blu/grapho
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit: Ultimate Notetaking, Sync & Backup System

Browse Source 
A NixOS-based system for managing personal data across three tiers:
- Tier 1: Configuration (shareable via git)
- Tier 2: Syncable data (nb + Syncthing)
- Tier 3: Large data (self-hosted services + backup)

Includes:
- NixOS modules for nb, Syncthing, backup (restic)
- Server modules for Forgejo, Immich, Jellyfin
- Helper scripts (usync, ustatus)
- Comprehensive documentation

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Brandon Lucas
2026-02-13 01:44:00 -05:00
commit b40ac99524
17 changed files with 3151 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

297
modules/backup.nix Normal file
View File

@@ -0,0 +1,297 @@
# Backup Module
#
# Declarative restic backup configuration with systemd timers.
#
# Usage:
# services.backup.enable = true;
# services.backup.paths = [ "/home/user/Documents" "/home/user/notes" ];
# services.backup.repository = "b2:mybucket:backup";
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.backup;
in {
options.services.backup = {
enable = mkEnableOption "automated backups with restic";
repository = mkOption {
type = types.str;
description = ''
Restic repository location.
Examples:
- Local: /mnt/backup
- SFTP: sftp:user@host:/path
- B2: b2:bucket-name:path
- S3: s3:s3.amazonaws.com/bucket-name
- REST: rest:http://host:8000/
'';
example = "b2:mybucket:backup";
};
paths = mkOption {
type = types.listOf types.str;
default = [];
description = "Paths to back up.";
example = [ "/home/user/Documents" "/home/user/notes" "/var/lib/important" ];
};
exclude = mkOption {
type = types.listOf types.str;
default = [
"**/.git"
"**/node_modules"
"**/__pycache__"
"**/.cache"
"**/Cache"
"**/.thumbnails"
"**/Trash"
"**/.local/share/Trash"
];
description = "Patterns to exclude from backup.";
};
passwordFile = mkOption {
type = types.str;
description = "Path to file containing restic repository password.";
example = "/run/secrets/restic-password";
};
environmentFile = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
Path to file containing environment variables for cloud storage.
Should contain variables like B2_ACCOUNT_ID, B2_ACCOUNT_KEY, etc.
'';
example = "/run/secrets/restic-env";
};
schedule = mkOption {
type = types.str;
default = "*-*-* 02:00:00"; # 2 AM daily
description = "When to run backups (systemd calendar format).";
example = "*-*-* 04:00:00";
};
pruneSchedule = mkOption {
type = types.str;
default = "Sun *-*-* 03:00:00"; # Sunday 3 AM
description = "When to prune old backups.";
};
retention = {
daily = mkOption {
type = types.int;
default = 7;
description = "Number of daily backups to keep.";
};
weekly = mkOption {
type = types.int;
default = 4;
description = "Number of weekly backups to keep.";
};
monthly = mkOption {
type = types.int;
default = 6;
description = "Number of monthly backups to keep.";
};
yearly = mkOption {
type = types.int;
default = 2;
description = "Number of yearly backups to keep.";
};
};
extraOptions = mkOption {
type = types.listOf types.str;
default = [];
description = "Extra options to pass to restic backup.";
example = [ "--verbose" "--exclude-caches" ];
};
user = mkOption {
type = types.str;
default = "root";
description = "User to run backups as.";
};
notifyOnFailure = mkOption {
type = types.bool;
default = true;
description = "Send notification on backup failure.";
};
};
config = mkIf cfg.enable {
# Install restic
environment.systemPackages = [ pkgs.restic ];
# Backup service
systemd.services.restic-backup = {
description = "Restic Backup";
after = [ "network-online.target" ];
wants = [ "network-online.target" ];
serviceConfig = {
Type = "oneshot";
User = cfg.user;
ExecStart = let
excludeArgs = concatMapStringsSep " " (e: "--exclude '${e}'") cfg.exclude;
