feat(syncthing): Switch from nextcloud to syncthing

home-config/personal/default.nix

@@ -2,6 +2,7 @@
   imports = [
     ./keepassxc.nix
     ./ssh-servers.nix
+    ./syncthing
     ./webapps.nix
   ];
 

home-config/personal/keepassxc.nix

@@ -1,53 +1,4 @@
-{
-  lib,
-  pkgs,
-  flake-inputs,
-  ...
-}:
-let
-  inherit (flake-inputs.self.packages.${pkgs.stdenv.hostPlatform.system}) nextcloudcmd;
-  inherit (flake-inputs.self.pkgs-lib.${pkgs.stdenv.hostPlatform.system}) writeNuWith;
-in
+{ pkgs, ... }:
 {
   home.packages = with pkgs; [ keepassxc ];
-
-  systemd.user = {
-    services.keepass-sync = {
-      Unit = {
-        Description = "KeepassXC synchronization";
-        ConditionEnvironment = [ "DBUS_SESSION_BUS_ADDRESS" ];
-      };
-      Service = {
-        Type = "oneshot";
-
-        ExecCondition = "${lib.getExe' pkgs.systemd "busctl"} --user status org.freedesktop.secrets";
-
-        ExecStart =
-          writeNuWith
-            {
-              packages = [
-                nextcloudcmd
-                pkgs.libsecret
-              ];
-            }
-            "sync-keepassxc"
-            ''
-              const url = 'https://nextcloud.tlater.net'
-              const nextcloud_dir = 'Backups/keepass'
-              let local_dir = $'($env.XDG_DATA_HOME | default ~/.local/share)/keepassxc/synced'
-
-              let attributes = secret-tool search URL $url o+e>| parse "{attribute} = {value}" | transpose -rid
-              let password = secret-tool lookup URL $url
-
-              $"($attributes.'attribute.UserName')\n($password)" | nextcloudcmd --path $nextcloud_dir $local_dir $url
-            '';
-      };
-    };
-
-    timers.keepass-sync = {
-      Unit.Description = "Periodic KeepassXC synchronization";
-      Timer.OnCalendar = "hourly";
-      Install.WantedBy = [ "timers.target" ];
-    };
-  };
 }

home-config/personal/syncthing.nix

@@ -0,0 +1 @@
+configFileconfigFile

home-config/personal/syncthing/default.nix

@@ -0,0 +1,84 @@
+{
+  config,
+  flake-inputs,
+  pkgs,
+  lib,
+  ...
+}:
+let
+  cfg = config.services.syncthing;
+  settingsFormat = pkgs.formats.json { };
+in
+{
+  disabledModules = [ "services/syncthing.nix" ];
+
+  options.services.syncthing = {
+    settings = lib.mkOption {
+      type = lib.types.submodule { freeformType = settingsFormat.type; };
+      default = { };
+    };
+  };
+
+  config = {
+    services.syncthing.settings.options = {
+      # Use tailscale to set up mesh networking, and disable all
+      # built-in networking.
+      listenAddresses = lib.mkDefault [
+        "tcp://100.64.0.5:22000"
+        "quic://100.64.0.5:22000"
+      ];
+      globalAnnounceEnabled = lib.mkDefault false;
+      localAnnounceEnabled = lib.mkDefault false;
+      relaysEnabled = lib.mkDefault false;
+      natEnabled = lib.mkDefault false;
+      urAccepted = lib.mkDefault (-1);
+      announceLANAddresses = lib.mkDefault false;
+      stunKeepaliveStartS = lib.mkDefault 0;
+
+      # Disable auto-ugprades; may not be necessary, but better safe
+      # than sorry.
+      autoUpgradeIntervalH = lib.mkDefault 0;
+
+      # We do this via the systemd service (background.slice)
+      setLowPriority = lib.mkDefault false;
+    };
+
+    xdg.configFile."systemd/user/syncthing.service".source =
+      "${pkgs.syncthing}/share/systemd/user/syncthing.service";
+
+    xdg.configFile."systemd/user/syncthing.service.d/override.conf".text = ''
+      [Unit]
+      Wants=syncthing-init.service
+
+      [Service]
+      Slice=background.slice
+    '';
+
+    systemd.user.services.syncthing-init = {
+      Unit = {
+        Description = "Syncthing configuration updater";
+        Requisite = [ "syncthing.service" ];
+        After = [ "syncthing.service" ];
+      };
+
+      Service = {
+        Slice = "background.slice";
+        Type = "oneshot";
+
+        Environment = [ "NU_LOG_LEVEL=INFO" ];
+
+        ExecStart =
+          let
+            configFile = settingsFormat.generate "config.json" cfg.settings.options;
+          in
+          flake-inputs.self.pkgs-lib.${pkgs.stdenv.hostPlatform.system}.writeNuWith {
+            plugins = [ pkgs.nushellPlugins.query ];
+            extraMakeWrapperArgs = [
+              "--add-flag"
+              configFile
+            ];
+          } "syncthing-apply-config" ./syncthing-apply-config.nu;
+      };
+    };
+  };
+}

