Syncthing
Syncthing is a decentralized file synchronization service. You can use it to safely sync all files in a folder between different desktops/servers.
Setup
To enable Syncthing, add following to your system configuration:
services.syncthing = {
enable = true;
openDefaultPorts = true;
settings.gui = {
user = "myuser";
password = "mypassword";
};
};
You can confirm Syncthing runs by visiting http://127.0.0.1:8384/ and authenticate using the credentials above.
Configuration
Follow the official Getting Started guide to get started.
Note: using a declarative configuration will overwrite files in configDir.
Note: every available option can be sourced from here https://mynixos.com/nixpkgs/options/services.syncthing
You can declaratively set your Syncthing folders by using the services.syncthing.devices and services.syncthing.folders options:
services = {
syncthing = {
enable = true;
user = "myusername";
dataDir = "/home/myusername/Documents";
configDir = "/home/myusername/Documents/.config/syncthing";
overrideDevices = true; # overrides any devices added or deleted through the WebUI
overrideFolders = true; # overrides any folders added or deleted through the WebUI
settings = {
devices = {
"device1" = { id = "DEVICE-ID-GOES-HERE"; };
"device2" = { id = "DEVICE-ID-GOES-HERE"; };
};
folders = {
"Documents" = { # Folder ID in Syncthing, also the name of folder (label) by default
path = "/home/myusername/Documents"; # Which folder to add to Syncthing
devices = [ "device1" "device2" ]; # Which devices to share the folder with
};
"Example" = {
label = "Private"; # Optional label for the folder
path = "/home/myusername/Example";
devices = [ "device1" ];
ignorePerms = false; # By default, Syncthing doesn't sync file permissions. This line enables it for this folder.
};
};
};
};
};
Beware when adding additional settings via services.syncthing.settings, because sometimes you cannot use the key as in the documentation. For example, when setting the Sync Protocol Listen Address: The key in the documentation is listenAddress, however, because the value is a list the key used in services.syncthing.settings has to be listenAddresses (notice the extra es). See the following example:
settings = {
options = {
listenAddresses = [ # listenAddress in the syncthing documentation
"relay://replay-server/?id=<device-id>"
];
globalAnnounceServers = [ # globalAnnounceServer in the syncthing documentation
"https://relay-server/?id=<device-id>"
];
};
};
Declarative node IDs
If you set up Syncthing with the above configuration, you will still need to manually accept the connection from your other devices. If you want to make this automatic, you must also set the key.pem and cert.pem options:
services = {
syncthing = {
key = "${</path/to/key.pem>}";
cert = "${</path/to/cert.pem>}";
...
};
This will ensure your node has a stable ID.
You can optionally include the key.pem and cert.pem files in the NixOS configuration using a tool like sops-nix. See Comparison of secret managing schemes.
To generate a new key.cert and key.pem for a deployment, you can use the -generate argument:
$ nix-shell -p syncthing --run "syncthing -generate=myconfig"
2024/04/23 11:41:17 INFO: Generating ECDSA key and certificate for syncthing...
2024/04/23 11:41:17 INFO: Device ID: DMWVMM6-MKEQVB4-I4UZTRH-5A6E24O-XHQTL3K-AAI5R5L-MXNMUGX-QTGRHQ2
2024/04/23 11:41:17 INFO: Default folder created and/or linked to new config
$ ls myconfig/
cert.pem config.xml key.pem
Disable default sync folder
Syncthing creates a 'Sync' folder in your home directory every time it regenerates a configuration, even if your declarative configuration does not have this folder. You can disable that by setting the STNODEFAULTFOLDER environment variable:
systemd.services.syncthing.environment.STNODEFAULTFOLDER = "true"; # Don't create default ~/Sync folder
Home-manager service
https://github.com/nix-community/home-manager/blob/master/modules/services/syncthing.nix