From 5af49c32e2ce516ecbad007fb56e2e80742a9b3f Mon Sep 17 00:00:00 2001
From: Toast <toast003@tutamail.com>
Date: Wed, 6 Sep 2023 19:32:32 +0200
Subject: [PATCH] Syncthing: give additional capabilities

---
 roles/server/syncthing.nix | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/roles/server/syncthing.nix b/roles/server/syncthing.nix
index baddf06..1f25424 100755
--- a/roles/server/syncthing.nix
+++ b/roles/server/syncthing.nix
@@ -5,6 +5,7 @@
 		syncthingKey.file = ../../secrets/syncthing/key;
 		syncthingCert.file = ../../secrets/syncthing/cert;
 	};
+
 	services.syncthing = {
 		enable = true;
 		key = config.age.secrets.syncthingKey.path;
@@ -16,6 +17,10 @@
 			};
 		};
 	};
+	systemd.services.syncthing.serviceConfig = {
+		# Allow syncthing to change ownership of files
+		AmbientCapabilities = "CAP_CHOWN CAP_FOWNER";
+	};
 
 	# Set up traefik as the reverse proxy for syncthing
 	services.traefik = {