From a62d16826ec5d79218509cb9914ed71b8ea1ecb3 Mon Sep 17 00:00:00 2001 From: Infinidoge Date: Thu, 10 Jul 2025 13:33:01 -0400 Subject: [PATCH 01/10] Infini-DL360/wireguard: init --- hosts/Infini-DL360/default.nix | 2 ++ hosts/Infini-DL360/wireguard.nix | 27 +++++++++++++++++++++++++++ 2 files changed, 29 insertions(+) create mode 100644 hosts/Infini-DL360/wireguard.nix diff --git a/hosts/Infini-DL360/default.nix b/hosts/Infini-DL360/default.nix index e58a917..f208b7b 100644 --- a/hosts/Infini-DL360/default.nix +++ b/hosts/Infini-DL360/default.nix @@ -11,6 +11,7 @@ ./secrets private.nixosModules.minecraft-servers + private.nixosModules.wireguard ./authentik.nix ./conduwuit.nix ./drasl.nix @@ -35,6 +36,7 @@ ./torrenting.nix ./vaultwarden.nix ./web.nix + ./wireguard.nix ]; system.stateVersion = "23.11"; diff --git a/hosts/Infini-DL360/wireguard.nix b/hosts/Infini-DL360/wireguard.nix new file mode 100644 index 0000000..d8a952c --- /dev/null +++ b/hosts/Infini-DL360/wireguard.nix @@ -0,0 +1,27 @@ +{ pkgs, ... }: +let + subnet = "192.168.200.0/24"; +in + +{ + networking.wireguard.enable = true; + + networking.nat.internalInterfaces = [ "wg0" ]; + networking.firewall.allowedUDPPorts = [ 51820 ]; + + networking.wireguard.interfaces = { + wg0 = { + ips = [ "192.168.200.1/24" ]; + listenPort = 51820; + + privateKeyFile = "/etc/secrets/wireguard/private"; + + postSetup = '' + ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s ${subnet} -o br0 -j MASQUERADE + ''; + postShutdown = '' + ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s ${subnet} -o br0 -j MASQUERADE + ''; + }; + }; +} From 7c79b16e22601f72147b0707defce1a9315d8879 Mon Sep 17 00:00:00 2001 From: Infinidoge Date: Thu, 10 Jul 2025 13:58:17 -0400 Subject: [PATCH 02/10] bump: private --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 478b214..200f098 100644 --- a/flake.lock +++ b/flake.lock @@ -854,11 +854,11 @@ }, "private": { "locked": { - "lastModified": 1752168841, - "narHash": "sha256-pgK70x5RQ7hD0s8j21TwdM7aNesdgqt0zbm6U1Ua098=", + "lastModified": 1752171755, + "narHash": "sha256-FA9NQwRvUL12XoIbCWe6paNmthZ7DDTDlyukMBzYOrc=", "ref": "refs/heads/master", - "rev": "b8d3a313856a3eb41fdd4061f3d36f95168d123c", - "revCount": 52, + "rev": "f14a0b508ee40e2098001ac84fe275801e4f84d1", + "revCount": 55, "type": "git", "url": "ssh://git@github.com/Infinidoge/universe-private" }, From de54096f147a0a8974c340adcf56f66098aee0a0 Mon Sep 17 00:00:00 2001 From: Infinidoge Date: Thu, 10 Jul 2025 14:32:32 -0400 Subject: [PATCH 03/10] bin/addtovpn: init --- bin/addtovpn.sh | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) create mode 100755 bin/addtovpn.sh diff --git a/bin/addtovpn.sh b/bin/addtovpn.sh new file mode 100755 index 0000000..ffc32d4 --- /dev/null +++ b/bin/addtovpn.sh @@ -0,0 +1,31 @@ +#!/usr/bin/env bash + +name=$1 +number=$2 +address="192.168.200.$number/32" + +private=$(wg genkey) +public=$(echo "$private" | wg pubkey) +psk=$(wg genpsk) + +cat << EOF > /tmp/$name.conf +[Interface] +Address = $address +PrivateKey = $private +DNS = 1.1.1.1 + +[Peer] +PublicKey = $(cat /etc/secrets/wireguard/public) +PresharedKey = $psk +Endpoint = vpn.inx.moe:51820 +AllowedIPs = 0.0.0.0/0 +EOF + +cat << EOF >> /tmp/wireguard-config.nix +{ + name = "$name"; + publicKey = "$public"; + presharedKey = "$psk"; + allowedIPs = ip $number; +} +EOF From f6087e49c3485e21ea64d30e2c62fc7c73f20174 Mon Sep 