Infini-DL360/copyparty: init

2025-08-01 00:19:55 -04:00 · 2025-08-01 00:19:55 -04:00 · ce75fa7673
commit ce75fa7673
parent af2418b16c
5 changed files with 114 additions and 13 deletions
--- a/hosts/Infini-DL360/copyparty.nix
+++ b/hosts/Infini-DL360/copyparty.nix
@ -0,0 +1,78 @@
+{
+  common,
+  config,
+  private,
+  ...
+}:
+let
+  authentik_internal = config.services.nginx.virtualHosts."auth.inx.moe".locations."/".proxyPass;
+in
+{
+  services.copyparty = {
+    enable = true;
+
+    settings = {
+      e2dsa = true;
+      e2ts = true;
+      ansi = true;
+
+      # OAuth2
+      idp-h-usr = "X-authentik-username";
+      idp-h-key = private.variables.copyparty-key;
+      xff-src = "lan";
+
+      # BUG: These are not properly set in the copyparty module, as changing any settings removes them from default
+      no-reload = true;
+      hist = "/var/cache/copyparty";
+    };
+
+    volumes = {
+      "/" = {
+        path = "/srv/web/files.inx.moe";
+        access = {
+          rh = "*";
+          A = [ "infinidoge" ];
+        };
+      };
+      "/p" = {
+        path = "/srv/web/files.inx.moe/p";
+        access = {
+          h = "*";
+          A = [ "infinidoge" ];
+        };
+      };
+    };
+  };
+
+  services.nginx.virtualHosts."files.inx.moe" = common.nginx.ssl-inx // {
+    locations."/" = {
+      proxyPass = "http://localhost:3923";
+      proxyWebsockets = true;
+      extraConfig = ''
+        auth_request /outpost.goauthentik.io/auth/nginx;
+        auth_request_set $auth_cookie $upstream_http_set_cookie;
+        add_header Set-Cookie $auth_cookie;
+
+        auth_request_set $authentik_username $upstream_http_x_authentik_username;
+        proxy_set_header X-authentik-username $authentik_username;
+        proxy_set_header ${private.variables.copyparty-key} "OK";
+      '';
+    };
+    locations."/outpost.goauthentik.io" = {
+      proxyPass = "${authentik_internal}/outpost.goauthentik.io";
+      extraConfig = ''
+        proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
+        add_header Set-Cookie $auth_cookie;
+        auth_request_set $auth_cookie $upstream_http_set_cookie;
+        proxy_pass_request_body off;
+        proxy_set_header Content-Length "";
+      '';
+    };
+    locations."/oauth/authorize" = {
+      extraConfig = ''
+        add_header Set-Cookie $auth_cookie;
+        return 302 /outpost.goauthentik.io/start?rd=/;
+      '';
+    };
+  };
+}
--- a/hosts/Infini-DL360/default.nix
+++ b/hosts/Infini-DL360/default.nix
@ -14,6 +14,7 @@
    private.nixosModules.wireguard
    ./authentik.nix
    ./continuwuity.nix
+    ./copyparty.nix
    ./drasl.nix
    ./factorio.nix
    ./forgejo.nix
--- a/hosts/Infini-DL360/web.nix
+++ b/hosts/Infini-DL360/web.nix
@ -91,15 +91,6 @@ in
      };
      locations."/buy".return = "301 https://www.ikea.com/us/en/p/blahaj-soft-toy-shark-90373590/";
    };
-    "files.inx.moe" = ssl-inx // {
-      locations."/" = {
-        root = "/srv/web/files.inx.moe";
-        extraConfig = "autoindex on;";
-      };
-      locations."/p/" = {
-        root = "/srv/web/files.inx.moe";
-      };
-    };
    "archive.inx.moe" = ssl-inx // {
      locations."/" = {
        root = "/srv/web/archive.inx.moe";