Syncthing: Difference between revisions

Line 20:

== Configuration ==

=== Sync folders and ~~trusted~~ remote hosts ===

=== Sync folders and remote hosts ===

The following configuration will trust the remote hosts <code>device1</code> and <code>device2</code> by adding their <code>id</code>s. The shares <code>Documents</code> and <code>Example</code> are added to the local node, defined by their local file paths and list of allowed devices.<syntaxhighlight lang="nix">

The following configuration will trust the remote hosts <code>device1</code> and <code>device2</code> by adding their <code>id</code>s. The shares <code>Documents</code> and <code>Example</code> are added to the local node, defined by their local file paths and list of allowed devices.

The share <code>Sensitive</code> is shared unencrypted with <code>device1</code>, and encrypted with <code>device2</code>.<syntaxhighlight lang="nix">

services.syncthing = {

settings = {

Line 38:

Line 41:

# By default, Syncthing doesn't sync file permissions. This line enables it for this folder.

ignorePerms = false;

};

"Sensitive" = {

path = "/home/myusername/Sensitive";

devices = [

# We trust this device to have access

# to the decrypted contents of this folder.

"device1"

# We do not trust this device, but we want to have another

# (encrypted) copy of the data for redundancy/backup/sync purposes.

{

name = "device2";

# encryptionPasswordFile is a path to a file containing the encryption password.

# See below for information about managing secrets on NixOS.

encryptionPasswordFile = "/run/secrets/st-sensitive-password";

}

];

};

@@ Line 20: / Line 20: @@
 == Configuration ==
-=== Sync folders and trusted remote hosts ===
+=== Sync folders and remote hosts ===
-The following configuration will trust the remote hosts <code>device1</code> and <code>device2</code> by adding their <code>id</code>s. The shares <code>Documents</code> and <code>Example</code> are added to the local node, defined by their local file paths and list of allowed devices.<syntaxhighlight lang="nix">
+The following configuration will trust the remote hosts <code>device1</code> and <code>device2</code> by adding their <code>id</code>s. The shares <code>Documents</code> and <code>Example</code> are added to the local node, defined by their local file paths and list of allowed devices.
+The share <code>Sensitive</code>  is shared unencrypted with <code>device1</code>, and encrypted with <code>device2</code>.<syntaxhighlight lang="nix">
 services.syncthing = {
    settings = {
@@ Line 38: / Line 41: @@
          # By default, Syncthing doesn't sync file permissions. This line enables it for this folder.
          ignorePerms = false;
+      };
+      "Sensitive" = {
+        path = "/home/myusername/Sensitive";
+        devices = [
+          # We trust this device to have access
+          # to the decrypted contents of this folder.
+          "device1"
+          # We do not trust this device, but we want to have another
+          # (encrypted) copy of the data for redundancy/backup/sync purposes.
+          {
+            name = "device2";
+            # encryptionPasswordFile is a path to a file containing the encryption password.
+            # See below for information about managing secrets on NixOS.
+            encryptionPasswordFile = "/run/secrets/st-sensitive-password";
+          }
+        ];
        };
      };