Skip to Content
DocumentationNetworking & Sync

Networking & Sync

AirDrop-like capabilities, device mesh, and encrypted sync.

Overview

Floppy.WTF devices form a local mesh with AirDrop-like file transfer, continuous folder sync, encrypted tunnels, and automatic device discovery. All capabilities are declaratively configured in NixOS modules.

Capability Stack

┌─────────────────────────────────────────────┐
│  User Experience                             │
│  floppy send / floppy devices               │
└─────────────────────────────────────────────┘

┌─────────────────────────────────────────────┐
│  File Transfer    │  Folder Sync             │
│  LocalSend        │  Syncthing               │
│  (on-demand)      │  (continuous)            │
└─────────────────────────────────────────────┘

┌─────────────────────────────────────────────┐
│  Encrypted Transport                         │
│  WireGuard (device-to-device tunnels)        │
└─────────────────────────────────────────────┘

┌─────────────────────────────────────────────┐
│  Discovery                                   │
│  Avahi / mDNS (automatic LAN detection)      │
└─────────────────────────────────────────────┘

LocalSend — AirDrop-Like Transfer

  • LAN-based encrypted file transfer
  • Cross-platform (Linux, macOS, Windows, iOS, Android)
  • No account required, TLS encrypted
  • Automatic device discovery via mDNS
{
  environment.systemPackages = with pkgs; [ localsend ];
 
  services.avahi = {
    enable = true;
    nssmdns4 = true;
    publish = { enable = true; addresses = true; };
  };
 
  networking.firewall.allowedTCPPorts = [ 53317 ];
  networking.firewall.allowedUDPPorts = [ 53317 ];
}

CLI Shortcut

floppy send ./file.pdf
# → Discovers nearby devices
# → User selects target
# → Transfers via LocalSend protocol

Syncthing — Continuous Sync

  • Continuous folder synchronization between devices
  • Decentralized (no central server)
  • Block-level hashing for integrity
  • Conflict resolution and versioning
{
  services.syncthing = {
    enable = true;
    user = "jeremy";
    dataDir = "/home/jeremy";
    configDir = "/home/jeremy/.config/syncthing";
    overrideDevices = false;
    overrideFolders = false;
    settings.gui.theme = "dark";
  };
 
  networking.firewall.allowedTCPPorts = [ 8384 22000 ];
  networking.firewall.allowedUDPPorts = [ 22000 21027 ];
}

Default Sync Folders

FolderPathPurpose
Documents~/DocumentsGeneral files
Projects~/ProjectsCode and work
Shared~/SharedCross-device drop zone

WireGuard — Encrypted Mesh

  • Modern VPN tunnels between devices
  • Minimal overhead, kernel-level performance
  • Simple key management
{
  networking.wg-quick.interfaces.wg0 = {
    address = [ "10.100.0.X/24" ];
    listenPort = 51820;
    privateKeyFile = "/etc/wireguard/private.key";
    peers = [{
      publicKey = "...";
      allowedIPs = [ "10.100.0.0/24" ];
    }];
  };
 
  networking.firewall.allowedUDPPorts = [ 51820 ];
}

IP Allocation

DeviceWireGuard IP
dell-dev-0110.100.0.1
dell-dev-0210.100.0.2
dell-lab-0110.100.0.10

Managed via device registry metadata.

Avahi / mDNS — Device Discovery

Automatic LAN device detection with .local hostname resolution.

{
  services.avahi = {
    enable = true;
    nssmdns4 = true;
    publish = {
      enable = true;
      addresses = true;
      domain = true;
      userServices = true;
      workstation = true;
    };
  };
}

Devices discoverable as {hostname}.local:

ping dell-dev-01.local
ssh jeremy@dell-lab-01.local

Role-Based Networking

Featuredevnodeminimallabkiosk
LocalSendYesNoNoYesNo
SyncthingYesNoNoYesNo
WireGuardYesYesNoYesNo
Avahi/mDNSYesYesYesYesYes
SSHYesYesYesYesAdmin only

Security

ConcernMitigation
WireGuard keysGenerated on device, private key never leaves
LocalSend trafficTLS encrypted by default
Syncthing trafficTLS + device ID verification
mDNS exposureLAN only, no WAN advertisement
FirewallOnly required ports opened per role
Last updated on
ThemingRoadmap