pathArgs = concatStringsSep " " cfg.paths;
extraArgs = concatStringsSep " " cfg.extraOptions;
in pkgs.writeShellScript "restic-backup" ''
set -euo pipefail
export RESTIC_REPOSITORY="${cfg.repository}"
export RESTIC_PASSWORD_FILE="${cfg.passwordFile}"
${optionalString (cfg.environmentFile != null) "source ${cfg.environmentFile}"}
echo "Starting backup at $(date)"
${pkgs.restic}/bin/restic backup \
${excludeArgs} \
${extraArgs} \
${pathArgs}
echo "Backup completed at $(date)"
'';
# Security hardening
PrivateTmp = true;
ProtectSystem = "strict";
ReadWritePaths = [ "/tmp" ];
NoNewPrivileges = true;
};
# Retry on failure
unitConfig = {
OnFailure = mkIf cfg.notifyOnFailure [ "backup-notify-failure@%n.service" ];
};
};
# Backup timer
systemd.timers.restic-backup = {
description = "Restic Backup Timer";
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = cfg.schedule;
Persistent = true; # Run missed backups
RandomizedDelaySec = "30min"; # Spread load
};
};
# Prune service
systemd.services.restic-prune = {
description = "Restic Prune Old Backups";
after = [ "network-online.target" ];
wants = [ "network-online.target" ];
serviceConfig = {
Type = "oneshot";
User = cfg.user;
ExecStart = pkgs.writeShellScript "restic-prune" ''
set -euo pipefail
export RESTIC_REPOSITORY="${cfg.repository}"
export RESTIC_PASSWORD_FILE="${cfg.passwordFile}"
${optionalString (cfg.environmentFile != null) "source ${cfg.environmentFile}"}
echo "Pruning old backups at $(date)"
${pkgs.restic}/bin/restic forget \
--keep-daily ${toString cfg.retention.daily} \
--keep-weekly ${toString cfg.retention.weekly} \
--keep-monthly ${toString cfg.retention.monthly} \
--keep-yearly ${toString cfg.retention.yearly} \
--prune
echo "Prune completed at $(date)"
'';
PrivateTmp = true;
ProtectSystem = "strict";
NoNewPrivileges = true;
};
};
# Prune timer
systemd.timers.restic-prune = {
description = "Restic Prune Timer";
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = cfg.pruneSchedule;
Persistent = true;
};
};
# Failure notification service template
systemd.services."backup-notify-failure@" = mkIf cfg.notifyOnFailure {
description = "Backup Failure Notification";
serviceConfig = {
Type = "oneshot";
ExecStart = pkgs.writeShellScript "backup-notify-failure" ''
echo "Backup failed: %i at $(date)" | ${pkgs.util-linux}/bin/wall
# Add your notification method here:
# - Send email
# - Push notification
# - Slack webhook
# - etc.
'';
};
};
# Helper scripts
environment.systemPackages = [
(pkgs.writeShellScriptBin "ubackup" ''
# Unified backup helper
case "''${1:-}" in
now)
echo "Starting backup..."
sudo systemctl start restic-backup
;;
status)
echo "=== Recent backups ==="
export RESTIC_REPOSITORY="${cfg.repository}"
export RESTIC_PASSWORD_FILE="${cfg.passwordFile}"
${optionalString (cfg.environmentFile != null) "source ${cfg.environmentFile}"}
${pkgs.restic}/bin/restic snapshots --last 10
;;
restore)
if [ -z "''${2:-}" ]; then
echo "Usage: ubackup restore <snapshot-id> <target-path>"
exit 1
fi
export RESTIC_REPOSITORY="${cfg.repository}"
export RESTIC_PASSWORD_FILE="${cfg.passwordFile}"
${optionalString (cfg.environmentFile != null) "source ${cfg.environmentFile}"}
${pkgs.restic}/bin/restic restore "$2" --target "''${3:-.}"
;;
check)
echo "Checking backup integrity..."
export RESTIC_REPOSITORY="${cfg.repository}"
export RESTIC_PASSWORD_FILE="${cfg.passwordFile}"
${optionalString (cfg.environmentFile != null) "source ${cfg.environmentFile}"}
${pkgs.restic}/bin/restic check
;;
*)
echo "Usage: ubackup {now|status|restore|check}"
echo ""
echo "Commands:"
echo " now Run backup immediately"
echo " status Show recent backups"
echo " restore ID PATH Restore snapshot to path"
echo " check Verify backup integrity"
;;
esac
'')
];
};
}

