From e4f9e94269dfdf192ab97016f7997033f7dab205 Mon Sep 17 00:00:00 2001
From: Toast <toast003@tutamail.com>
Date: Sun, 24 Nov 2024 04:18:50 +0100
Subject: [PATCH] Desktop/syncthing: run as a user service managed by
 home-manager

---
 flake.lock                           |  6 +--
 roles/desktop/services/syncthing.nix | 67 ++++++++++++++++++++--------
 2 files changed, 52 insertions(+), 21 deletions(-)

diff --git a/flake.lock b/flake.lock
index 01a379e..833ae51 100644
--- a/flake.lock
+++ b/flake.lock
@@ -182,11 +182,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1731235328,
-        "narHash": "sha256-NjavpgE9/bMe/ABvZpyHIUeYF1mqR5lhaep3wB79ucs=",
+        "lastModified": 1732303962,
+        "narHash": "sha256-5Umjb5AdtxV5jSJd5jxoCckh5mlg+FBQDsyAilu637g=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "60bb110917844d354f3c18e05450606a435d2d10",
+        "rev": "8cf9cb2ee78aa129e5b8220135a511a2be254c0c",
         "type": "github"
       },
       "original": {
diff --git a/roles/desktop/services/syncthing.nix b/roles/desktop/services/syncthing.nix
index ba2ca9f..f3b0713 100644
--- a/roles/desktop/services/syncthing.nix
+++ b/roles/desktop/services/syncthing.nix
@@ -1,23 +1,54 @@
 {config, ...}: {
   services.syncthing = {
-    enable = true;
-    user = "toast";
-    group = "users";
-    dataDir = config.users.users.toast.home;
+    # enable = true;
+    # user = "toast";
+    # group = "users";
+    # dataDir = config.users.users.toast.home;
     settings.folders."passwords".path = "~/Documents/Passwords";
   };
-  # Allow regular users to stop syncthing
-  # https://stackoverflow.com/questions/61480914/using-policykit-to-allow-non-root-users-to-start-and-stop-a-service
-  security.polkit.extraConfig = ''
-    polkit.addRule(function(action, subject) {
-    	if (
-    		action.id == "org.freedesktop.systemd1.manage-units" &&
-    		action.lookup("unit") == "syncthing.service" &&
-    		subject.user == "${config.services.syncthing.user}"
-    	)
-    	{
-    		return polkit.Result.YES;
-    	}
-    })
-  '';
+  age.secrets = {
+    syncthingCert = {
+      owner = "toast";
+      group = "users";
+    };
+    syncthingKey = {
+      owner = "toast";
+      group = "users";
+    };
+  };
+  home-manager.users.toast = {
+    osConfig,
+    lib,
+    ...
+  }: let
+    systemConfig = osConfig.services.syncthing;
+    missingOptions = [
+      "all_proxy"
+      "configDir"
+      "dataDir"
+      "databaseDir"
+      "declarative"
+      "devices"
+      "folders"
+      "extraFlags"
+      "user"
+      "group"
+      "systemService"
+      "openDefaultPorts"
+      "options"
+      "relay"
+      "useInotify"
+    ];
+    removeMissingOptions = rawOptions: (
+      # lib.attrsets.filterAttrs (n: v: n == "all_proxy") rawOptions
+      builtins.removeAttrs rawOptions missingOptions
+    );
+  in {
+    services.syncthing = removeMissingOptions systemConfig // {
+      enable = true;
+      # Renamed options
+      allProxy = systemConfig.all_proxy;
+      extraOptions = systemConfig.extraFlags;
+    };
+  };
 }