Syncthing: Difference between revisions

From NixOS Wiki
imported>Klaymore
Updated declarative configuration for 21.11 options changes, added note for earlier versions.
Ponder (talk | contribs)
m Missing small words
 
(33 intermediate revisions by 21 users not shown)
Line 1: Line 1:
Syncthing is available as a standalone package:
[https://syncthing.net Syncthing] is a decentralized file synchronization service. You can use it to safely sync all files in a folder between different desktops/servers.
== Setup ==
To enable Syncthing, add the following to your system configuration:


<nowiki>nix-env -iA nixos.syncthing</nowiki>
<syntaxhighlight lang="nix">
 
services.syncthing = {
It can also be enabled as a service. You'll typically want to configure the user and the path to the configuration directory, as with the defaultvalues ("syncthing" for the user, "/var/lib/syncthing" for the dir) you won't be able to access the files:
  enable = true;
 
  openDefaultPorts = true;
<nowiki>
  settings.gui = {
services = {
    user = "myuser";
    syncthing = {
    password = "mypassword";
        enable = true;
   };
        user = "myusername";
        dataDir = "/home/myusername/Documents";   # Default folder for new synced folders
        configDir = "/home/myusername/Documents/.config/syncthing";  # Folder for Syncthing's settings and keys
    };
};
};
</nowiki>
</syntaxhighlight>
 
You can confirm Syncthing runs by visiting http://127.0.0.1:8384/ and follow the official Getting Started guide: https://docs.syncthing.net/intro/getting-started.html
 
 
== Declarative Configuration ==


You can declaratively set your Syncthing folders by using the <code>services.syncthing.devices</code> and <code>services.syncthing.folders</code> options:
You can confirm Syncthing runs by visiting http://127.0.0.1:8384/ and authenticating using the credentials above.


(Note: Before NixOS 21.11, declarative configuration was done in the <code>services.syncthing.declarative</code> option, such as <code>services.syncthing.declarative.folders = {};</code>)
== Configuration ==


<nowiki>
=== Sync folders and trusted remote hosts ===
services = {
The following configuration will trust the remote hosts <code>device1</code> and <code>device2</code> by adding their <code>id</code>s. The shares <code>Documents</code> and <code>Example</code> are added to the local node, defined by their local file paths and list of allowed devices.<syntaxhighlight lang="nix">
   syncthing = {
services.syncthing = {
    enable = true;
   settings = {
    overrideDevices = true;    # overrides any devices added or deleted through the WebUI
    overrideFolders = true;    # overrides any folders added or deleted through the WebUI
     devices = {
     devices = {
       "device1" = { id = "DEVICE-ID-GOES-HERE"; };
       "device1" = { id = "DEVICE-ID-GOES-HERE"; };
Line 36: Line 27:
     };
     };
     folders = {
     folders = {
       "Documents" = {       # Name of folder in Syncthing, also the folder ID
       "Documents" = {
         path = "/home/myusername/Documents";   # Which folder to add to Syncthing
         path = "/home/myusername/Documents";
         devices = [ "device1" "device2" ];     # Which devices to share the folder with
         devices = [ "device1" "device2" ];
       };
       };
       "Example" = {
       "Example" = {
         path = "/home/myusername/Example";
         path = "/home/myusername/Example";
         devices = [ "device1" ];
         devices = [ "device1" ];
         ignorePerms = false;    # By default, Syncthing doesn't sync file permissions. This line enables it for this folder.
         # By default, Syncthing doesn't sync file permissions. This line enables it for this folder.
        ignorePerms = false;
       };
       };
     };
     };
   };
   };
};
};
</nowiki>
</syntaxhighlight>
=== Declarative node IDs ===
If you set up Syncthing with the above configuration, you will still need to manually accept the connection from your other devices. If you want to make this automatic, you must also set the key.pem and cert.pem options:
<syntaxhighlight lang="nix">
services = {
  syncthing = {
    key = "${</path/to/key.pem>}";
    cert = "${</path/to/cert.pem>}";
    ...
};
</syntaxhighlight>This will ensure your node has a stable ID.
 
