stockholm/krebs/3modules/syncthing.nix

{ config, pkgs, ... }: with import <stockholm/lib>;

let

  kcfg = config.krebs.syncthing;
  scfg = config.services.syncthing;

  devices = mapAttrsToList (name: peer: {
    name = name;
    deviceID = peer.id;
    addresses = peer.addresses;
  }) kcfg.peers;

  folders = mapAttrsToList ( _: folder: {
    inherit (folder) path id type;
    devices = map (peer: { deviceId = kcfg.peers.${peer}.id; }) folder.peers;
    rescanIntervalS = folder.rescanInterval;
    fsWatcherEnabled = folder.watch;
    fsWatcherDelayS = folder.watchDelay;
    ignoreDelete = folder.ignoreDelete;
    ignorePerms = folder.ignorePerms;
  }) kcfg.folders;

  getApiKey = pkgs.writeDash "getAPIKey" ''
    ${pkgs.libxml2}/bin/xmllint \
      --xpath 'string(configuration/gui/apikey)'\
      ${scfg.dataDir}/config.xml
  '';

  updateConfig = pkgs.writeDash "merge-syncthing-config" ''
    set -efu

    # XXX this assumes the GUI address to be "IPv4 address and port"
    host=${shell.escape (elemAt (splitString ":" scfg.guiAddress) 0)}
    port=${shell.escape (elemAt (splitString ":" scfg.guiAddress) 1)}

    # wait for service to restart
    ${pkgs.untilport}/bin/untilport "$host" "$port"

    API_KEY=$(${getApiKey})

    _curl() {
      ${pkgs.curl}/bin/curl \
          -Ss \
          -H "X-API-Key: $API_KEY" \
          "http://$host:$port/rest""$@"
    }

    old_config=$(_curl /system/config)
    patch=${shell.escape (toJSON {
      inherit devices folders;
    })}
    new_config=$(${pkgs.jq}/bin/jq -en \
        --argjson old_config "$old_config" \
        --argjson patch "$patch" \
        '
          $old_config * $patch
        '
    )
    echo $new_config | _curl /system/config -d @-
    _curl /system/restart -X POST
  '';

in

{
  options.krebs.syncthing = {

    enable = mkEnableOption "syncthing-init";

    id = mkOption {
      type = types.str;
      default = config.krebs.build.host.name;
    };

    cert = mkOption {
      type = types.nullOr types.absolute-pathname;
      default = null;
    };

    key = mkOption {
      type = types.nullOr types.absolute-pathname;
      default = null;
    };

    peers = mkOption {
      default = {};
      type = types.attrsOf (types.submodule ({
        options = {

          # TODO make into addr + port submodule
          addresses = mkOption {
            type = types.listOf types.str;
            default = [];
          };

          #TODO check
          id = mkOption {
            type = types.str;
          };

        };
      }));
    };

    folders = mkOption {
      default = {};
      type = types.attrsOf (types.submodule ({ config, ... }: {
        options = {

          path = mkOption {
            type = types.absolute-pathname;
            default = config._module.args.name;
          };

          id = mkOption {
            type = types.str;
            default = config._module.args.name;
          };

          peers = mkOption {
            type = types.listOf types.str;
            default = [];
          };

          rescanInterval = mkOption {
            type = types.int;
            default = 3600;
          };

          type = mkOption {
            type = types.enum [ "sendreceive" "sendonly" "receiveonly" ];
            default = "sendreceive";
          };

          watch = mkOption {
            type = types.bool;
            default = true;
          };

          watchDelay = mkOption {
            type = types.int;
            default = 10;
          };

          ignoreDelete = mkOption {
            type = types.bool;
            default = false;
          };

          ignorePerms = mkOption {
            type = types.bool;
            default = true;
          };

        };
      }));
    };
  };

  config = mkIf kcfg.enable {

    systemd.services.syncthing = mkIf (kcfg.cert != null || kcfg.key != null) {
      preStart = ''
        ${optionalString (kcfg.cert != null) ''
          cp ${toString kcfg.cert} ${scfg.dataDir}/cert.pem
          chown ${scfg.user}:${scfg.group} ${scfg.dataDir}/cert.pem
          chmod 400 ${scfg.dataDir}/cert.pem
        ''}
        ${optionalString (kcfg.key != null) ''
          cp ${toString kcfg.key} ${scfg.dataDir}/key.pem
          chown ${scfg.user}:${scfg.group} ${scfg.dataDir}/key.pem
          chmod 400 ${scfg.dataDir}/key.pem
        ''}
      '';
    };

    systemd.services.syncthing-init = {
      after = [ "syncthing.service" ];
      wantedBy = [ "multi-user.target" ];

      serviceConfig = {
        User = scfg.user;
        RemainAfterExit = true;
        Type = "oneshot";
        ExecStart = updateConfig;
      };
    };
  };
}
k: add syncthing module 2019-03-22 06:57:34 +00:00			`{ config, pkgs, ... }: with import <stockholm/lib>;`

