From ce75fa7673121c895aed4d12d098b54c08cc5689 Mon Sep 17 00:00:00 2001 From: Infinidoge Date: Fri, 1 Aug 2025 00:19:55 -0400 Subject: [PATCH] Infini-DL360/copyparty: init --- flake.lock | 32 +++++++++++-- flake.nix | 7 +++ hosts/Infini-DL360/copyparty.nix | 78 ++++++++++++++++++++++++++++++++ hosts/Infini-DL360/default.nix | 1 + hosts/Infini-DL360/web.nix | 9 ---- 5 files changed, 114 insertions(+), 13 deletions(-) create mode 100644 hosts/Infini-DL360/copyparty.nix diff --git a/flake.lock b/flake.lock index 19affef..6f6d124 100644 --- a/flake.lock +++ b/flake.lock @@ -206,6 +206,29 @@ "type": "github" } }, + "copyparty": { + "inputs": { + "flake-utils": [ + "flake-utils" + ], + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1753651064, + "narHash": "sha256-k405QhnJ0kpX2/EvBDX5SdWTbkhhQKHaRGwsLwiPPCk=", + "owner": "9001", + "repo": "copyparty", + "rev": "d197e754b9691f9c4277278396b230c98c3bd228", + "type": "github" + }, + "original": { + "owner": "9001", + "repo": "copyparty", + "type": "github" + } + }, "crane": { "locked": { "lastModified": 1739936662, @@ -854,11 +877,11 @@ }, "private": { "locked": { - "lastModified": 1753118082, - "narHash": "sha256-8hyOTjc1FttR/pu8A+TLpOU51g/Ne2+uc9w64JR+zzE=", + "lastModified": 1754018037, + "narHash": "sha256-zG6wWTKBorCaFvD8X0jQV8R6JLuJ/NBEDTo2GAE7v1g=", "ref": "refs/heads/master", - "rev": "41b9df31ff0db950c3fdda8600c40275e0edc441", - "revCount": 59, + "rev": "31e2ac721e711ba2e8fe7af135beeaf3aac4ce23", + "revCount": 60, "type": "git", "url": "ssh://git@github.com/Infinidoge/universe-private" }, @@ -961,6 +984,7 @@ "authentik-nix": "authentik-nix", "blank": "blank", "conduwuit": "conduwuit", + "copyparty": "copyparty", "devshell": "devshell", "disko": "disko", "drasl": "drasl", diff --git a/flake.nix b/flake.nix index a90b09d..66fb14d 100644 --- a/flake.nix +++ b/flake.nix @@ -72,6 +72,9 @@ ## Authentik authentik-nix.url = "github:nix-community/authentik-nix"; + # Misc + copyparty.url = "github:9001/copyparty"; + ### Cleanup ### ## Common blank.url = "github:divnix/blank"; @@ -100,6 +103,8 @@ conduwuit.inputs.flake-compat.follows = "blank"; conduwuit.inputs.flake-utils.follows = "flake-utils"; conduwuit.inputs.nixpkgs.follows = "nixpkgs"; + copyparty.inputs.flake-utils.follows = "flake-utils"; + copyparty.inputs.nixpkgs.follows = "nixpkgs"; devshell.inputs.nixpkgs.follows = "nixpkgs"; disko.inputs.nixpkgs.follows = "nixpkgs"; drasl.inputs.nixpkgs.follows = "nixpkgs"; @@ -212,6 +217,7 @@ # --- Domain-Specific Overlays inputs.agenix.overlays.default + inputs.copyparty.overlays.default inputs.nil.overlays.default inputs.nix-minecraft.overlay inputs.qtile.overlays.default @@ -260,6 +266,7 @@ inputs.hydra.nixosModules.overlayNixpkgsForThisHydra inputs.nix-minecraft.nixosModules.minecraft-servers inputs.drasl.nixosModules.drasl + inputs.copyparty.nixosModules.default ] ++ (self.lib.leaves ./modules); }) (self.lib.flattenLeaves ./hosts); diff --git a/hosts/Infini-DL360/copyparty.nix b/hosts/Infini-DL360/copyparty.nix new file mode 100644 index 0000000..7172f05 --- /dev/null +++ b/hosts/Infini-DL360/copyparty.nix @@ -0,0 +1,78 @@ +{ + common, + config, + private, + ... +}: +let + authentik_internal = config.services.nginx.virtualHosts."auth.inx.moe".locations."/".proxyPass; +in +{ + services.copyparty = { + enable = true; + + settings = { + e2dsa = true; + e2ts = true; + ansi = true; + + # OAuth2 + idp-h-usr = "X-authentik-username"; + idp-h-key = private.variables.copyparty-key; + xff-src = "lan"; + + # BUG: These are not properly set in the copyparty module, as changing any settings removes them from default + no-reload = true; + hist = "/var/cache/copyparty"; + }; + + volumes = { + "/" = { + path = "/srv/web/files.inx.moe"; + access = { + rh = "*"; + A = [ "infinidoge" ]; + }; + }; + "/p" = { + path = "/srv/web/files.inx.moe/p"; + access = { + h = "*"; + A = [ "infinidoge" ]; + }; + }; + }; + }; + + services.nginx.virtualHosts."files.inx.moe" = common.nginx.ssl-inx // { + locations."/" = { + proxyPass = "http://localhost:3923"; + proxyWebsockets = true; + extraConfig = '' + auth_request /outpost.goauthentik.io/auth/nginx; + auth_request_set $auth_cookie $upstream_http_set_cookie; + add_header Set-Cookie $auth_cookie; + + auth_request_set $authentik_username $upstream_http_x_authentik_username; + proxy_set_header X-authentik-username $authentik_username; + proxy_set_header ${private.variables.copyparty-key} "OK"; + ''; + }; + locations."/outpost.goauthentik.io" = { + proxyPass = "${authentik_internal}/outpost.goauthentik.io"; + extraConfig = '' + proxy_set_header X-Original-URL $scheme://$http_host$request_uri; + add_header Set-Cookie $auth_cookie; + auth_request_set $auth_cookie $upstream_http_set_cookie; + proxy_pass_request_body off; + proxy_set_header Content-Length ""; + ''; + }; + locations."/oauth/authorize" = { + extraConfig = '' + add_header Set-Cookie $auth_cookie; + return 302 /outpost.goauthentik.io/start?rd=/; + ''; + }; + }; +} diff --git a/hosts/Infini-DL360/default.nix b/hosts/Infini-DL360/default.nix index 703b421..4633e5d 100644 --- a/hosts/Infini-DL360/default.nix +++ b/hosts/Infini-DL360/default.nix @@ -14,6 +14,7 @@ private.nixosModules.wireguard ./authentik.nix ./continuwuity.nix + ./copyparty.nix ./drasl.nix ./factorio.nix ./forgejo.nix diff --git a/hosts/Infini-DL360/web.nix b/hosts/Infini-DL360/web.nix index cafc37a..1abdf99 100644 --- a/hosts/Infini-DL360/web.nix +++ b/hosts/Infini-DL360/web.nix @@ -91,15 +91,6 @@ in }; locations."/buy".return = "301 https://www.ikea.com/us/en/p/blahaj-soft-toy-shark-90373590/"; }; - "files.inx.moe" = ssl-inx // { - locations."/" = { - root = "/srv/web/files.inx.moe"; - extraConfig = "autoindex on;"; - }; - locations."/p/" = { - root = "/srv/web/files.inx.moe"; - }; - }; "archive.inx.moe" = ssl-inx // { locations."/" = { root = "/srv/web/archive.inx.moe";