syncthing: use service files from upstream

Currently only for the user services as NixOS handles the named system instances slightly differently. syncthing and syncthing-inotify are done the same way. There are 4 parts to this: 1) Copy in the upstream unit files 2) Make the nixos module use the definition from upstream 3) Enable restarting of all instances (system and user) on resume 4) Allow the traffic in the firewall on default ports if wanted fixes #18973
8 years ago · 1026bebee6
parent dac481d999
commit 1026bebee6
3 changed files with 85 additions and 70 deletions
--- a/nixos/modules/services/networking/syncthing.nix
+++ b/nixos/modules/services/networking/syncthing.nix
@ -3,46 +3,11 @@
 with lib;

 let
-
  cfg = config.services.syncthing;
  defaultUser = "syncthing";
-
-  header = {
-    description = "Syncthing service";
-    after = [ "network.target" ];
-    environment = {
-      STNORESTART = "yes";
-      STNOUPGRADE = "yes";
-      inherit (cfg) all_proxy;
-    } // config.networking.proxy.envVars;
-  };
-
-  service = {
-    Restart = "on-failure";
-    SuccessExitStatus = "2 3 4";
-    RestartForceExitStatus="3 4";
-  };
-
-  iNotifyHeader = {
-    description = "Syncthing Inotify File Watcher service";
-    after = [ "network.target" "syncthing.service" ];
-    requires = [ "syncthing.service" ];
-  };
-
-  iNotifyService = {
-    SuccessExitStatus = "2";
-    RestartForceExitStatus = "3";
-    Restart = "on-failure";
-  };
-
-in
-
-{
-
+in {
  ###### interface
-
  options = {
-
    services.syncthing = {

      enable = mkEnableOption ''
@ -100,6 +65,19 @@ in
        '';
      };

+      openDefaultPorts = mkOption {
+        type = types.bool;
+        default = false;
+        example = literalExample "true";
+        description = ''
+          Open the default ports in the firewall:
+            - TCP 22000 for transfers
+            - UDP 21027 for discovery
+          If multiple users are running syncthing on this machine, you will need to manually open a set of ports for each instance and leave this disabled.
+          Alternatively, if are running only a single instance on this machine using the default ports, enable this.
+        '';
+      };
+
      package = mkOption {
        type = types.package;
        default = pkgs.syncthing;
@ -117,6 +95,14 @@ in

  config = mkIf cfg.enable {

+    networking.firewall = mkIf cfg.openDefaultPorts {
+      allowedTCPPorts = [ 22000 ];
+      allowedUDPPorts = [ 21027 ];
+    };
+
+    systemd.packages = [ pkgs.syncthing ]
+                       ++ lib.optional cfg.useInotify pkgs.syncthing-inotify;
+
    users = mkIf (cfg.user == defaultUser) {
      extraUsers."${defaultUser}" =
        { group = cfg.group;
@ -131,39 +117,44 @@ in
    };

    systemd.services = {
-      syncthing = mkIf cfg.systemService (header // {
-          wants = mkIf cfg.useInotify [ "syncthing-inotify.service" ];
-          wantedBy = [ "multi-user.target" ];
-          serviceConfig = service // {
-            User = cfg.user;
-            Group = cfg.group;
-            PermissionsStartOnly = true;
-            ExecStart = "${cfg.package}/bin/syncthing -no-browser -home=${cfg.dataDir}";
-          };
-      });
-
-      syncthing-inotify = mkIf (cfg.systemService && cfg.useInotify) (iNotifyHeader // {
+      syncthing = mkIf cfg.systemService {
+        description = "Syncthing service";
+        after = [ "network.target" ];
+        environment = {
+          STNORESTART = "yes";
+          STNOUPGRADE = "yes";
+          inherit (cfg) all_proxy;
+        } // config.networking.proxy.envVars;
+        wants = mkIf cfg.useInotify [ "syncthing-inotify.service" ];
        wantedBy = [ "multi-user.target" ];
-        serviceConfig = iNotifyService // {
+        serviceConfig = {
+          Restart = "on-failure";
+          SuccessExitStatus = "2 3 4";
+          RestartForceExitStatus="3 4";
          User = cfg.user;
-          ExecStart = "${pkgs.syncthing-inotify.bin}/bin/syncthing-inotify -home=${cfg.dataDir} -logflags=0";
+          Group = cfg.group;
+          PermissionsStartOnly = true;
+          ExecStart = "${cfg.package}/bin/syncthing -no-browser -home=${cfg.dataDir}";
        };
-      });
-    };
+      };

