Infini-DL360/copyparty: init

flake.lock

@@ -206,6 +206,29 @@
         "type": "github"
       }
     },
+    "copyparty": {
+      "inputs": {
+        "flake-utils": [
+          "flake-utils"
+        ],
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1753651064,
+        "narHash": "sha256-k405QhnJ0kpX2/EvBDX5SdWTbkhhQKHaRGwsLwiPPCk=",
+        "owner": "9001",
+        "repo": "copyparty",
+        "rev": "d197e754b9691f9c4277278396b230c98c3bd228",
+        "type": "github"
+      },
+      "original": {
+        "owner": "9001",
+        "repo": "copyparty",
+        "type": "github"
+      }
+    },
     "crane": {
       "locked": {
         "lastModified": 1739936662,
@@ -854,11 +877,11 @@
     },
     "private": {
       "locked": {
-        "lastModified": 1753118082,
+        "lastModified": 1754018037,
-        "narHash": "sha256-8hyOTjc1FttR/pu8A+TLpOU51g/Ne2+uc9w64JR+zzE=",
+        "narHash": "sha256-zG6wWTKBorCaFvD8X0jQV8R6JLuJ/NBEDTo2GAE7v1g=",
         "ref": "refs/heads/master",
-        "rev": "41b9df31ff0db950c3fdda8600c40275e0edc441",
+        "rev": "31e2ac721e711ba2e8fe7af135beeaf3aac4ce23",
-        "revCount": 59,
+        "revCount": 60,
         "type": "git",
         "url": "ssh://git@github.com/Infinidoge/universe-private"
       },
@@ -961,6 +984,7 @@
         "authentik-nix": "authentik-nix",
         "blank": "blank",
         "conduwuit": "conduwuit",
+        "copyparty": "copyparty",
         "devshell": "devshell",
         "disko": "disko",
         "drasl": "drasl",

flake.nix

@@ -72,6 +72,9 @@
     ## Authentik
     authentik-nix.url = "github:nix-community/authentik-nix";
 
+    # Misc
+    copyparty.url = "github:9001/copyparty";
+
     ### Cleanup ###
     ## Common
     blank.url = "github:divnix/blank";
@@ -100,6 +103,8 @@
     conduwuit.inputs.flake-compat.follows = "blank";
     conduwuit.inputs.flake-utils.follows = "flake-utils";
     conduwuit.inputs.nixpkgs.follows = "nixpkgs";
+    copyparty.inputs.flake-utils.follows = "flake-utils";
+    copyparty.inputs.nixpkgs.follows = "nixpkgs";
     devshell.inputs.nixpkgs.follows = "nixpkgs";
     disko.inputs.nixpkgs.follows = "nixpkgs";
     drasl.inputs.nixpkgs.follows = "nixpkgs";
@@ -212,6 +217,7 @@
 
                     # --- Domain-Specific Overlays
                     inputs.agenix.overlays.default
+                    inputs.copyparty.overlays.default
                     inputs.nil.overlays.default
                     inputs.nix-minecraft.overlay
                     inputs.qtile.overlays.default
@@ -260,6 +266,7 @@
                 inputs.hydra.nixosModules.overlayNixpkgsForThisHydra
                 inputs.nix-minecraft.nixosModules.minecraft-servers
                 inputs.drasl.nixosModules.drasl
+                inputs.copyparty.nixosModules.default
               ] ++ (self.lib.leaves ./modules);
             }) (self.lib.flattenLeaves ./hosts);
 

hosts/Infini-DL360/copyparty.nix

@@ -0,0 +1,78 @@
+{
+  common,
+  config,
+  private,
+  ...
+}:
+let
+  authentik_internal = config.services.nginx.virtualHosts."auth.inx.moe".locations."/".proxyPass;
+in
+{
+  services.copyparty = {
+    enable = true;
+
+    settings = {
+      e2dsa = true;
+      e2ts = true;
+      ansi = true;
+
+      # OAuth2
+      idp-h-usr = "X-authentik-username";
+      idp-h-key = private.variables.copyparty-key;
+      xff-src = "lan";
+
+      # BUG: These are not properly set in the copyparty module, as changing any settings removes them from default
+      no-reload = true;
+      hist = "/var/cache/copyparty";
+    };
+
+    volumes = {
+      "/" = {
+        path = "/srv/web/files.inx.moe";
+        access = {
+          rh = "*";
+          A = [ "infinidoge" ];
+        };
+      };
+      "/p" = {
+        path = "/srv/web/files.inx.moe/p";
+        access = {
+          h = "*";
+          A = [ "infinidoge" ];
+        };
+      };
+    };
+  };
+
+  services.nginx.virtualHosts."files.inx.moe" = common.nginx.ssl-inx // {
+    locations."/" = {
+      proxyPass = "http://localhost:3923";
+      proxyWebsockets = true;
+      extraConfig = ''
+        auth_request /outpost.goauthentik.io/auth/nginx;
+        auth_request_set $auth_cookie $upstream_http_set_cookie;
+        add_header Set-Cookie $auth_cookie;
+
+        auth_request_set $authentik_username $upstream_http_x_authentik_username;
+        proxy_set_header X-authentik-username $authentik_username;
+        proxy_set_header ${private.variables.copyparty-key} "OK";
+      '';
+    };
+    locations."/outpost.goauthentik.io" = {
+      proxyPass = "${authentik_internal}/outpost.goauthentik.io";
+      extraConfig = ''
+        proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
+        add_header Set-Cookie $auth_cookie;
+        auth_request_set $auth_cookie $upstream_http_set_cookie;
+        proxy_pass_request_body off;
+        proxy_set_header Content-Length "";
+      '';
+    };
+    locations."/oauth/authorize" = {
+      extraConfig = ''
+        add_header Set-Cookie $auth_cookie;
+        return 302 /outpost.goauthentik.io/start?rd=/;
+      '';
+    };
+  };
+}

hosts/Infini-DL360/default.nix

@@ -14,6 +14,7 @@
     private.nixosModules.wireguard
     ./authentik.nix
     ./continuwuity.nix
+    ./copyparty.nix
     ./drasl.nix
     ./factorio.nix
     ./forgejo.nix

hosts/Infini-DL360/web.nix

@@ -91,15 +91,6 @@ in
       };
       locations."/buy".return = "301 https://www.ikea.com/us/en/p/blahaj-soft-toy-shark-90373590/";
     };
-    "files.inx.moe" = ssl-inx // {
-      locations."/" = {
-        root = "/srv/web/files.inx.moe";
-        extraConfig = "autoindex on;";
-      };
-      locations."/p/" = {
-        root = "/srv/web/files.inx.moe";
-      };
-    };
     "archive.inx.moe" = ssl-inx // {
       locations."/" = {
         root = "/srv/web/archive.inx.moe";