Syncthing

From NixOS Wiki
Revision as of 16:51, 8 November 2023 by imported>Skylark (Syncthing moved away from /var/lib/syncthing a long time ago; add detail to firewall ports)

Syncthing is available as a standalone package: nix-env -iA nixos.syncthing

It can also be enabled as a service. Example:

services = {
    syncthing = {
        enable = true;
        user = "myusername";
        dataDir = "/home/myusername/Documents";    # Default folder for new synced folders
        configDir = "/home/myusername/Documents/.config/syncthing";   # Folder for Syncthing's settings and keys
    };
};

You can confirm Syncthing runs by visiting http://127.0.0.1:8384/ and following the official Getting Started guide: https://docs.syncthing.net/intro/getting-started.html

Declarative configuration

You can declaratively set your Syncthing folders by using the services.syncthing.devices and services.syncthing.folders options:

(Note: Before NixOS 21.11, declarative configuration was done in the services.syncthing.declarative option, such as services.syncthing.declarative.folders = {};)

services = {
  syncthing = {
    enable = true;
    user = "myusername";
    dataDir = "/home/myusername/Documents";
    configDir = "/home/myusername/Documents/.config/syncthing";
    overrideDevices = true;     # overrides any devices added or deleted through the WebUI
    overrideFolders = true;     # overrides any folders added or deleted through the WebUI
    devices = {
      "device1" = { id = "DEVICE-ID-GOES-HERE"; };
      "device2" = { id = "DEVICE-ID-GOES-HERE"; };
    };
    folders = {
      "Documents" = {        # Name of folder in Syncthing, also the folder ID
        path = "/home/myusername/Documents";    # Which folder to add to Syncthing
        devices = [ "device1" "device2" ];      # Which devices to share the folder with
      };
      "Example" = {
        path = "/home/myusername/Example";
        devices = [ "device1" ];
        ignorePerms = false;     # By default, Syncthing doesn't sync file permissions. This line enables it for this folder.
      };
    };
  };
};

If running a headless server, you should also change guiAddress to a publicly visible one (or just 0.0.0.0:8384, for example).

You will also probably have to open a few ports in the firewall:

   # Syncthing ports: 8384 for remote access to GUI
   # 22000 TCP and/or UDP for sync traffic
   # 21027/UDP for discovery
   # source: https://docs.syncthing.net/users/firewall.html
   networking.firewall.allowedTCPPorts = [ 8384 22000 ];
   networking.firewall.allowedUDPPorts = [ 22000 21027 ];

It is also a good idea to protect the web GUI with a username and password combination:

services.syncthing.extraOptions.gui = {
    user = "username";
    password = "password";
};

Home-manager service

https://github.com/nix-community/home-manager/blob/master/modules/services/syncthing.nix