From 7e283d9266f5b7cc95d0e8c6248ac18935ad38cf Mon Sep 17 00:00:00 2001 From: Harald Hoyer Date: Tue, 4 Feb 2025 10:27:02 +0100 Subject: [PATCH] feat(sgx): add Syncthing support and configuration updates Added Syncthing support with proxy and SSL in nginx and updated ACME certs configuration. Adjusted Syncthing GUI to bind to localhost for improved security. --- systems/x86_64-linux/sgx/acme.nix | 1 + systems/x86_64-linux/sgx/fileserver.nix | 2 +- systems/x86_64-linux/sgx/nginx.nix | 9 +++++++++ 3 files changed, 11 insertions(+), 1 deletion(-) diff --git a/systems/x86_64-linux/sgx/acme.nix b/systems/x86_64-linux/sgx/acme.nix index 856aac6..e8e6e3e 100644 --- a/systems/x86_64-linux/sgx/acme.nix +++ b/systems/x86_64-linux/sgx/acme.nix @@ -18,6 +18,7 @@ }; certs = { "openwebui.hoyer.world" = { }; + "syncthing.hoyer.world" = { }; }; }; } diff --git a/systems/x86_64-linux/sgx/fileserver.nix b/systems/x86_64-linux/sgx/fileserver.nix index 0f37087..2c5b962 100644 --- a/systems/x86_64-linux/sgx/fileserver.nix +++ b/systems/x86_64-linux/sgx/fileserver.nix @@ -76,7 +76,7 @@ user = "harald"; dataDir = "/mnt/raid/Qmultimedia/syncthing"; # Default folder for new synced folders configDir = "/mnt/raid/Qmultimedia/syncthing/.config/syncthing"; # Folder for Syncthing's settings and keys - guiAddress = "0.0.0.0:8384"; + guiAddress = "127.0.0.1:8384"; }; }; } diff --git a/systems/x86_64-linux/sgx/nginx.nix b/systems/x86_64-linux/sgx/nginx.nix index c983dda..8299c47 100644 --- a/systems/x86_64-linux/sgx/nginx.nix +++ b/systems/x86_64-linux/sgx/nginx.nix @@ -30,6 +30,15 @@ proxyWebsockets = true; }; }; + "syncthing.hoyer.world" = { + enableACME = false; + useACMEHost = "syncthing.hoyer.world"; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:8384"; + proxyWebsockets = true; + }; + }; }; }; }