			`let`

syncthing: alias config.services.syncthing 2019-06-22 00:10:29 +00:00			`kcfg = config.krebs.syncthing;`
			`scfg = config.services.syncthing;`
k: add syncthing module 2019-03-22 06:57:34 +00:00
			`devices = mapAttrsToList (name: peer: {`
			`name = name;`
			`deviceID = peer.id;`
			`addresses = peer.addresses;`
syncthing: alias config.services.syncthing 2019-06-22 00:10:29 +00:00			`}) kcfg.peers;`
k: add syncthing module 2019-03-22 06:57:34 +00:00
syncthing: listOf -> attrsOf 2019-04-18 08:14:18 +00:00			`folders = mapAttrsToList ( _: folder: {`
syncthing: add id option 2019-04-07 16:21:18 +00:00			`inherit (folder) path id type;`
syncthing: alias config.services.syncthing 2019-06-22 00:10:29 +00:00			`devices = map (peer: { deviceId = kcfg.peers.${peer}.id; }) folder.peers;`
k: add syncthing module 2019-03-22 06:57:34 +00:00			`rescanIntervalS = folder.rescanInterval;`
syncthing folders: add watch & ignorePerms options 2019-03-23 15:04:01 +00:00			`fsWatcherEnabled = folder.watch;`
			`fsWatcherDelayS = folder.watchDelay;`
syncthing folders: add ignoreDelete option 2019-06-21 21:56:07 +00:00			`ignoreDelete = folder.ignoreDelete;`
syncthing folders: add watch & ignorePerms options 2019-03-23 15:04:01 +00:00			`ignorePerms = folder.ignorePerms;`
syncthing: alias config.services.syncthing 2019-06-22 00:10:29 +00:00			`}) kcfg.folders;`
k: add syncthing module 2019-03-22 06:57:34 +00:00
			`getApiKey = pkgs.writeDash "getAPIKey" ''`
			`${pkgs.libxml2}/bin/xmllint \`
			`--xpath 'string(configuration/gui/apikey)'\`
syncthing: alias config.services.syncthing 2019-06-22 00:10:29 +00:00			`${scfg.dataDir}/config.xml`
k: add syncthing module 2019-03-22 06:57:34 +00:00			`'';`

			`updateConfig = pkgs.writeDash "merge-syncthing-config" ''`
			`set -efu`
syncthing: get GUI address from config 2019-06-21 23:36:50 +00:00
			`# XXX this assumes the GUI address to be "IPv4 address and port"`
			`host=${shell.escape (elemAt (splitString ":" scfg.guiAddress) 0)}`
			`port=${shell.escape (elemAt (splitString ":" scfg.guiAddress) 1)}`

syncthing: wait for service startup 2019-03-23 15:04:22 +00:00			`# wait for service to restart`
syncthing: get GUI address from config 2019-06-21 23:36:50 +00:00			`${pkgs.untilport}/bin/untilport "$host" "$port"`

k: add syncthing module 2019-03-22 06:57:34 +00:00			`API_KEY=$(${getApiKey})`
syncthing: get GUI address from config 2019-06-21 23:36:50 +00:00
			`_curl() {`
			`${pkgs.curl}/bin/curl \`
			`-Ss \`
			`-H "X-API-Key: $API_KEY" \`
			`"http://$host:$port/rest""$@"`
			`}`

			`old_config=$(_curl /system/config)`
			`patch=${shell.escape (toJSON {`
			`inherit devices folders;`
			`})}`
			`new_config=$(${pkgs.jq}/bin/jq -en \`
			`--argjson old_config "$old_config" \`
			`--argjson patch "$patch" \`
			`'`
			`$old_config * $patch`
			`'`
			`)`
			`echo $new_config \| _curl /system/config -d @-`
			`_curl /system/restart -X POST`
k: add syncthing module 2019-03-22 06:57:34 +00:00			`'';`

			`in`

			`{`
			`options.krebs.syncthing = {`

			`enable = mkEnableOption "syncthing-init";`

			`id = mkOption {`
			`type = types.str;`
			`default = config.krebs.build.host.name;`
			`};`

			`cert = mkOption {`
			`type = types.nullOr types.absolute-pathname;`
			`default = null;`
			`};`

			`key = mkOption {`
			`type = types.nullOr types.absolute-pathname;`
			`default = null;`
			`};`

