refactor(syncthing): Refactor syncthing modules

2025-03-10 15:16:47 -06:00
parent 4f5abf4826
commit 5f80bfc5c8
5 changed files with 187 additions and 121 deletions
--- a/modules/nixos/syncthing.nix
+++ b/modules/nixos/syncthing.nix
@@ -1,44 +1,52 @@
 { config, lib, pkgs, ... }:

-# TODO: This is a Deertopia module.  Move to nixos/deertopia/syncthing.nix.
-
 let cfg = config.sydnix.syncthing;
 in {
-  options = {
-    sydnix.syncthing = {
-      enable = lib.mkEnableOption "Syncthing";
-      devices = lib.mkOption {
-        type = lib.types.anything;
-        default = {};
-      };
-      folders = lib.mkOption {
-        type = lib.types.anything;
-        default = {};
+  options.sydnix.syncthing = {
+    enable = lib.mkEnableOption "Syncthing";
+    includeDevices = lib.mkOption {
+      type =
+        lib.types.listOf
+          (lib.types.enum (builtins.attrNames cfg.devices));
+      default = [];
+      description = ''
+        A list of device names to sync with.  See the read-only option
+        `sydnix.syncthing.devices` for the concrete details.
+      '';
+    };
+    devices = lib.mkOption {
+      # This should generally be in sync with modules/home/syncthing.nix.
+      default = {
+        "guix-rebound".id =
+          "Q5B6LIV-5HQMWWV-XFQL5IT-PHP7PVE-XFWUVHK-F6WJ42C-OPMR4M7-GFNK3AG";
+        "deertopia".id =
+          "OO6XGGQ-SORH6XW-YEMN3T3-CSW5QOO-2IRB2QE-NZOL6JE-RAV36GS-WZXXLQV";
+        "nixos-testbed".id =
+          "BO3AESA-LBKMZW7-QFE7NTT-GF62DOA-PYUACYU-HNTNYI5-EMF6PAN-TR6YHAL";
      };
+      readOnly = true;
+      description = ''
+        The read-only 'universe' of devices available.  A subset of these
+        devices — those named by `sydnix.syncthing.includeDevices` — will be
+        handed to Syncthing's module.  This should generally match the option of
+        the same name in the Home-manager module, `sydnix.syncthing.devices`.
+      '';
+    };
+    directories = lib.mkOption {
+      type = lib.types.anything;
+      default = {};
+      description = ''
+        Directly handed to `services.syncthing.settings.folders`.
+      '';
    };
  };

  config = lib.mkIf cfg.enable {
-    # HACK: I don't understand the idioms of Unix file permissions.
-    # TODO: Consult molly for this shit TwT.
-    users.users.${config.services.syncthing.user}.extraGroups = [
-      "jellyfin"
-      "nginx"
-    ];
-
    sydnix.impermanence.directories = [
+      # Most notably, preserves the device ID.
      "/var/lib/syncthing"
    ];

-    sydnix.deertopia.nginx.vhosts."syncthing".vhost = {
-      forceSSL = true;
-      enableACME = true;
-      locations."/" = {
-        # TODO: This should work if guiAddress already specifies a protocol.
-        proxyPass = "http://" + config.services.syncthing.guiAddress;
-      };
-    };
-
    services.syncthing = {
      enable = true;
      openDefaultPorts = true;
@@ -51,8 +59,11 @@ in {
        };
        overrideDevices = true;
        overrideFolders = true;
-        devices = cfg.devices;
-        folders = cfg.folders;
+        devices =
+          lib.filterAttrs
+            (k: _v: builtins.elem k cfg.includeDevices)
+            cfg.devices;
+        folders = cfg.directories;
      };
    };
  };