alyssum/home.syncthing: set proper defaults

alyssum/samba: bind some directories
2026-06-17 21:14:47 +10:00 · 2026-06-17 21:05:38 +10:00
3 changed files with 91 additions and 84 deletions
--- a/hosts/alyssum/home.syncthing.nix
+++ b/hosts/alyssum/home.syncthing.nix
@ -4,6 +4,8 @@ let
    me.binds."/home/${user}/.config/syncthing" = "${user}/syncthing/config";
    me.binds."/home/${user}/.local/state/syncthing" = "${user}/syncthing/state";

+    systemd.tmpfiles.rules = [ "d /flower/syncthing/${user} 700 ${user} users" ];
+
    users.users.${user} = {
      hashedPasswordFile = config.age.secrets.passwd.path;
      isNormalUser = true;
@ -18,6 +20,12 @@ let
      services.syncthing = {
        enable = true;
        guiAddress = "[::]:${toString port}";
+        options.listenAddresses = [
+          "tcp://0.0.0.0:2${toString port}"
+          "quic://0.0.0.0:2${toString port}"
+          "dynamic+https://relays.syncthing.net/endpoint"
+        ];
+        settings.defaults.folder.path = "/flower/syncthing/${user}";
      };
    };
  };
--- a/hosts/alyssum/samba.nix
+++ b/hosts/alyssum/samba.nix
@ -1,26 +1,42 @@
-{ config, pkgs, ... }: {
-  networking.firewall.allowPing = true;
+{ config, lib, pkgs, ... }:
+let
+  configOn = user: let
+    passwd_fname = "passwd_smb${user}";
+  in {
+    age.secrets.${passwd_fname}.file = ../../secrets/${passwd_fname}.age;
+    me.binds."/flower/smb/${user}/syncthing" = "/flower/syncthing/${user}";

-  age.secrets.passwd_smbcilly.file = ../../secrets/passwd_smbcilly.age;
-  age.secrets.passwd_smbkujira.file = ../../secrets/passwd_smbkujira.age;
-
-  users.users.cilly = {
-    hashedPasswordFile = config.age.secrets.passwd.path;
-    isNormalUser = true;
-  };
-  users.users.kujira = {
+    users.users.${user} = {
      hashedPasswordFile = config.age.secrets.passwd.path;
      isNormalUser = true;
    };
+
    system.activationScripts = {
      init_smbpasswd.text = let
        smbpasswd = "${config.services.samba.package}/bin/smbpasswd";
      in ''
-      printf "$(cat ${config.age.secrets.passwd_smbcilly.path})\n$(cat ${config.age.secrets.passwd_smbcilly.path})\n" | ${smbpasswd} -sa cilly
-
-      printf "$(cat ${config.age.secrets.passwd_smbkujira.path})\n$(cat ${config.age.secrets.passwd_smbkujira.path})\n" | ${smbpasswd} -sa kujira
+        printf "$(cat ${config.age.secrets.${passwd_fname}.path})\n$(cat ${config.age.secrets.${passwd_fname}.path})\n" | ${smbpasswd} -sa ${user}
      '';
    };
+    services.samba.settings."${user}" = {
+      "path" = "/flower/smb/${user}";
+      "browseable" = "yes";
+      "read only" = "no";
+      "guest ok" = "no";
+      "create mask" = "0644";
+      "directory mask" = "0755";
+      "force user" = user;
+      "force group" = "users";
+      "valid users" = user;
+    };
+  };
+in lib.mkMerge [
+  (configOn "cilly")
+  (configOn "kujira")
+  {
+    me.binds."/flower/smb/kujira/opencloud" = "/flower/opencloud/data/storage/users/users/a8e29fc0-673c-4c67-be00-2442904acb43";
+
+    networking.firewall.allowPing = true;

    services.samba = {
      enable = true;
@ -48,28 +64,6 @@
          "force user" = "hana";
          "force group" = "users";
        };
-      "cilly" = {
-        "path" = "/flower/smb/cilly";
-        "browseable" = "yes";
-        "read only" = "no";
-        "guest ok" = "no";
-        "create mask" = "0644";
-        "directory mask" = "0755";
-        "force user" = "cilly";
-        "force group" = "users";
-        "valid users" = "cilly";
-      };
-      "kujira" = {
-        "path" = "/flower/smb/kujira";
-        "browseable" = "yes";
-        "read only" = "no";
-        "guest ok" = "no";
-        "create mask" = "0644";
-        "directory mask" = "0755";
-        "force user" = "kujira";
-        "force group" = "users";
-        "valid users" = "kujira";
-      };
      };
    };

@ -85,4 +79,5 @@
      publish.enable = true;
      publish.userServices = true;
    };
-}
+  }
+]
--- a/modules/binds.nix
+++ b/modules/binds.nix
@ -1,8 +1,12 @@
 { config, lib, ...}: {
  imports = [ ./options.nix ];
-  fileSystems = lib.mapAttrs (dest: key: {
+  fileSystems = lib.mapAttrs (dest: key: let
+    target = if (lib.strings.hasPrefix "/" key)
+      then key
+      else "/persist/binds/${key}";
+  in {
    depends = [ "/persist" ];
-    device = "/persist/binds/${key}";
+    device = target;
    fsType = "none";
    options = [ "bind" ];
  }) config.me.binds;
Author	SHA1	Message	Date
Cilly Leang	907f2cabca	alyssum/home.syncthing: set proper defaults Some checks are pending CI / Build linux-lava for x86_64-linux (push) Waiting to run Details	2026-06-17 21:14:47 +10:00
Cilly Leang	5c13051b4b	alyssum/samba: bind some directories	2026-06-17 21:05:38 +10:00