home-config/personal/syncthing/syncthing-apply-config.nu

@@ -0,0 +1,52 @@
+use std/log
+
+def main [config: path] {
+  let options = open $config
+
+  let address = (
+    open --raw $'($env.XDG_STATE_HOME)/syncthing/config.xml'
+    | query xml 'string(configuration/gui/address)'
+  )
+
+  let api_key = (
+    open --raw $'($env.XDG_STATE_HOME)/syncthing/config.xml'
+    | query xml 'string(configuration/gui/apikey)'
+  )
+
+  # Wait for syncthing to be fully online
+  mut online = false
+
+  while not $online {
+    try {
+      http get $'http://($address)'
+      $online = true
+    }
+
+    sleep 5sec
+    log warning "Syncthing is a bit slow to start, retrying..."
+  }
+
+  def request [method: string path: string] {
+    let body = $in
+
+    match $method {
+      # This ridiculous construct is required because apparently
+      # subcommand choices can't be made with variables
+      delete => ($body | http delete --headers {X-API-Key: $api_key} $'http://($address)($path)')
+      get => ($body | http get --headers {X-API-Key: $api_key} $'http://($address)($path)')
+      head => ($body | http head --headers {X-API-Key: $api_key} $'http://($address)($path)')
+      options => ($body | http options --headers {X-API-Key: $api_key} $'http://($address)($path)')
+      patch => ($body | http patch --headers {X-API-Key: $api_key} $'http://($address)($path)')
+      post => ($body | http post --headers {X-API-Key: $api_key} $'http://($address)($path)')
+      put => ($body | http put --headers {X-API-Key: $api_key} $'http://($address)($path)')
+    }
+  }
+
+  # Write the settings
+  $options | to json | request put /rest/config/options
+
+  if (request get /rest/config/restart-required | $in.requiresRestart) {
+    log info "Configuration changes require a restart; restarting"
+    null | to json | request post /rest/system/restart
+  }
+}

lib/pkgs.nix

@@ -18,13 +18,14 @@ rec {
         "--plugins [${lib.concatStringsSep " " (map lib.getExe plugins)}]"
       ];
 
-      makeWrapperArgs = [
-        "--prefix"
-        "PATH"
-        ":"
-        (lib.makeBinPath packages)
-      ]
-      ++ extraMakeWrapperArgs;
+      makeWrapperArgs =
+        (lib.optionals (packages != [ ]) [
+          "--prefix"
+          "PATH"
+          ":"
+          (lib.makeBinPath packages)
+        ])
+        ++ extraMakeWrapperArgs;
     };
 
   writeNuBinWith = args: name: writeNuWith args "/bin/${name}";