Set up syncthing on ahmed

author: Linnnus <[email protected]> 2025-05-13 15:57:35 +0200
committer: Linnnus <[email protected]> 2025-05-13 15:57:35 +0200
commit: 35759a84a0f155427b729ad3dbcf543683008a73 (patch)
tree: 38e214c5cf514d99e387fc488d032bb5738343d9 /hosts/ahmed
parent: 95677cdfa29f1e7a4a10be2243ec320e56979832 (diff)
4 files changed, 62 insertions, 0 deletions
diff --git a/hosts/ahmed/configuration.nix b/hosts/ahmed/configuration.nix
index e1062c5..6986a08 100644
--- a/hosts/ahmed/configuration.nix
+++ b/hosts/ahmed/configuration.nix
@@ -26,6 +26,7 @@
     ./local-dns
     ./vaultwarden
     ./wireguard-vpn
+    ./syncthing
   ];
 
   # Create the main user.
diff --git a/hosts/ahmed/syncthing/default.nix b/hosts/ahmed/syncthing/default.nix
new file mode 100644
index 0000000..1b4bbbc
--- /dev/null
+++ b/hosts/ahmed/syncthing/default.nix
@@ -0,0 +1,6 @@
+{
+  imports = [
+    ./syncthing.nix
+    ./reverse-proxy.nix
+  ];
+}
diff --git a/hosts/ahmed/syncthing/reverse-proxy.nix b/hosts/ahmed/syncthing/reverse-proxy.nix
new file mode 100644
index 0000000..e6b84c0
--- /dev/null
+++ b/hosts/ahmed/syncthing/reverse-proxy.nix
@@ -0,0 +1,25 @@
+{config, ...}: {
+  # Use NGINX as a reverse proxy.
+  # See: https://docs.syncthing.net/users/reverseproxy.html
+  services.nginx = {
+    virtualHosts."syncthing.${config.linus.local-dns.domain}" = {
+      locations."/" = {
+        proxyPass = "http://${config.services.syncthing.guiAddress}";
+        recommendedProxySettings = true;
+      };
+    };
+  };
+
+  # By default Syncthing checks that the Host header says "localhost" which
+  # will not be the case when using a reverse proxy.
+  #
+  # See: https://docs.syncthing.net/users/faq.html#why-do-i-get-host-check-error-in-the-gui-api
+  services.syncthing.settings.gui = {
+    insecureSkipHostcheck = true;
+
+    user = "linus";
+    password = "$y$j9T$mLlnLvW2XHNH3xlL0Vlnr1$Aa1tc2/c0qAKkp/5yt0F7dBD8pSjzqwgAIL4bZ/sAa9";
+  };
+
+  linus.local-dns.subdomains = ["syncthing"];
+}
diff --git a/hosts/ahmed/syncthing/syncthing.nix b/hosts/ahmed/syncthing/syncthing.nix
new file mode 100644
index 0000000..14a7bc7
--- /dev/null
+++ b/hosts/ahmed/syncthing/syncthing.nix
@@ -0,0 +1,30 @@
+# This module sets up syncthing on the server. It's very important because
+# muhammed and boox-tablet seldom are online on the same network at the same
+# time.
+{config, ...}: {
+  services.syncthing = {
+    enable = true;
+
+    key = config.age.secrets.syncthing-key.path;
+    cert = config.age.secrets.syncthing-cert.path;
+
+    settings = {
+      folders = {
+        "ebooks" = {
+          lable = "Ebooks";
+          path = "~/Synced ebooks"; # Recall that `~syncthing` is `/var/lib/syntching`.
+          copyOwnershipFromParent = true;
+          devices = ["muhammed" "boox-tablet"];
+        };
+      };
+
+      devices = {
+        boox-tablet.id = "SFQMOCB-TPRTXLD-WDL3REL-2XINQDR-3PZQ5IT-KX4PGXX-2VJO3JZ-2K2XNQ3";
+        muhammed.id = "ZLKZCO5-K3GX3S6-PTLB5B6-ETRBPQT-6ZCKHYV-FXQNDPI-CGYRSO4-NIRPQAY";
+      };
+    };
+  };
+
+  age.secrets.syncthing-key.file = ../../../secrets/syncthing-keys/ahmed/key.pem.age;
+  age.secrets.syncthing-cert.file = ../../../secrets/syncthing-keys/ahmed/cert.pem.age;
+}
author	Linnnus <[email protected]>	2025-05-13 15:57:35 +0200
committer	Linnnus <[email protected]>	2025-05-13 15:57:35 +0200
commit	35759a84a0f155427b729ad3dbcf543683008a73 (patch)
tree	38e214c5cf514d99e387fc488d032bb5738343d9 /hosts/ahmed
parent	95677cdfa29f1e7a4a10be2243ec320e56979832 (diff)