dotfiles/hosts/groceries/services/sync/syncthing.nix

{ config, ... }:

let
  sockDir = "/run/syncthing";
  cfg = config.services.syncthing;
in {
  my.syncthing.enable = true;

  services = {
    nginx = let
      upstream = "syncthing";
    in {
      virtualHosts."sync.eriedaberrie.me" = {
        locations."/syncthing/".proxyPass = "http://${upstream}/";
      };

      upstreams.${upstream}.servers."unix:${cfg.guiAddress}" = { };
    };

    syncthing = {
      guiAddress = "${sockDir}/syncthing.sock";
      settings = {
        gui = {
          address = cfg.guiAddress;
          unixSocketPermissions = "666";
          user = "serverie";
          password = "$2a$10$sSOgRCl5kB0ixakiVidWI.IH26tkoNZHqf9eUwoHmHxPEDRdYDZ06";
        };
      };
    };
  };

  systemd.tmpfiles.rules = let
    inherit (cfg) user group;
  in [
    "d '${sockDir}' 0755 ${user} ${group} - -"
    "z '${sockDir}' 0755 ${user} ${group} - -"
  ];
}