17 00:00:00 2001 From: Infinidoge Date: Tue, 15 Jul 2025 16:15:18 -0400 Subject: [PATCH 04/10] bump: private --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 200f098..5ab2942 100644 --- a/flake.lock +++ b/flake.lock @@ -854,11 +854,11 @@ }, "private": { "locked": { - "lastModified": 1752171755, - "narHash": "sha256-FA9NQwRvUL12XoIbCWe6paNmthZ7DDTDlyukMBzYOrc=", + "lastModified": 1752609660, + "narHash": "sha256-NKTYLfyLHPoegSQM8C/q48MePKWVGd+iSW9upyHP2hM=", "ref": "refs/heads/master", - "rev": "f14a0b508ee40e2098001ac84fe275801e4f84d1", - "revCount": 55, + "rev": "7f78b3e2b28934ca39ac2584c14a23ffe168e0b6", + "revCount": 57, "type": "git", "url": "ssh://git@github.com/Infinidoge/universe-private" }, From 2bd4a29b1acde4e8cbaaa83d2f92ea5aa99fc97e Mon Sep 17 00:00:00 2001 From: Infinidoge Date: Thu, 17 Jul 2025 15:09:04 -0400 Subject: [PATCH 05/10] Infini-DL360/thelounge: enable prefetch and file upload --- hosts/Infini-DL360/thelounge.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hosts/Infini-DL360/thelounge.nix b/hosts/Infini-DL360/thelounge.nix index 95ad0ee..acb0e37 100644 --- a/hosts/Infini-DL360/thelounge.nix +++ b/hosts/Infini-DL360/thelounge.nix @@ -23,6 +23,8 @@ port = 9786; extraConfig = { reverseProxy = true; + prefetch = true; + fileUpload.enable = true; }; }; } From 4c3631c46e28b25b008eaa7c64f658add206aab6 Mon Sep 17 00:00:00 2001 From: Infinidoge Date: Fri, 18 Jul 2025 14:40:31 -0400 Subject: [PATCH 06/10] bump: nix-minecraft --- flake.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/flake.lock b/flake.lock index 5ab2942..a6f3e47 100644 --- a/flake.lock +++ b/flake.lock @@ -710,11 +710,11 @@ ] }, "locked": { - "lastModified": 1750906391, - "narHash": "sha256-zLR0SM1oUewUpZL+WCF7IgtfxcXw7bRl+P285mkX9Ug=", + "lastModified": 1752863484, + "narHash": "sha256-0xUULcxlaxbqknWbGmMrTkvXizQqj2K+gJXEyRMh/dk=", "owner": "Infinidoge", "repo": "nix-minecraft", - "rev": "e8575513ca4495e12073824ebd8bfc88c68ee011", + "rev": "35ee5b4387265a0682eb0cd556c0345439c0145a", "type": "github" }, "original": { From 47a274f72d83aceadc55da95078877606d4ff20e Mon Sep 17 00:00:00 2001 From: Infinidoge Date: Thu, 24 Jul 2025 02:25:53 -0400 Subject: [PATCH 07/10] bump: private --- flake.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index a6f3e47..19affef 100644 --- a/flake.lock +++ b/flake.lock @@ -854,11 +854,11 @@ }, "private": { "locked": { - "lastModified": 1752609660, - "narHash": "sha256-NKTYLfyLHPoegSQM8C/q48MePKWVGd+iSW9upyHP2hM=", + "lastModified": 1753118082, + "narHash": "sha256-8hyOTjc1FttR/pu8A+TLpOU51g/Ne2+uc9w64JR+zzE=", "ref": "refs/heads/master", - "rev": "7f78b3e2b28934ca39ac2584c14a23ffe168e0b6", - "revCount": 57, + "rev": "41b9df31ff0db950c3fdda8600c40275e0edc441", + "revCount": 59, "type": "git", "url": "ssh://git@github.com/Infinidoge/universe-private" }, From af2418b16c6a2cdfd6ddc829558857e3f497eec4 Mon Sep 17 00:00:00 2001 From: Infinidoge Date: Fri, 25 Jul 2025 13:49:08 -0400 Subject: [PATCH 08/10] Infini-DL360/continuwuity: migrate from conduwuit --- hosts/Infini-DL360/{conduwuit.nix => continuwuity.nix} | 8 +++----- hosts/Infini-DL360/default.nix | 2 +- 2 files changed, 4 insertions(+), 6 deletions(-) rename hosts/Infini-DL360/{conduwuit.nix => continuwuity.nix} (85%) diff --git a/hosts/Infini-DL360/conduwuit.nix b/hosts/Infini-DL360/continuwuity.nix similarity index 85% rename from hosts/Infini-DL360/conduwuit.nix