infra/nix/os/containers/syncthing.nix

{
  specialArgs,
  hostBridge,
  hostAddress,
  localAddress,
  syncthingPort ? 22000,
  syncthingLocalAnnouncePort ? 21027,
  smbTcpPort ? 445,
  autoStart ? false,
}:
{
  inherit specialArgs;
  config =
    { ... }:
    {
      system.stateVersion = "20.05"; # Did you read the comment?

      imports = [ ../profiles/containers/configuration.nix ];

      networking.firewall.allowedTCPPorts = [
        # syncthing gui
        8384
      ];

      services.syncthing = {
        enable = true;
        openDefaultPorts = true;
        guiAddress = "0.0.0.0:8384";
      };

      services.samba = {
        enable = true;
        securityType = "user";
        openFirewall = true;
        settings = {
          global = {
            "workgroup" = "DMZ";
            "server string" = "syncthing";
            "netbios name" = "syncthing";
            "security" = "user";
            #"use sendfile" = "yes";
            #"max protocol" = "smb2";
            # note: localhost is the ipv6 localhost ::1
            "hosts allow" = "192.168.23. 127.0.0.1 localhost";
            "hosts deny" = "0.0.0.0/0";
            "guest account" = "nobody";
            "map to guest" = "bad user";
          };
          "scan-stefan" = {
            "path" = "/var/lib/syncthing/Sync/Home::Scan::Stefan";
            "browseable" = "yes";
            "read only" = "no";
            "guest ok" = "no";
            "create mask" = "0644";
            "directory mask" = "0755";
            "force user" = "syncthing";
            "force group" = "syncthing";
          };

          "scan-justyna" = {
            "path" = "/var/lib/syncthing/Sync/Home::Scan::Justyna";
            "browseable" = "yes";
            "read only" = "no";
            "guest ok" = "no";
            "create mask" = "0644";
            "directory mask" = "0755";
            "force user" = "syncthing";
            "force group" = "syncthing";
          };
        };
      };


      # TODO: find out if smbpasswd file is still used and set it here. or find an alternative
      # sops.secrets.smbpasswd = {
      # };
      # environment.etc."samba/smbpasswd".source = config.sops.secrets.smbpasswd.text;
    };

  inherit autoStart;

  bindMounts = {
    "/var/lib/syncthing/" = {
      hostPath = "/var/lib/container-volumes/syncthing/var-lib-syncthing";
      isReadOnly = false;
    };
  };

  privateNetwork = true;
  forwardPorts = [
    {
      containerPort = 22000;
      hostPort = syncthingPort;
      protocol = "tcp";
    }
    {
      containerPort = 22000;
      hostPort = syncthingPort;
      protocol = "udp";
    }
    {
      containerPort = 21027;
      hostPort = syncthingLocalAnnouncePort;
      protocol = "udp";
    }
    {
      containerPort = 445;
      hostPort = smbTcpPort;
      protocol = "tcp";
    }
  ];

  inherit hostBridge hostAddress localAddress;
}
nix fmt 2023-03-21 13:38:22 +01:00			`{`
fix(*): adapt to nixos-24.05 changes 2024-06-01 21:46:09 +02:00			`specialArgs,`
feat(sj-srv1): switch to hostBridge set up the hostside veth interfaces seem to be buggy and this is more efficient anyway. 2024-08-24 00:16:29 +02:00			`hostBridge,`
nix fmt 2023-03-21 13:38:22 +01:00			`hostAddress,`
			`localAddress,`
			`syncthingPort ? 22000,`
			`syncthingLocalAnnouncePort ? 21027,`
feat(syncthing): expose scan folder via samba 2025-05-14 10:46:20 +02:00			`smbTcpPort ? 445,`
nix fmt 2023-03-21 13:38:22 +01:00			`autoStart ? false,`
feat: introduce treefmt and fmt all 2024-11-15 10:17:56 +01:00			`}:`
			`{`
fix(*): adapt to nixos-24.05 changes 2024-06-01 21:46:09 +02:00			`inherit specialArgs;`
feat: introduce treefmt and fmt all 2024-11-15 10:17:56 +01:00			`config =`
			`{ ... }:`
			`{`
			`system.stateVersion = "20.05"; # Did you read the comment?`
nix fmt 2023-03-21 13:38:22 +01:00
feat: introduce treefmt and fmt all 2024-11-15 10:17:56 +01:00			`imports = [ ../profiles/containers/configuration.nix ];`
nix fmt 2023-03-21 13:38:22 +01:00
feat: introduce treefmt and fmt all 2024-11-15 10:17:56 +01:00			`networking.firewall.allowedTCPPorts = [`
			`# syncthing gui`
			`8384`
			`];`
nix fmt 2023-03-21 13:38:22 +01:00
feat: introduce treefmt and fmt all 2024-11-15 10:17:56 +01:00			`services.syncthing = {`
			`enable = true;`
			`openDefaultPorts = true;`
			`guiAddress = "0.0.0.0:8384";`
			`};`
feat(syncthing): expose scan folder via samba 2025-05-14 10:46:20 +02:00
			`services.samba = {`
			`enable = true;`
			`securityType = "user";`
			`openFirewall = true;`
			`settings = {`
			`global = {`
			`"workgroup" = "DMZ";`
			`"server string" = "syncthing";`
			`"netbios name" = "syncthing";`
			`"security" = "user";`
			`#"use sendfile" = "yes";`
			`#"max protocol" = "smb2";`
			`# note: localhost is the ipv6 localhost ::1`
			`"hosts allow" = "192.168.23. 127.0.0.1 localhost";`
			`"hosts deny" = "0.0.0.0/0";`
			`"guest account" = "nobody";`
			`"map to guest" = "bad user";`
			`};`
			`"scan-stefan" = {`
			`"path" = "/var/lib/syncthing/Sync/Home::Scan::Stefan";`
			`"browseable" = "yes";`
			`"read only" = "no";`
			`"guest ok" = "no";`
			`"create mask" = "0644";`
			`"directory mask" = "0755";`
			`"force user" = "syncthing";`
			`"force group" = "syncthing";`
			`};`

