rpqt/flocon
rpqt/flocon
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

move services to internal clan tld

Browse source
This commit is contained in:
Romain Paquet 2026-01-05 21:42:17 +01:00
parent 9e3d99231d
commit dda8ca5d0f
10 changed files with 83 additions and 44 deletions
Download patch file Download diff file Expand all files Collapse all files

20
machines/genepi/syncthing.nix
View file

@ -1,31 +1,41 @@
{
config,
lib,
pkgs,
...
}:
let
user = "rpqt";
home = config.users.users.${user}.home;
domain = "home.rpqt.fr";
subdomain = "genepi.${domain}";
tld = "val";
domain = "genepi.${tld}";
in
{
services.nginx.virtualHosts.${subdomain} = {
services.nginx.virtualHosts.${domain} = {
forceSSL = true;
useACMEHost = "${domain}";
locations."/syncthing".proxyPass = "http://${config.services.syncthing.guiAddress}";
enableACME = true;
locations."/syncthing" = {
proxyPass = "http://${config.services.syncthing.guiAddress}";
};
};
security.acme.certs.${domain}.server = "https://ca.${tld}/acme/acme/directory";
services.syncthing = {
enable = true;
user = user;
group = lib.mkForce "users";
dataDir = home;
configDir = lib.mkForce "${home}/.config/syncthing";
guiAddress = "0.0.0.0:8384";
guiPasswordFile = config.clan.core.vars.generators.syncthing-gui.files.password.path;
};
networking.firewall.interfaces.wireguard = {
allowedTCPPorts = [ 8384 ];
};
clan.core.vars.generators.syncthing-gui = {
files.password = {
secret = true;