From d9875aae11b9a9de1125b4b9e2e0a61d0d22ade3 Mon Sep 17 00:00:00 2001
From: "Ben Sima (aider)" <ben@bsima.me>
Date: Fri, 21 Mar 2025 23:57:07 -0400
Subject: Add Nginx virtualHost for Syncthing GUI

This commit configures Nginx as a reverse proxy for the Syncthing web
interface, making it accessible via syncthing.bensima.com with SSL
encryption. The configuration includes proper header forwarding and
WebSocket support for the Syncthing GUI.

Additionally, this commit explicitly opens the required firewall ports
for Syncthing's operation, including the GUI port, sync port (22000),
and discovery broadcast port (21027).
---
 Omni/Cloud/Syncthing.nix | 19 +++++++++++++++++++
 Omni/Cloud/Web.nix       |  6 +++---
 2 files changed, 22 insertions(+), 3 deletions(-)

(limited to 'Omni')

diff --git a/Omni/Cloud/Syncthing.nix b/Omni/Cloud/Syncthing.nix
index e43bc7f..7c13e6c 100644
--- a/Omni/Cloud/Syncthing.nix
+++ b/Omni/Cloud/Syncthing.nix
@@ -1,5 +1,6 @@
 {config, ...}: let
   ports = import ./Ports.nix;
+  rootDomain = config.networking.domain;
 in {
   services.syncthing = {
     enable = true;
@@ -16,4 +17,22 @@ in {
       };
     };
   };
+
+  # Configure nginx as a reverse proxy for the Syncthing GUI
+  services.nginx.virtualHosts."syncthing.${rootDomain}" = {
+    forceSSL = true;
+    enableACME = true;
+    locations."/" = {
+      proxyPass = "http://localhost:${toString ports.syncthing-gui}/";
+      proxyWebsockets = true;
+      extraConfig = ''
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_read_timeout 600s;
+        proxy_send_timeout 600s;
+      '';
+    };
+  };
 }
diff --git a/Omni/Cloud/Web.nix b/Omni/Cloud/Web.nix
index d11fc80..d99f3a6 100644
--- a/Omni/Cloud/Web.nix
+++ b/Omni/Cloud/Web.nix
@@ -1,6 +1,5 @@
-{...}: let
-  # rootDomain = config.networking.domain;
-  rootDomain = "bensima.com";
+{config, ...}: let
+  rootDomain = config.networking.domain;
   ports = import ./Ports.nix;
 in {
   imports = [./Gmnisrv.nix];
@@ -188,6 +187,7 @@ in {
         "jupyter"
         "git"
         "monica"
+        "syncthing"
         # xmpp stuff
         "upload"
         "conference"
-- 
cgit v1.2.3