-    systemd.user.services = {
-      syncthing = header // {
-        serviceConfig = service // {
-          ExecStart = "${cfg.package}/bin/syncthing -no-browser";
-        };
+      syncthing-resume = {
+        wantedBy = [ "suspend.target" ];
      };

-      syncthing-inotify = mkIf cfg.useInotify (iNotifyHeader // {
-        serviceConfig = iNotifyService // {
-          ExecStart = "${pkgs.syncthing-inotify.bin}/bin/syncthing-inotify -logflags=0";
+      syncthing-inotify = mkIf (cfg.systemService && cfg.useInotify) {
+        description = "Syncthing Inotify File Watcher service";
+        after = [ "network.target" "syncthing.service" ];
+        requires = [ "syncthing.service" ];
+        wantedBy = [ "multi-user.target" ];
+        serviceConfig = {
+          SuccessExitStatus = "2";
+          RestartForceExitStatus = "3";
+          Restart = "on-failure";
+          User = cfg.user;
+          ExecStart = "${pkgs.syncthing-inotify.bin}/bin/syncthing-inotify -home=${cfg.dataDir} -logflags=0";
        };
-      });
+      };
    };
-
  };
 }
--- a/pkgs/applications/networking/syncthing/default.nix
+++ b/pkgs/applications/networking/syncthing/default.nix
@ -1,4 +1,4 @@
-{ stdenv, fetchFromGitHub, go }:
+{ stdenv, lib, fetchFromGitHub, go, pkgs }:

 stdenv.mkDerivation rec {
  version = "0.14.8";
@ -25,11 +25,24 @@ stdenv.mkDerivation rec {
  '';

  installPhase = ''
-    mkdir -p $out/bin
+    mkdir -p $out/bin $out/etc/systemd/{system,user}
+
    cp bin/* $out/bin
+  '' + lib.optionalString (stdenv.isLinux) ''
+    substitute etc/linux-systemd/system/syncthing-resume.service \
+               $out/etc/systemd/system/syncthing-resume.service \
+               --replace /usr/bin/pkill ${pkgs.procps}/bin/pkill
+
+    substitute etc/linux-systemd/system/syncthing@.service \
+               $out/etc/systemd/system/syncthing@.service \
+               --replace /usr/bin/syncthing $out/bin/syncthing
+
+    substitute etc/linux-systemd/user/syncthing.service \
+               $out/etc/systemd/user/syncthing.service \
+               --replace /usr/bin/syncthing $out/bin/syncthing
  '';

-  meta = {
+  meta = with stdenv.lib; {
    homepage = https://www.syncthing.net/;
    description = "Open Source Continuous File Synchronization";
    license = stdenv.lib.licenses.mpl20;
--- a/pkgs/applications/networking/syncthing/inotify.nix
+++ b/pkgs/applications/networking/syncthing/inotify.nix
@ -15,12 +15,23 @@ buildGoPackage rec {

  goDeps = ./inotify-deps.nix;

-  meta = {
+  postInstall = ''
+    mkdir -p $bin/etc/systemd/{system,user}
+
+    substitute $src/etc/linux-systemd/system/syncthing-inotify@.service \
+               $bin/etc/systemd/system/syncthing-inotify@.service \
+               --replace /usr/bin/syncthing-inotify $bin/bin/syncthing-inotify
+
+    substitute $src/etc/linux-systemd/user/syncthing-inotify.service \
+               $bin/etc/systemd/user/syncthing-inotify.service \
+               --replace /usr/bin/syncthing-inotify $bin/bin/syncthing-inotify
+  '';
+
+  meta = with stdenv.lib; {
    homepage = https://github.com/syncthing/syncthing-inotify;
    description = "File watcher intended for use with Syncthing";
-    license = stdenv.lib.licenses.mpl20;
-    maintainers = with stdenv.lib.maintainers; [ joko ];
-    platforms = with stdenv.lib.platforms; linux ++ freebsd ++ openbsd ++ netbsd;
+    license = licenses.mpl20;
+    maintainers = with maintainers; [ joko peterhoeg ];
+    platforms = platforms.unix;
  };
-
 }