			`"scan-justyna" = {`
			`"path" = "/var/lib/syncthing/Sync/Home::Scan::Justyna";`
			`"browseable" = "yes";`
			`"read only" = "no";`
			`"guest ok" = "no";`
			`"create mask" = "0644";`
			`"directory mask" = "0755";`
			`"force user" = "syncthing";`
			`"force group" = "syncthing";`
			`};`
			`};`
			`};`


			`# TODO: find out if smbpasswd file is still used and set it here. or find an alternative`
			`# sops.secrets.smbpasswd = {`
			`# };`
			`# environment.etc."samba/smbpasswd".source = config.sops.secrets.smbpasswd.text;`
devices/vmd32387: move syncthing to a nixos container 2019-02-08 23:52:22 +01:00			`};`

[WIP] feat: migrate containers to vmd102066 2022-11-03 16:48:06 +01:00			`inherit autoStart;`
devices/vmd32387: move syncthing to a nixos container 2019-02-08 23:52:22 +01:00
			`bindMounts = {`
			`"/var/lib/syncthing/" = {`
			`hostPath = "/var/lib/container-volumes/syncthing/var-lib-syncthing";`
			`isReadOnly = false;`
			`};`
			`};`

			`privateNetwork = true;`
			`forwardPorts = [`
			`{`
			`containerPort = 22000;`
containers: make all host ports configurable 2020-09-14 19:38:36 +02:00			`hostPort = syncthingPort;`
devices/vmd32387: move syncthing to a nixos container 2019-02-08 23:52:22 +01:00			`protocol = "tcp";`
			`}`
feat(167.233.1.14): migrate all containers here 2023-03-08 19:13:59 +01:00			`{`
			`containerPort = 22000;`
			`hostPort = syncthingPort;`
			`protocol = "udp";`
			`}`
run most containers and back them up at home * switch backup from wasabi-s3 to btrfs via ssh * add srv0 at home * run webserver and syncthing at home 2020-12-30 09:10:30 +01:00			`{`
			`containerPort = 21027;`
			`hostPort = syncthingLocalAnnouncePort;`
feat(167.233.1.14): migrate all containers here 2023-03-08 19:13:59 +01:00			`protocol = "udp";`
run most containers and back them up at home * switch backup from wasabi-s3 to btrfs via ssh * add srv0 at home * run webserver and syncthing at home 2020-12-30 09:10:30 +01:00			`}`
feat(syncthing): expose scan folder via samba 2025-05-14 10:46:20 +02:00			`{`
			`containerPort = 445;`
			`hostPort = smbTcpPort;`
			`protocol = "tcp";`
			`}`
devices/vmd32387: move syncthing to a nixos container 2019-02-08 23:52:22 +01:00			`];`
containers: make all variables explicit Instead of merging the argument set just make all arguments explicit. 2020-09-15 17:21:28 +02:00
feat(sj-srv1): switch to hostBridge set up the hostside veth interfaces seem to be buggy and this is more efficient anyway. 2024-08-24 00:16:29 +02:00			`inherit hostBridge hostAddress localAddress;`
devices/vmd32387: move syncthing to a nixos container 2019-02-08 23:52:22 +01:00			`}`