ctucx.git: nixfiles

services/syncthing: deploy cert and key via agenix

diff --git a/configurations/services/syncthing.nix b/configurations/services/syncthing.nix
@@ -67,13 +67,29 @@ let
   dataDir            = "/home/leah" + (if builtins.elem config.networking.hostName appendDataDirHosts then "/syncthing" else "");
 
 in {
+
+  age.secrets = {
+    syncthing-key = {
+      file  = ../../secrets + "/${config.networking.hostName}/syncthing/key.age";
+      owner = "leah";
+    };
+    syncthing-cert = {
+      file  = ../../secrets + "/${config.networking.hostName}/syncthing/cert.age";
+      owner = "leah";
+    };
+  };
+
   services = {
     syncthing = {
       enable           = true;
       openDefaultPorts = true;
+
       user             = "leah";
       group            = "users";
 
+      key              = config.age.secrets.syncthing-key.path;
+      cert             = config.age.secrets.syncthing-cert.path;
+
       dataDir          = "${dataDir}";
       configDir        = "/home/leah/.config/syncthing";