			`peers = mkOption {`
			`default = {};`
			`type = types.attrsOf (types.submodule ({`
			`options = {`

			`# TODO make into addr + port submodule`
			`addresses = mkOption {`
			`type = types.listOf types.str;`
			`default = [];`
			`};`

			`#TODO check`
			`id = mkOption {`
			`type = types.str;`
			`};`

			`};`
			`}));`
			`};`

			`folders = mkOption {`
syncthing: listOf -> attrsOf 2019-04-18 08:14:18 +00:00			`default = {};`
			`type = types.attrsOf (types.submodule ({ config, ... }: {`
k: add syncthing module 2019-03-22 06:57:34 +00:00			`options = {`

			`path = mkOption {`
			`type = types.absolute-pathname;`
syncthing: listOf -> attrsOf 2019-04-18 08:14:18 +00:00			`default = config._module.args.name;`
k: add syncthing module 2019-03-22 06:57:34 +00:00			`};`

syncthing: add id option 2019-04-07 16:21:18 +00:00			`id = mkOption {`
			`type = types.str;`
syncthing: listOf -> attrsOf 2019-04-18 08:14:18 +00:00			`default = config._module.args.name;`
syncthing: add id option 2019-04-07 16:21:18 +00:00			`};`

k: add syncthing module 2019-03-22 06:57:34 +00:00			`peers = mkOption {`
			`type = types.listOf types.str;`
			`default = [];`
			`};`

			`rescanInterval = mkOption {`
			`type = types.int;`
syncthing: increase rescanInterval to track upstream 2019-03-23 15:04:50 +00:00			`default = 3600;`
k: add syncthing module 2019-03-22 06:57:34 +00:00			`};`

			`type = mkOption {`
			`type = types.enum [ "sendreceive" "sendonly" "receiveonly" ];`
			`default = "sendreceive";`
			`};`

syncthing folders: add watch & ignorePerms options 2019-03-23 15:04:01 +00:00			`watch = mkOption {`
			`type = types.bool;`
			`default = true;`
			`};`

			`watchDelay = mkOption {`
			`type = types.int;`
			`default = 10;`
			`};`

syncthing folders: add ignoreDelete option 2019-06-21 21:56:07 +00:00			`ignoreDelete = mkOption {`
			`type = types.bool;`
			`default = false;`
			`};`

syncthing folders: add watch & ignorePerms options 2019-03-23 15:04:01 +00:00			`ignorePerms = mkOption {`
			`type = types.bool;`
			`default = true;`
			`};`

k: add syncthing module 2019-03-22 06:57:34 +00:00			`};`
			`}));`
			`};`
			`};`

syncthing: alias config.services.syncthing 2019-06-22 00:10:29 +00:00			`config = mkIf kcfg.enable {`
k: add syncthing module 2019-03-22 06:57:34 +00:00
syncthing: alias config.services.syncthing 2019-06-22 00:10:29 +00:00			`systemd.services.syncthing = mkIf (kcfg.cert != null \|\| kcfg.key != null) {`
k: add syncthing module 2019-03-22 06:57:34 +00:00			`preStart = ''`
syncthing: alias config.services.syncthing 2019-06-22 00:10:29 +00:00			`${optionalString (kcfg.cert != null) ''`
			`cp ${toString kcfg.cert} ${scfg.dataDir}/cert.pem`
			`chown ${scfg.user}:${scfg.group} ${scfg.dataDir}/cert.pem`
			`chmod 400 ${scfg.dataDir}/cert.pem`
syncthing: fix permissions of keys 2019-04-09 14:52:17 +00:00			`''}`
syncthing: alias config.services.syncthing 2019-06-22 00:10:29 +00:00			`${optionalString (kcfg.key != null) ''`
			`cp ${toString kcfg.key} ${scfg.dataDir}/key.pem`
			`chown ${scfg.user}:${scfg.group} ${scfg.dataDir}/key.pem`
			`chmod 400 ${scfg.dataDir}/key.pem`
syncthing: fix permissions of keys 2019-04-09 14:52:17 +00:00			`''}`
k: add syncthing module 2019-03-22 06:57:34 +00:00			`'';`
			`};`

			`systemd.services.syncthing-init = {`
			`after = [ "syncthing.service" ];`
			`wantedBy = [ "multi-user.target" ];`

			`serviceConfig = {`
syncthing: alias config.services.syncthing 2019-06-22 00:10:29 +00:00			`User = scfg.user;`
k: add syncthing module 2019-03-22 06:57:34 +00:00			`RemainAfterExit = true;`
			`Type = "oneshot";`
			`ExecStart = updateConfig;`
			`};`
			`};`
			`};`
			`}`