146
modules/nb.nix Normal file
View File

@@ -0,0 +1,146 @@
# nb - CLI Notebook Module
#
# This module installs and configures nb, a command-line notebook tool
# with git-backed versioning and sync.
#
# Usage in your configuration.nix:
# programs.nb.enable = true;
# programs.nb.notebooks.personal.remote = "git@forgejo:you/notes.git";
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.programs.nb;
in {
options.programs.nb = {
enable = mkEnableOption "nb notebook CLI";
package = mkOption {
type = types.package;
default = pkgs.nb;
defaultText = literalExpression "pkgs.nb";
description = "The nb package to use.";
};
defaultNotebook = mkOption {
type = types.str;
default = "home";
description = "The default notebook name.";
};
editor = mkOption {
type = types.str;
default = "nvim";
description = "Editor to use for editing notes.";
};
defaultExtension = mkOption {
type = types.str;
default = "md";
description = "Default file extension for new notes.";
};
autoSync = mkOption {
type = types.bool;
default = false;
description = ''
Whether to automatically sync notebooks after operations.
Note: This can slow down operations if network is slow.
'';
};
colorTheme = mkOption {
type = types.str;
default = "blacklight";
description = "Color theme for nb (see 'nb settings colors').";
};
notebooks = mkOption {
type = types.attrsOf (types.submodule {
options = {
remote = mkOption {
type = types.nullOr types.str;
default = null;
description = "Git remote URL for syncing this notebook.";
example = "git@github.com:user/notes.git";
};
encrypted = mkOption {
type = types.bool;
default = false;
description = "Whether to encrypt notes in this notebook.";
};
};
});
default = {};
description = "Notebooks to configure with their remotes.";
example = literalExpression ''
{
personal = { remote = "git@forgejo:user/personal.git"; };
work = { remote = "git@forgejo:user/work.git"; encrypted = true; };
}
'';
};
};
config = mkIf cfg.enable {
environment.systemPackages = [
cfg.package
pkgs.git # nb requires git
pkgs.bat # Optional: better file viewing
pkgs.w3m # Optional: for nb browse
];
# Set environment variables for nb
environment.variables = {
EDITOR = cfg.editor;
NB_DEFAULT_EXTENSION = cfg.defaultExtension;
NB_AUTO_SYNC = if cfg.autoSync then "1" else "0";
NB_COLOR_THEME = cfg.colorTheme;
};
# Create activation script to set up notebooks
system.activationScripts.nb-setup = let
notebookSetup = concatStringsSep "\n" (mapAttrsToList (name: opts: ''
# Create notebook if it doesn't exist
if ! ${cfg.package}/bin/nb notebooks | grep -q "^${name}$"; then
echo "Creating nb notebook: ${name}"
${cfg.package}/bin/nb notebooks add ${name}
fi
${optionalString (opts.remote != null) ''
# Set remote for notebook
echo "Setting remote for ${name}: ${opts.remote}"
${cfg.package}/bin/nb ${name}:remote set ${opts.remote} 2>/dev/null || true
''}
'') cfg.notebooks);
in stringAfter [ "users" ] ''
# Skip if running in a chroot or during initial install
if [ -d /home ]; then
${notebookSetup}
fi
'';
# Optional: systemd timer for periodic sync
# Uncomment if you want automatic background sync
#
# systemd.user.services.nb-sync = {
# description = "Sync nb notebooks";
# serviceConfig = {
# Type = "oneshot";
# ExecStart = "${cfg.package}/bin/nb sync --all";
# };
# };
#
# systemd.user.timers.nb-sync = {
# description = "Periodic nb sync";
# wantedBy = [ "timers.target" ];
# timerConfig = {
# OnCalendar = "*:0/15"; # Every 15 minutes
# Persistent = true;
# };
# };
};
}

