From 5953860a6374bb170111b8c7efe544f6fdccc803 Mon Sep 17 00:00:00 2001 From: Dmitriy Kholkin Date: Tue, 8 Jul 2025 20:09:57 +0300 Subject: [PATCH] feat: add syncyomi service --- hosts/orion/default.nix | 1 + modules/nixos/services/syncyomi.nix | 34 +++++++++++++++++++++++++++++ secrets/orion/syncyomi.yaml | 25 +++++++++++++++++++++ 3 files changed, 60 insertions(+) create mode 100644 modules/nixos/services/syncyomi.nix create mode 100644 secrets/orion/syncyomi.yaml diff --git a/hosts/orion/default.nix b/hosts/orion/default.nix index 29f0cb9..b4b059a 100644 --- a/hosts/orion/default.nix +++ b/hosts/orion/default.nix @@ -106,6 +106,7 @@ ataraxia.security.acme.enable = true; ataraxia.services.authentik.enable = true; ataraxia.services.gitea.enable = true; + ataraxia.services.syncyomi.enable = true; ataraxia.services.vaultwarden.enable = true; ataraxia.virtualisation.guests = { diff --git a/modules/nixos/services/syncyomi.nix b/modules/nixos/services/syncyomi.nix new file mode 100644 index 0000000..ff0feac --- /dev/null +++ b/modules/nixos/services/syncyomi.nix @@ -0,0 +1,34 @@ +{ + config, + lib, + inputs, + secretsDir, + ... +}: +let + inherit (lib) mkEnableOption mkIf mkOption; + inherit (lib.types) str; + + cfg = config.ataraxia.services.syncyomi; +in +{ + imports = [ inputs.ataraxiasjel-nur.nixosModules.syncyomi ]; + + options.ataraxia.services.syncyomi = { + enable = mkEnableOption "Enable syncyomi service"; + sopsDir = mkOption { + type = str; + default = config.networking.hostName; + description = '' + Name for sops secrets directory. Defaults to hostname. + ''; + }; + }; + + config = mkIf cfg.enable { + sops.secrets.syncyomi.sopsFile = secretsDir + /${cfg.sopsDir}/syncyomi.yaml; + services.syncyomi.enable = true; + services.syncyomi.configFile = config.sops.secrets.syncyomi.path; + networking.firewall.allowedTCPPorts = [ 8282 ]; + }; +} diff --git a/secrets/orion/syncyomi.yaml b/secrets/orion/syncyomi.yaml new file mode 100644 index 0000000..f07acb0 --- /dev/null +++ b/secrets/orion/syncyomi.yaml @@ -0,0 +1,25 @@ +syncyomi: ENC[AES256_GCM,data:DRx/E4S4IEVp4uFT2STjsv79bFZk+RGfv9EDYHiCOdkUr6TaA4fcF17fWD2VX2HshnU4dTnlOG/Z27/eygixkXjlFOIcSXuZZIv+Pttxl/r0cgI7NM8fGh3rn2Id34gIpRpmW34VwIU3EU9ctwBwTmsbpM2zMBbXKTXyr/mWuLCqc6WiSHlz1mJaHmMUW6uidj5WbnoJ0KamLlJtkZz0P0v+CczMhon6d9S2xWJ3qi/Tt15jTldEkKBZ+sNag9yAUc5dSPvNRGXsq5NAtqIIXpIVdDvBHKXLtlkeDroHFidyRlBsUJ9ZmpMNyZvBAngzspRQuPJAWcvMOp2EtpxwiReDk3n9UNPkwmj5ZOPwDixwjoriV9fHFOdHRFqICWEJbRMLwj+NHnkxa5vZI8f9WCfwjk3npbgQ1yY+GxBlv5iVBIacG/QmOZjpy9X1WURFGev6tHcL9KBRg2sx0hDR+qO1f4t8KWE8unS9xFBMiynsDsX46XIY1YeXXGfjZRiSZYTmenkUvXfkhijBmlLAW38=,iv:OAUDQhm5aQwjUa0vn03PzWOrZlJiFdPYGdZPDV/lFRs=,tag:71OvVXwwIl93mC4EpTAmzA==,type:str] +sops: + age: + - recipient: age13phpsegg6vu7a34ydtfa9s904dfpgzqhzru7epnky7glezk0xvkst9qh6h + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDU0swYlJZalNxYWZHcDAv + RnhsbFZhN2NsMkxXUWdDL0R6aEcvTFZCTUJZCjNpaWxYVXZ5T3NCVTBkZnVPa2ZG + U1RWcUxwRkVGSDhVdEtOcmpSWUxNR00KLS0tIGRHUHJCUjJuU3lZQnlZU1N0Q3Iy + UUxOMmIzMUcxdmdBR2tHZUdjd2FBeWsKqGJ0Globcl/6eEAk4ICtvqIKBvTlXiot + hwysXkcNqiSvaETLFWmrwtd+zLAuwb9320QBB5J1PgyU4onbMq5c4w== + -----END AGE ENCRYPTED FILE----- + - recipient: age1m5msm7rgqye2q9zesgedg0emga4ntehlr629786lrxs3rhk0squq0ly9je + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHdVNnbTVzWGJ5aWtWOVdW + bURQWXB5S0JCVFcxMGF6Y3R5czJQV2txTXhJCklOZW5VTzNtQ2ZTbWRFYTJsRTBo + QjJ3WW5WcFlVeG0wQ1N5WW9QcXZ5a1UKLS0tIDJ6Zkk2UHFHYU1CVlIvRmh4ZW0y + K3pwd2JyZUVpRXh5YTkxMGFBR2dHVWcKXphBeCwSow+8ETCKx4AZ3xEiOQHMmAHC + qmPDJM94dt9dXFBWZ1hlf3k5keAqicQzmvFfj0jaEs2wKbrRiXFAVQ== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-04-17T20:20:57Z" + mac: ENC[AES256_GCM,data:K68jXgp7l8hHkBLD/XoQmaN9gYDXdFbH30SOoeUaw2u0bIUbTopMTu1hfO405F/bHQ3N0JIJb7fYz0dqD2QvfvcI2HAIb2ZAeR8Z7IVmVyNZRuttzLCJ2KeW3DGkVh1QHdyM5lbYyiPunm3tTArhHKM7Bf8W9pXbN+k4p+L2ZLM=,iv:26Pvkq6PUWqWkshzZUJOGY4wor2nFvbEza8dWUf8Cl4=,tag:JGUGDqI5QfjdJoimr4uAEw==,type:str] + unencrypted_suffix: _unencrypted + version: 3.10.1