From 3fee51f7378a523a95e494d160b7562206cf714b Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Tue, 9 Apr 2019 16:52:17 +0200
Subject: syncthing: fix permissions of keys

---
 krebs/3modules/syncthing.nix | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

(limited to 'krebs/3modules/syncthing.nix')

diff --git a/krebs/3modules/syncthing.nix b/krebs/3modules/syncthing.nix
index 34879fd3f..bfbac1db9 100644
--- a/krebs/3modules/syncthing.nix
+++ b/krebs/3modules/syncthing.nix
@@ -133,8 +133,16 @@ in
 
     systemd.services.syncthing = mkIf (cfg.cert != null || cfg.key != null) {
       preStart = ''
-        ${optionalString (cfg.cert != null) "cp ${toString cfg.cert} ${config.services.syncthing.dataDir}/cert.pem"}
-        ${optionalString (cfg.key != null) "cp ${toString cfg.key} ${config.services.syncthing.dataDir}/key.pem"}
+        ${optionalString (cfg.cert != null) ''
+          cp ${toString cfg.cert} ${config.services.syncthing.dataDir}/cert.pem
+          chown ${config.services.syncthing.user}:${config.services.syncthing.group} ${config.services.syncthing.dataDir}/cert.pem
+          chmod 400 ${config.services.syncthing.dataDir}/cert.pem
+        ''}
+        ${optionalString (cfg.key != null) ''
+          cp ${toString cfg.key} ${config.services.syncthing.dataDir}/key.pem
+          chown ${config.services.syncthing.user}:${config.services.syncthing.group} ${config.services.syncthing.dataDir}/key.pem
+          chmod 400 ${config.services.syncthing.dataDir}/key.pem
+        ''}
       '';
     };
 
-- 
cgit v1.2.3


From 3adcf3a74c00b5e88b8c8c15d6aeb9ab3f9304db Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Thu, 18 Apr 2019 10:14:18 +0200
Subject: syncthing: listOf -> attrsOf

---
 krebs/3modules/syncthing.nix | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

(limited to 'krebs/3modules/syncthing.nix')

diff --git a/krebs/3modules/syncthing.nix b/krebs/3modules/syncthing.nix
index bfbac1db9..897ba1e7f 100644
--- a/krebs/3modules/syncthing.nix
+++ b/krebs/3modules/syncthing.nix
@@ -10,7 +10,7 @@ let
     addresses = peer.addresses;
   }) cfg.peers;
 
-  folders = map (folder: {
+  folders = mapAttrsToList ( _: folder: {
     inherit (folder) path id type;
     devices = map (peer: { deviceId = cfg.peers.${peer}.id; }) folder.peers;
     rescanIntervalS = folder.rescanInterval;
@@ -81,17 +81,18 @@ in
     };
 
     folders = mkOption {
-      default = [];
-      type = types.listOf (types.submodule ({ config, ... }: {
+      default = {};
+      type = types.attrsOf (types.submodule ({ config, ... }: {
         options = {
 
           path = mkOption {
             type = types.absolute-pathname;
+            default = config._module.args.name;
           };
 
           id = mkOption {
             type = types.str;
-            default = config.path;
+            default = config._module.args.name;
           };
 
           peers = mkOption {
-- 
cgit v1.2.3