145
modules/server/forgejo.nix Normal file
View File

@@ -0,0 +1,145 @@
# Forgejo Module
#
# Self-hosted Git forge (GitHub/Gitea alternative).
# Used for hosting private nb notebook repositories.
#
# Usage:
# services.forgejo-managed.enable = true;
# services.forgejo-managed.domain = "git.yourdomain.com";
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.forgejo-managed;
in {
options.services.forgejo-managed = {
enable = mkEnableOption "managed Forgejo git forge";
domain = mkOption {
type = types.str;
description = "Domain name for Forgejo.";
example = "git.example.com";
};
httpPort = mkOption {
type = types.port;
default = 3000;
description = "HTTP port for Forgejo (behind reverse proxy).";
};
sshPort = mkOption {
type = types.port;
default = 2222;
description = "SSH port for git operations.";
};
stateDir = mkOption {
type = types.str;
default = "/var/lib/forgejo";
description = "State directory for Forgejo data.";
};
enableLFS = mkOption {
type = types.bool;
default = true;
description = "Enable Git LFS support.";
};
disableRegistration = mkOption {
type = types.bool;
default = true;
description = "Disable open user registration.";
};
adminEmail = mkOption {
type = types.nullOr types.str;
default = null;
description = "Admin email address.";
};
appName = mkOption {
type = types.str;
default = "Forgejo";
description = "Application name shown in UI.";
};
};
config = mkIf cfg.enable {
services.forgejo = {
enable = true;
stateDir = cfg.stateDir;
settings = {
DEFAULT = {
APP_NAME = cfg.appName;
};
server = {
DOMAIN = cfg.domain;
HTTP_PORT = cfg.httpPort;
ROOT_URL = "https://${cfg.domain}/";
SSH_PORT = cfg.sshPort;
SSH_DOMAIN = cfg.domain;
START_SSH_SERVER = true; # Built-in SSH server
LFS_START_SERVER = cfg.enableLFS;
};
service = {
DISABLE_REGISTRATION = cfg.disableRegistration;
REQUIRE_SIGNIN_VIEW = false; # Allow viewing public repos
};
repository = {
DEFAULT_PRIVATE = "private"; # New repos are private by default
ENABLE_PUSH_CREATE_USER = true; # Allow creating repos via push
};
"repository.upload" = {
ENABLED = true;
FILE_MAX_SIZE = 100; # MB
MAX_FILES = 10;
};
session = {
PROVIDER = "file";
COOKIE_SECURE = true; # Require HTTPS
};
log = {
LEVEL = "Info";
};
# Security
security = {
INSTALL_LOCK = true; # Prevent web-based install
MIN_PASSWORD_LENGTH = 12;
};
mailer = mkIf (cfg.adminEmail != null) {
ENABLED = true;
FROM = cfg.adminEmail;
};
};
};
# Open SSH port
networking.firewall.allowedTCPPorts = [ cfg.sshPort ];
# Create backup for Forgejo data
services.backup.paths = mkIf config.services.backup.enable [
cfg.stateDir
];
# Reverse proxy with Caddy (optional, can use nginx)
# Uncomment if using Caddy:
#
# services.caddy = {
# enable = true;
# virtualHosts."${cfg.domain}".extraConfig = ''
# reverse_proxy localhost:${toString cfg.httpPort}
# '';
# };
};
}

93
modules/server/immich.nix Normal file
View File

@@ -0,0 +1,93 @@
# Immich Module
#
# Self-hosted photo and video backup (Google Photos alternative).
# For Tier 3 photo management.
#
# Note: Immich is complex and changes frequently. This module provides
# a starting point but may need updates. Check NixOS options for latest.
#
# Usage:
# services.immich-managed.enable = true;
# services.immich-managed.domain = "photos.yourdomain.com";
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.immich-managed;
in {
options.services.immich-managed = {
enable = mkEnableOption "managed Immich photo service";
domain = mkOption {
type = types.str;
description = "Domain name for Immich.";
example = "photos.example.com";
};
port = mkOption {
type = types.port;
default = 2283;
description = "Port for Immich web interface.";
};
mediaLocation = mkOption {
type = types.str;
default = "/var/lib/immich";
description = "Location for storing photos and videos.";
};
externalLibraryPaths = mkOption {
type = types.listOf types.str;
default = [];
description = "Additional paths for external photo libraries.";
example = [ "/mnt/photos/archive" ];
};
enableMachineLearning = mkOption {
type = types.bool;
default = true;
description = "Enable ML features (face recognition, search).";
};
};
config = mkIf cfg.enable {
# Immich service (NixOS 24.05+)
services.immich = {
enable = true;
port = cfg.port;
mediaLocation = cfg.mediaLocation;
# Machine learning (optional, resource-intensive)
machine-learning.enable = cfg.enableMachineLearning;
# Settings
settings = {
# Add any Immich-specific settings here
# Check Immich docs for available options
};
};
# Ensure media directory exists with correct permissions
systemd.tmpfiles.rules = [
"d ${cfg.mediaLocation} 0755 immich immich -"
] ++ (map (path: "d ${path} 0755 immich immich -") cfg.externalLibraryPaths);
# Backup Immich data
services.backup.paths = mkIf config.services.backup.enable [
cfg.mediaLocation
"/var/lib/immich" # Database and config
];
# Memory recommendation
warnings = mkIf (cfg.enableMachineLearning && config.hardware.cpu.intel.updateMicrocode or false) [
"Immich ML features benefit from GPU acceleration. Consider enabling CUDA or OpenCL."
];
# Reverse proxy example (Caddy)
# services.caddy.virtualHosts."${cfg.domain}".extraConfig = ''
# reverse_proxy localhost:${toString cfg.port}
# '';
};
}