You can optionally include the key.pem and cert.pem files in the NixOS configuration using a tool like sops-nix. See [[Comparison of secret managing schemes]].
 
To generate a new key.cert and key.pem for a deployment, you can use the -generate argument:
<syntaxhighlight lang="bash">$ nix-shell -p syncthing --run "syncthing -generate=myconfig"
2024/04/23 11:41:17 INFO: Generating ECDSA key and certificate for syncthing...
2024/04/23 11:41:17 INFO: Device ID: DMWVMM6-MKEQVB4-I4UZTRH-5A6E24O-XHQTL3K-AAI5R5L-MXNMUGX-QTGRHQ2
2024/04/23 11:41:17 INFO: Default folder created and/or linked to new config
$ ls myconfig/
cert.pem  config.xml  key.pem</syntaxhighlight>
 
== Tips and tricks ==


=== Disable default sync folder ===
Syncthing creates a 'Sync' folder in your home directory every time it regenerates a configuration, even if your declarative configuration does not have this folder. You can disable that by setting the STNODEFAULTFOLDER environment variable:
<syntaxhighlight lang="nix">systemd.services.syncthing.environment.STNODEFAULTFOLDER = "true"; # Don't create default ~/Sync folder</syntaxhighlight>


== home-manager service ==
== See also ==


https://github.com/nix-community/home-manager/blob/master/modules/services/syncthing.nix
* Home-Manager service https://github.com/nix-community/home-manager/blob/master/modules/services/syncthing.nix
[[Category: Applications]]

Latest revision as of 18:04, 14 October 2024

Syncthing is a decentralized file synchronization service. You can use it to safely sync all files in a folder between different desktops/servers.

Setup

To enable Syncthing, add the following to your system configuration:

services.syncthing = {
  enable = true;
  openDefaultPorts = true;
  settings.gui = {
    user = "myuser";
    password = "mypassword";
  };
};

You can confirm Syncthing runs by visiting http://127.0.0.1:8384/ and authenticating using the credentials above.

Configuration

Sync folders and trusted remote hosts

The following configuration will trust the remote hosts device1 and device2 by adding their ids. The shares Documents and Example are added to the local node, defined by their local file paths and list of allowed devices.

services.syncthing = {
  settings = {
    devices = {
      "device1" = { id = "DEVICE-ID-GOES-HERE"; };
      "device2" = { id = "DEVICE-ID-GOES-HERE"; };
    };
    folders = {
      "Documents" = {
        path = "/home/myusername/Documents";
        devices = [ "device1" "device2" ];
      };
      "Example" = {
        path = "/home/myusername/Example";
        devices = [ "device1" ];
        # By default, Syncthing doesn't sync file permissions. This line enables it for this folder.
        ignorePerms = false;
      };
    };
  };
};

Declarative node IDs

If you set up Syncthing with the above configuration, you will still need to manually accept the connection from your other devices. If you want to make this automatic, you must also set the key.pem and cert.pem options:

services = {
  syncthing = {
    key = "${</path/to/key.pem>}";
    cert = "${</path/to/cert.pem>}";
    ...
};

This will ensure your node has a stable ID.

You can optionally include the key.pem and cert.pem files in the NixOS configuration using a tool like sops-nix. See Comparison of secret managing schemes.

To generate a new key.cert and key.pem for a deployment, you can use the -generate argument:

$ nix-shell -p syncthing --run "syncthing -generate=myconfig"
2024/04/23 11:41:17 INFO: Generating ECDSA key and certificate for syncthing...
2024/04/23 11:41:17 INFO: Device ID: DMWVMM6-MKEQVB4-I4UZTRH-5A6E24O-XHQTL3K-AAI5R5L-MXNMUGX-QTGRHQ2
2024/04/23 11:41:17 INFO: Default folder created and/or linked to new config
$ ls myconfig/
cert.pem  config.xml  key.pem

Tips and tricks

Disable default sync folder

Syncthing creates a 'Sync' folder in your home directory every time it regenerates a configuration, even if your declarative configuration does not have this folder. You can disable that by setting the STNODEFAULTFOLDER environment variable:

systemd.services.syncthing.environment.STNODEFAULTFOLDER = "true"; # Don't create default ~/Sync folder

See also