poller.age".publicKeys = all; "restic/repo-systems.age".publicKeys = all; diff --git a/hosts/tahoe/secrets/syncthing/cert.age b/hosts/tahoe/secrets/syncthing/cert.age new file mode 100644 index 0000000..aceb120 Binary files /dev/null and b/hosts/tahoe/secrets/syncthing/cert.age differ diff --git a/hosts/tahoe/secrets/syncthing/key.age b/hosts/tahoe/secrets/syncthing/key.age new file mode 100644 index 0000000..8c22933 --- /dev/null +++ b/hosts/tahoe/secrets/syncthing/key.age @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> ssh-ed25519 dtgBNg ChSBoRw7XwKHqNfO43UkA1mL3gYzVrt9u2CYpxw6oSI +witLAp/ilF/wcWnGx0QReqe7mBdR3lZspzOjpEpMi1I +-> ssh-ed25519 wtownA NdY9VIDwwMlAfw39yIMsAGUMIRghUOBWlZ4ham9DRSc +HucEPuec5Y3MGvp3kIZa/NFWxSGPhL01qE1P4L24P8g +-> 2/x-grease Op@o& x +u7C9+kZlujVO76tqT07yS+pYtUa7lyTu4ksZeXhTlgAGP59Zl5tq7DkT +--- ddK2/N4jHQ2jB1nvuQWfElP+LR+pgQW0Ozzc3n7FhSs +ÚvíâRI \ No newline at end of file diff --git a/modules/services/syncthing/default.nix b/modules/services/syncthing/default.nix index bbd4fb9..ea8c4d6 100644 --- a/modules/services/syncthing/default.nix +++ b/modules/services/syncthing/default.nix @@ -1,5 +1,7 @@ { config, pkgs, lib, ... }: -let cfg = config.my.services.syncthing; +let + cfg = config.my.services.syncthing; + secrets = config.age.secrets; in { options.my.services.syncthing = with lib; { enable = mkEnableOption "syncthing service"; @@ -9,9 +11,11 @@ in { services.syncthing = { enable = true; openDefaultPorts = true; - user = users.users.fcuny; + user = "fcuny"; group = "users"; - dataDir = "${users.users.fcuny.home}/.syncthing"; + dataDir = "/home/fcuny/.local/state/syncthing"; + cert = secrets."syncthing/cert".path; + key = secrets."syncthing/key".path; }; }; } -- cgit 1.4.1