91
modules/server/jellyfin.nix Normal file
View File

@@ -0,0 +1,91 @@
# Jellyfin Module
#
# Self-hosted media server (Plex alternative).
# For Tier 3 media streaming.
#
# Usage:
# services.jellyfin-managed.enable = true;
# services.jellyfin-managed.domain = "media.yourdomain.com";
# services.jellyfin-managed.mediaLibraries = [ "/mnt/media/movies" "/mnt/media/tv" ];
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.jellyfin-managed;
in {
options.services.jellyfin-managed = {
enable = mkEnableOption "managed Jellyfin media server";
domain = mkOption {
type = types.str;
description = "Domain name for Jellyfin.";
example = "media.example.com";
};
port = mkOption {
type = types.port;
default = 8096;
description = "HTTP port for Jellyfin.";
};
mediaLibraries = mkOption {
type = types.listOf types.str;
default = [];
description = "Paths to media libraries.";
example = [ "/mnt/media/movies" "/mnt/media/tv" "/mnt/media/music" ];
};
enableHardwareAcceleration = mkOption {
type = types.bool;
default = false;
description = "Enable hardware transcoding (requires compatible GPU).";
};
openFirewall = mkOption {
type = types.bool;
default = true;
description = "Open firewall for Jellyfin ports.";
};
};
config = mkIf cfg.enable {
services.jellyfin = {
enable = true;
openFirewall = cfg.openFirewall;
};
# Give jellyfin access to media directories
systemd.services.jellyfin.serviceConfig.SupplementaryGroups = [
"render" # For hardware acceleration
"video" # For hardware acceleration
];
# Ensure media directories have correct permissions
systemd.tmpfiles.rules = map (path:
"d ${path} 0755 jellyfin jellyfin -"
) cfg.mediaLibraries;
# Hardware acceleration (Intel VAAPI example)
hardware.graphics = mkIf cfg.enableHardwareAcceleration {
enable = true;
extraPackages = with pkgs; [
intel-media-driver # For Intel
# nvidia-vaapi-driver # For NVIDIA
libva
];
};
# Note: For hardware acceleration, jellyfin user needs access to /dev/dri
users.users.jellyfin.extraGroups = mkIf cfg.enableHardwareAcceleration [
"render"
"video"
];
# Reverse proxy example
# services.caddy.virtualHosts."${cfg.domain}".extraConfig = ''
# reverse_proxy localhost:${toString cfg.port}
# '';
};
}

