Desktop/syncthing: run as a user service managed by home-manager
This commit is contained in:
parent
69c9bfca26
commit
e4f9e94269
2 changed files with 52 additions and 21 deletions
6
flake.lock
generated
6
flake.lock
generated
|
|
@ -182,11 +182,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1731235328,
|
"lastModified": 1732303962,
|
||||||
"narHash": "sha256-NjavpgE9/bMe/ABvZpyHIUeYF1mqR5lhaep3wB79ucs=",
|
"narHash": "sha256-5Umjb5AdtxV5jSJd5jxoCckh5mlg+FBQDsyAilu637g=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"rev": "60bb110917844d354f3c18e05450606a435d2d10",
|
"rev": "8cf9cb2ee78aa129e5b8220135a511a2be254c0c",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
|
||||||
|
|
@ -1,23 +1,54 @@
|
||||||
{config, ...}: {
|
{config, ...}: {
|
||||||
services.syncthing = {
|
services.syncthing = {
|
||||||
enable = true;
|
# enable = true;
|
||||||
user = "toast";
|
# user = "toast";
|
||||||
group = "users";
|
# group = "users";
|
||||||
dataDir = config.users.users.toast.home;
|
# dataDir = config.users.users.toast.home;
|
||||||
settings.folders."passwords".path = "~/Documents/Passwords";
|
settings.folders."passwords".path = "~/Documents/Passwords";
|
||||||
};
|
};
|
||||||
# Allow regular users to stop syncthing
|
age.secrets = {
|
||||||
# https://stackoverflow.com/questions/61480914/using-policykit-to-allow-non-root-users-to-start-and-stop-a-service
|
syncthingCert = {
|
||||||
security.polkit.extraConfig = ''
|
owner = "toast";
|
||||||
polkit.addRule(function(action, subject) {
|
group = "users";
|
||||||
if (
|
};
|
||||||
action.id == "org.freedesktop.systemd1.manage-units" &&
|
syncthingKey = {
|
||||||
action.lookup("unit") == "syncthing.service" &&
|
owner = "toast";
|
||||||
subject.user == "${config.services.syncthing.user}"
|
group = "users";
|
||||||
)
|
};
|
||||||
{
|
};
|
||||||
return polkit.Result.YES;
|
home-manager.users.toast = {
|
||||||
}
|
osConfig,
|
||||||
})
|
lib,
|
||||||
'';
|
...
|
||||||
|
}: let
|
||||||
|
systemConfig = osConfig.services.syncthing;
|
||||||
|
missingOptions = [
|
||||||
|
"all_proxy"
|
||||||
|
"configDir"
|
||||||
|
"dataDir"
|
||||||
|
"databaseDir"
|
||||||
|
"declarative"
|
||||||
|
"devices"
|
||||||
|
"folders"
|
||||||
|
"extraFlags"
|
||||||
|
"user"
|
||||||
|
"group"
|
||||||
|
"systemService"
|
||||||
|
"openDefaultPorts"
|
||||||
|
"options"
|
||||||
|
"relay"
|
||||||
|
"useInotify"
|
||||||
|
];
|
||||||
|
removeMissingOptions = rawOptions: (
|
||||||
|
# lib.attrsets.filterAttrs (n: v: n == "all_proxy") rawOptions
|
||||||
|
builtins.removeAttrs rawOptions missingOptions
|
||||||
|
);
|
||||||
|
in {
|
||||||
|
services.syncthing = removeMissingOptions systemConfig // {
|
||||||
|
enable = true;
|
||||||
|
# Renamed options
|
||||||
|
allProxy = systemConfig.all_proxy;
|
||||||
|
extraOptions = systemConfig.extraFlags;
|
||||||
|
};
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue