4 files changed, 27 insertions, 3 deletions
diff --git a/hosts/tahoe/secrets/secrets.nix b/hosts/tahoe/secrets/secrets.nix
index 60b8550..01ff035 100644
--- a/hosts/tahoe/secrets/secrets.nix
+++ b/hosts/tahoe/secrets/secrets.nix
@@ -18,6 +18,16 @@ in {
     owner = "drone";
   };
 
+  "syncthing/key.age" = {
+    publicKeys = all;
+    owner = "fcuny";
+  };
+
+  "syncthing/cert.age" = {
+    publicKeys = all;
+    owner = "fcuny";
+  };
+
   "unifi/unifi-poller.age".publicKeys = all;
 
   "restic/repo-systems.age".publicKeys = all;
diff --git a/hosts/tahoe/secrets/syncthing/cert.age b/hosts/tahoe/secrets/syncthing/cert.age
new file mode 100644
index 0000000..aceb120
--- /dev/null
+++ b/hosts/tahoe/secrets/syncthing/cert.age
diff --git a/hosts/tahoe/secrets/syncthing/key.age b/hosts/tahoe/secrets/syncthing/key.age
new file mode 100644
index 0000000..8c22933
--- /dev/null
+++ b/hosts/tahoe/secrets/syncthing/key.age
@@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> ssh-ed25519 dtgBNg ChSBoRw7XwKHqNfO43UkA1mL3gYzVrt9u2CYpxw6oSI
+witLAp/ilF/wcWnGx0QReqe7mBdR3lZspzOjpEpMi1I
+-> ssh-ed25519 wtownA NdY9VIDwwMlAfw39yIMsAGUMIRghUOBWlZ4ham9DRSc
+HucEPuec5Y3MGvp3kIZa/NFWxSGPhL01qE1P4L24P8g
+-> 2/x-grease Op@o& x
+u7C9+kZlujVO76tqT07yS+pYtUa7lyTu4ksZeXhTlgAGP59Zl5tq7DkT
+--- ddK2/N4jHQ2jB1nvuQWfElP+LR+pgQW0Ozzc3n7FhSs
+<Y¸¾v(º3yŠ¶ª„Ü²ÚÄ‘k«ž*ÅrÂ '-Ž±¨+¿³wn¸“÷vù0|*ñ@ý¹‹-êçÝðªöRÔ™*rg[$f•]X±ˆ6+MþÛ6nêösÈuD`½ÉÄýúþñÒÌ=Vðë{Ã€wŠ2EË?"yWWX£P2sÈpæð²Óa£ng?<s‰¹u=ðôrEÝhª›Çùb¨Þ^ý`©©´¸1ÆïŒãVX;“güãvËœ×£Ÿ¤p½#Uè4“@;ÉkîT¥ÓÃ´ì§+bt‡vò‹š5IÏÑë" ‹ä N1mhëÆÖ!8°•T`ÿ`v[$
+:ç—™Ž“†Êu¥¢j0›™cðªSÖ(GVqtem÷Ãí+T…´ßè>ÚvíâRI
+\ No newline at end of file
diff --git a/modules/services/syncthing/default.nix b/modules/services/syncthing/default.nix
index bbd4fb9..ea8c4d6 100644
--- a/modules/services/syncthing/default.nix
+++ b/modules/services/syncthing/default.nix
@@ -1,5 +1,7 @@
 { config, pkgs, lib, ... }:
-let cfg = config.my.services.syncthing;
+let
+  cfg = config.my.services.syncthing;
+  secrets = config.age.secrets;
 in {
   options.my.services.syncthing = with lib; {
     enable = mkEnableOption "syncthing service";
@@ -9,9 +11,11 @@ in {
     services.syncthing = {
       enable = true;
       openDefaultPorts = true;
-      user = users.users.fcuny;
+      user = "fcuny";
       group = "users";
-      dataDir = "${users.users.fcuny.home}/.syncthing";
+      dataDir = "/home/fcuny/.local/state/syncthing";
+      cert = secrets."syncthing/cert".path;
+      key = secrets."syncthing/key".path;
     };
   };
 }