#
# All-device synchronization via Syncthing.
#
{ is-droid, ... }:
let
	# The list of devices and their IDs.
	devices = {
    "valere"      = { id = "VLZYF6C-OHG66RM-O72IMW3-S35YWAV-TYFJJVU-KAMJR7G-2XRLCVB-XOY6IAG"; };
    "design"      = { id = "XLTC5OX-3ZU6CYZ-MJ7TAY7-ZAMRIE4-SS2JWFB-FC3RJIO-B3BIQFV-J7U53QK"; };
    "trailblazer" = { id = "JASHWW7-AYYTQLN-QZ6OEOX-EZK4GPA-OYW5IZS-5KAIIVR-MMXMCHL-OERDBQ2"; };
    "aigis"       = { id = "VKRQ6Q4-CCLJR2I-ECOWXRE-TANA2QZ-BJIAPCN-FFVJSB4-GYJNS4R-Z3LLHQ5"; };
    "hinata"      = { id = "2SFRG2A-AZ3XPMN-H3RK2Z6-UXPBPIN-DJN7AMN-JBOY23D-EZGFYNR-HRBI2AY"; };
    "miko"        = { id = "BTJ3C7W-DBPNTTV-NBKNLNM-SYSGFRZ-VG7ODVU-66RQTO7-XXHYXEY-HX323A6"; };
  };
in
{
	services.syncthing = {
		enable = !is-droid;
		openDefaultPorts = true;

		# Run as our user, and adopt our permissions.
		user = "deprekated";

		# Primary configuration.
		settings = {

			# Set up the webUI, accessible only via localhost.
  		gui = {
				enabled = true;
				address = "tcp://127.0.0.1:8384";
  		};

  		# Set up the devices that we allow to connect.
  		# See the big table above.
  		inherit devices;

  		# Set op our main sync'd folder.
  		folders."synced" = {
    		path = "/home/deprekated/synced";
  			devices = builtins.attrNames devices;

  			# Treat this like a sync'd folder that we always have acess to.
    		ignorePerms = true;
  		};
		};
	};

	# Quick setup to make syncthing work from its first start.
	systemd.services.syncthing-setup = {
		requires = [ "network.target"];
		script = ''
			mkdir -p /var/lib/syncthing
			chown -R deprekated: /var/lib/syncthing
		'';
	};

	# Extra config passed through the environment.
  systemd.services.syncthing = {
    requires = [ "syncthing-setup.service"];
    after = [ "syncthing-setup.service"];

    # Use our specified folders only; don't create an implicit one.
    environment.STNODEFAULTFOLDER = "true";
  };

}