···
+
{ config, lib, pkgs, ... }:
+
cfg = config.services.resilio;
+
resilioSync = pkgs.resilio;
+
listenAddr = cfg.httpListenAddr + ":" + (toString cfg.httpListenPort);
+
boolStr = x: if x then "true" else "false";
+
optionalEmptyStr = b: v: optionalString (b != "") v;
+
webUIConfig = optionalString cfg.enableWebUI
+
${optionalEmptyStr cfg.httpLogin "\"login\": \"${cfg.httpLogin}\","}
+
${optionalEmptyStr cfg.httpPass "\"password\": \"${cfg.httpPass}\","}
+
${optionalEmptyStr cfg.apiKey "\"api_key\": \"${cfg.apiKey}\","}
+
${optionalEmptyStr cfg.directoryRoot "\"directory_root\": \"${cfg.directoryRoot}\","}
+
"listen": "${listenAddr}"
+
optionalString (e ? "knownHosts")
+
(concatStringsSep "," (map (v: "\"${v}\"") e."knownHosts"));
+
concatStringsSep "," (map (entry:
+
if (entry ? attr) then boolStr entry.attr else boolStr v;
+
"secret": "${entry.secret}",
+
"dir": "${entry.directory}",
+
"use_relay_server": ${helper "useRelayServer" true},
+
"use_tracker": ${helper "useTracker" true},
+
"use_dht": ${helper "useDHT" false},
+
"search_lan": ${helper "searchLAN" true},
+
"use_sync_trash": ${helper "useSyncTrash" true},
+
"known_hosts": [${knownHosts entry}]
+
'') cfg.sharedFolders);
+
sharedFoldersConfig = optionalString (cfg.sharedFolders != [])
+
configFile = pkgs.writeText "config.json"
+
"device_name": "${cfg.deviceName}",
+
"storage_path": "${cfg.storagePath}",
+
"listening_port": ${toString cfg.listeningPort},
+
"check_for_updates": ${boolStr cfg.checkForUpdates},
+
"use_upnp": ${boolStr cfg.useUpnp},
+
"download_limit": ${toString cfg.downloadLimit},
+
"upload_limit": ${toString cfg.uploadLimit},
+
"lan_encrypt_data": ${boolStr cfg.encryptLAN},
+
If enabled, start the Resilio Sync daemon. Once enabled, you can
+
interact with the service through the Web UI, or configure it in your
+
NixOS configuration. Enabling the <literal>resilio</literal> service
+
also installs a systemd user unit which can be used to start
+
user-specific copies of the daemon. Once installed, you can use
+
<literal>systemctl --user start resilio</literal> as your user to start
+
the daemon using the configuration file located at
+
<literal>$HOME/.config/resilio-sync/config.json</literal>.
+
deviceName = mkOption {
+
Name of the Resilio Sync device.
+
listeningPort = mkOption {
+
Listening port. Defaults to 0 which randomizes the port.
+
checkForUpdates = mkOption {
+
Determines whether to check for updates and alert the user
+
Use Universal Plug-n-Play (UPnP)
+
downloadLimit = mkOption {
+
Download speed limit. 0 is unlimited (default).
+
uploadLimit = mkOption {
+
Upload speed limit. 0 is unlimited (default).
+
httpListenAddr = mkOption {
+
HTTP address to bind to.
+
httpListenPort = mkOption {
+
example = "allyourbase";
+
HTTP web login username.
+
example = "arebelongtous";
+
HTTP web login password.
+
encryptLAN = mkOption {
+
description = "Encrypt LAN data.";
+
enableWebUI = mkOption {
+
Enable Web UI for administration. Bound to the specified
+
<literal>httpListenAddress</literal> and
+
<literal>httpListenPort</literal>.
+
storagePath = mkOption {
+
default = "/var/lib/resilio-sync/";
+
Where BitTorrent Sync will store it's database files (containing
+
things like username info and licenses). Generally, you should not
+
need to ever change this.
+
description = "API key, which enables the developer API.";
+
directoryRoot = mkOption {
+
description = "Default directory to add folders in the web UI.";
+
sharedFolders = mkOption {
+
[ { secret = "AHMYFPCQAHBM7LQPFXQ7WV6Y42IGUXJ5Y";
+
directory = "/home/user/sync_test";
+
Shared folder list. If enabled, web UI must be
+
disabled. Secrets can be generated using <literal>rslsync
+
--generate-secret</literal>. Note that this secret will be
+
put inside the Nix store, so it is realistically not very
+
If you would like to be able to modify the contents of this
+
directories, it is recommended that you make your user a
+
member of the <literal>resilio</literal> group.
+
Directories in this list should be in the
+
<literal>resilio</literal> group, and that group must have
+
write access to the directory. It is also recommended that
+
<literal>chmod g+s</literal> is applied to the directory
+
so that any sub directories created will also belong to
+
the <literal>resilio</literal> group. Also,
+
<literal>setfacl -d -m group:resilio:rwx</literal> and
+
<literal>setfacl -m group:resilio:rwx</literal> should also
+
be applied so that the sub directories are writable by
+
config = mkIf cfg.enable {
+
[ { assertion = cfg.deviceName != "";
+
message = "Device name cannot be empty.";
+
{ assertion = cfg.enableWebUI -> cfg.sharedFolders == [];
+
message = "If using shared folders, the web UI cannot be enabled.";
+
{ assertion = cfg.apiKey != "" -> cfg.enableWebUI;
+
message = "If you're using an API key, you must enable the web server.";
+
services.resilio.package = mkOptionDefault pkgs.resilio;
+
users.extraUsers.rslsync = {
+
description = "Resilio Sync Service user";
+
home = cfg.storagePath;
+
uid = config.ids.uids.rslsync;
+
users.extraGroups = [ { name = "rslsync"; } ];
+
systemd.services.resilio = with pkgs; {
+
description = "Resilio Sync Service";
+
wantedBy = [ "multi-user.target" ];
+
after = [ "network.target" "local-fs.target" ];
+
"${resilioSync}/bin/rslsync --nodaemon --config ${configFile}";
+
systemd.user.services.resilio = with pkgs; {
+
description = "Resilio Sync user service";
+
after = [ "network.target" "local-fs.target" ];
+
"${resilioSync}/bin/rslsync --nodaemon --config %h/.config/resilio-sync/config.json";
+
environment.systemPackages = [ cfg.package ];
pyrox.dev