269
modules/syncthing.nix Normal file
View File

@@ -0,0 +1,269 @@
# Syncthing Module
#
# Declarative Syncthing configuration for NixOS.
# This wraps the built-in syncthing module with sensible defaults.
#
# Usage:
# services.syncthing-managed.enable = true;
# services.syncthing-managed.user = "youruser";
# services.syncthing-managed.devices.laptop.id = "DEVICE-ID-HERE";
# services.syncthing-managed.folders.documents.path = "~/Documents";
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.syncthing-managed;
in {
options.services.syncthing-managed = {
enable = mkEnableOption "managed Syncthing file synchronization";
user = mkOption {
type = types.str;
description = "User to run Syncthing as.";
example = "alice";
};
group = mkOption {
type = types.str;
default = "users";
description = "Group to run Syncthing as.";
};
dataDir = mkOption {
type = types.str;
default = "/home/${cfg.user}";
defaultText = literalExpression ''"/home/''${cfg.user}"'';
description = "Default directory for Syncthing data.";
};
configDir = mkOption {
type = types.str;
default = "/home/${cfg.user}/.config/syncthing";
defaultText = literalExpression ''"/home/''${cfg.user}/.config/syncthing"'';
description = "Directory for Syncthing configuration.";
};
guiAddress = mkOption {
type = types.str;
default = "127.0.0.1:8384";
description = "Address for the Syncthing web GUI.";
};
openFirewall = mkOption {
type = types.bool;
default = true;
description = "Whether to open the firewall for Syncthing.";
};
devices = mkOption {
type = types.attrsOf (types.submodule {
options = {
id = mkOption {
type = types.str;
description = "Device ID (from syncthing CLI or GUI).";
example = "XXXXXXX-XXXXXXX-XXXXXXX-XXXXXXX-XXXXXXX-XXXXXXX-XXXXXXX-XXXXXXX";
};
name = mkOption {
type = types.nullOr types.str;
default = null;
description = "Friendly name for the device.";
};
addresses = mkOption {
type = types.listOf types.str;
default = [ "dynamic" ];
description = "Addresses to connect to this device.";
};
autoAcceptFolders = mkOption {
type = types.bool;
default = false;
description = "Automatically accept shared folders from this device.";
};
};
});
default = {};
description = "Syncthing devices to connect to.";
example = literalExpression ''
{
laptop = {
id = "XXXXXXX-...";
name = "My Laptop";
};
server = {
id = "YYYYYYY-...";
addresses = [ "tcp://server.local:22000" ];
};
}
'';
};
folders = mkOption {
type = types.attrsOf (types.submodule ({ name, ... }: {
options = {
path = mkOption {
type = types.str;
description = "Local path to sync.";
example = "~/Documents";
};
devices = mkOption {
type = types.listOf types.str;
default = attrNames cfg.devices;
defaultText = literalExpression "attrNames cfg.devices";
description = "Devices to share this folder with.";
};
id = mkOption {
type = types.str;
default = name;
description = "Unique folder ID.";
};
type = mkOption {
type = types.enum [ "sendreceive" "sendonly" "receiveonly" ];
default = "sendreceive";
description = ''
Folder type:
- sendreceive: Full two-way sync (default)
- sendonly: Only send changes, ignore remote changes
- receiveonly: Only receive changes, don't send local changes
'';
};
versioning = mkOption {
type = types.nullOr (types.submodule {
options = {
type = mkOption {
type = types.enum [ "simple" "staggered" "trashcan" "external" ];
default = "simple";
description = "Versioning type.";
};
params = mkOption {
type = types.attrsOf types.str;
default = { keep = "5"; };
description = "Versioning parameters.";
};
};
});
default = null;
description = "Versioning configuration for this folder.";
example = literalExpression ''
{
type = "staggered";
params = {
cleanInterval = "3600";
maxAge = "31536000";
};
}
'';
};
ignorePerms = mkOption {
type = types.bool;
default = false;
description = "Ignore permission changes.";
};
rescanInterval = mkOption {
type = types.int;
default = 3600;
description = "How often to rescan the folder (seconds). 0 to disable.";
};
fsWatcherEnabled = mkOption {
type = types.bool;
default = true;
description = "Use filesystem watcher for real-time sync.";
};
};
}));
default = {};
description = "Folders to synchronize.";
example = literalExpression ''
{
documents = {
path = "~/Documents";
devices = [ "laptop" "desktop" ];
versioning = { type = "simple"; params.keep = "5"; };
};
music = {
path = "~/Music";
type = "receiveonly"; # Don't upload changes
};
}
'';
};
extraOptions = mkOption {
type = types.attrs;
default = {};
description = "Extra options to pass to services.syncthing.settings.";
};
};
config = mkIf cfg.enable {
services.syncthing = {
enable = true;
user = cfg.user;
group = cfg.group;
dataDir = cfg.dataDir;
configDir = cfg.configDir;
guiAddress = cfg.guiAddress;
overrideDevices = true; # Declarative device management
overrideFolders = true; # Declarative folder management
settings = {
devices = mapAttrs (name: device: {
inherit (device) id addresses autoAcceptFolders;
name = if device.name != null then device.name else name;
}) cfg.devices;
folders = mapAttrs (name: folder: {
inherit (folder) path id type ignorePerms rescanInterval fsWatcherEnabled;
devices = folder.devices;
versioning = if folder.versioning != null then folder.versioning else {};
}) cfg.folders;
options = {
urAccepted = -1; # Disable usage reporting
relaysEnabled = true;
globalAnnounceEnabled = true;
localAnnounceEnabled = true;
} // cfg.extraOptions;
};
};
# Open firewall if requested
networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts = [ 22000 ]; # Syncthing protocol
allowedUDPPorts = [ 22000 21027 ]; # Syncthing + discovery
};
# Convenience alias
environment.systemPackages = [
(pkgs.writeShellScriptBin "st" ''
# Syncthing shortcut
case "$1" in
status)
${pkgs.syncthing}/bin/syncthing cli show system
;;
scan)
${pkgs.syncthing}/bin/syncthing cli scan --all
;;
errors)
${pkgs.syncthing}/bin/syncthing cli errors
;;
*)
echo "Usage: st {status|scan|errors}"
;;
esac
'')
];
};
}