rename to hosts/Infini-DL360/continuwuity.nix index 8116a51..fd5662c 100644 --- a/hosts/Infini-DL360/conduwuit.nix +++ b/hosts/Infini-DL360/continuwuity.nix @@ -1,20 +1,18 @@ { config, common, - inputs, ... }: let domain = common.subdomain "matrix"; - cfg = config.services.conduwuit-vendor; + cfg = config.services.matrix-continuwuity; host = "http://localhost:${toString cfg.settings.global.port}"; in { - persist.directories = [ "/var/lib/private/conduwuit" ]; + persist.directories = [ "/var/lib/private/continuwuity" ]; - services.conduwuit-vendor = { + services.matrix-continuwuity = { enable = true; - package = inputs.conduwuit.packages.x86_64-linux.default; settings = { global = { allow_registration = false; diff --git a/hosts/Infini-DL360/default.nix b/hosts/Infini-DL360/default.nix index f208b7b..703b421 100644 --- a/hosts/Infini-DL360/default.nix +++ b/hosts/Infini-DL360/default.nix @@ -13,7 +13,7 @@ private.nixosModules.minecraft-servers private.nixosModules.wireguard ./authentik.nix - ./conduwuit.nix + ./continuwuity.nix ./drasl.nix ./factorio.nix ./forgejo.nix From ce75fa7673121c895aed4d12d098b54c08cc5689 Mon Sep 17 00:00:00 2001 From: Infinidoge Date: Fri, 1 Aug 2025 00:19:55 -0400 Subject: [PATCH 09/10] Infini-DL360/copyparty: init --- flake.lock | 32 +++++++++++-- flake.nix | 7 +++ hosts/Infini-DL360/copyparty.nix | 78 ++++++++++++++++++++++++++++++++ hosts/Infini-DL360/default.nix | 1 + hosts/Infini-DL360/web.nix | 9 ---- 5 files changed, 114 insertions(+), 13 deletions(-) create mode 100644 hosts/Infini-DL360/copyparty.nix diff --git a/flake.lock b/flake.lock index 19affef..6f6d124 100644 --- a/flake.lock +++ b/flake.lock @@ -206,6 +206,29 @@ "type": "github" } }, + "copyparty": { + "inputs": { + "flake-utils": [ + "flake-utils" + ], + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1753651064, + "narHash": "sha256-k405QhnJ0kpX2/EvBDX5SdWTbkhhQKHaRGwsLwiPPCk=", + "owner": "9001", + "repo": "copyparty", + "rev": "d197e754b9691f9c4277278396b230c98c3bd228", + "type": "github" + }, + "original": { + "owner": "9001", + "repo": "copyparty", + "type": "github" + } + }, "crane": { "locked": { "lastModified": 1739936662, @@ -854,11 +877,11 @@ }, "private": { "locked": { - "lastModified": 1753118082, - "narHash": "sha256-8hyOTjc1FttR/pu8A+TLpOU51g/Ne2+uc9w64JR+zzE=", + "lastModified": 1754018037, + "narHash": "sha256-zG6wWTKBorCaFvD8X0jQV8R6JLuJ/NBEDTo2GAE7v1g=", "ref": "refs/heads/master", - "rev": "41b9df31ff0db950c3fdda8600c40275e0edc441", - "revCount": 59, + "rev": "31e2ac721e711ba2e8fe7af135beeaf3aac4ce23", + "revCount": 60, "type": "git", "url": "ssh://git@github.com/Infinidoge/universe-private" }, @@ -961,6 +984,7 @@ "authentik-nix": "authentik-nix", "blank": "blank", "conduwuit": "conduwuit", + "copyparty": "copyparty", "devshell": "devshell", "disko": "disko", "drasl": "drasl", diff --git a/flake.nix b/flake.nix index a90b09d..66fb14d 100644 --- a/flake.nix +++ b/flake.nix @@ -72,6 +72,9 @@ ## Authentik authentik-nix.url = "github:nix-community/authentik-nix"; + # Misc + copyparty.url = "github:9001/copyparty"; + ### Cleanup ### ## Common blank.url = "github:divnix/blank"; @@ -100,6 +103,8 @@ conduwuit.inputs.flake-compat.follows = "blank"; conduwuit.inputs.flake-utils.follows = "flake-utils"; conduwuit.inputs.nixpkgs.follows = "nixpkgs"; + copyparty.inputs.flake-utils.follows = "flake-utils"; + copyparty.inputs.nixpkgs.follows = "nixpkgs"; devshell.inputs.nixpkgs.follows = "nixpkgs"; disko.inputs.nixpkgs.follows = "nixpkgs"; drasl.inputs.nixpkgs.follows = "nixpkgs"; @@ -212,6 +217,7 @@ # --- Domain-Specific Overlays inputs.agenix.overlays.default + inputs.copyparty.overlays.default inputs.nil.overlays.default inputs.nix-minecraft.overlay inputs.qtile.overlays.default @@ -260,6 +266,7 @@ inputs.hydra.nixosModules.overlayNixpkgsForThisHydra inputs.nix-minecraft.nixosModules.minecraft-servers inputs.drasl.nixosModules.drasl + inputs.copyparty.nixosModules.default ] ++ (self.lib.leaves ./modules); }) (self.lib.flattenLeaves ./hosts); diff --git a/hosts/Infini-DL360/copyparty.nix b/hosts/Infini-DL360/copyparty.nix new file mode 100644 index 0000000..7172f05 --- /dev/null +++ b/hosts/Infini-DL360/copyparty.nix @@ -0,0 +1,78 @@ +{ + common, + config, + private, + ... +}: +let + authentik_internal = config.services.nginx.virtualHosts."auth.inx.moe".locations."/".proxyPass; +in +{ + services.copyparty = { + enable = true; + + settings = { + e2dsa = true; + e2ts = true; + ansi = true; + + # OAuth2 + idp-h-usr = "X-authentik-username"; + idp-h-key = private.variables.copyparty-key; + xff-src = "lan"; + + # BUG: These are not properly set in the copyparty module, as changing any settings removes them from default + no-reload = true; + hist = "/var/cache/copyparty"; + }; + + volumes = { + "/" = { + path = "/srv/web/files.inx.moe"; + access = { + rh = "*"; + A = [ "infinidoge" ]; + }; + }; + "/p" = { + path = "/srv/web/files.inx.moe/p"; + access = { + h = "*"; + A = [ "infinidoge" ]; + }; + }; + }; + }; + + services.nginx.virtualHosts."files.inx.moe" = common.nginx.ssl-inx // { + locations."/" = { + proxyPass = "http://localhost:3923"; + proxyWebsockets = true; + extraConfig = '' + auth_request /outpost.goauthentik.io/auth/nginx; + auth_request_set $auth_cookie $upstream_http_set_cookie; + add_header Set-Cookie $auth_cookie; + + auth_request_set $authentik_username $upstream_http_x_authentik_username; + proxy_set_header X-authentik-username $authentik_username; + proxy_set_header ${private.variables.copyparty-key} "OK"; + ''; + }; + locations."/outpost.goauthentik.io" = { + proxyPass = "${authentik_internal}/outpost.goauthentik.io"; + extraConfig = '' + proxy_set_header X-Original-URL $scheme://$http_host$request_uri; + add_header Set-Cookie $auth_cookie; + auth_request_set $auth_cookie $upstream_http_set_cookie; + proxy_pass_request_body off; + proxy_set_header Content-Length ""; + ''; + }; + locations."/oauth/authorize" = { + extraConfig = '' + add_header Set-Cookie $auth_cookie; + return 302 /outpost.goauthentik.io/start?rd=/; + ''; + }; + }; +} diff --git a/hosts/Infini-DL360/default.nix b/hosts/Infini-DL360/default.nix index 703b421..4633e5d 100644 --- a/hosts/Infini-DL360/default.nix +++ b/hosts/Infini-DL360/default.nix @@ -14,6 +14,7 @@ private.nixosModules.wireguard ./authentik.nix ./continuwuity.nix + ./copyparty.nix ./drasl.nix ./factorio.nix ./forgejo.nix diff --git a/hosts/Infini-DL360/web.nix b/hosts/Infini-DL360/web.nix index cafc37a..1abdf99 100644 --- a/hosts/Infini-DL360/web.nix +++ b/hosts/Infini-DL360/web.nix @@ -91,15 +91,6 @@ in }; locations."/buy".return = "301 https://www.ikea.com/us/en/p/blahaj-soft-toy-shark-90373590/"; }; - "files.inx.moe" = ssl-inx // { - locations."/" = { - root = "/srv/web/files.inx.moe"; - extraConfig = "autoindex on;"; - }; - locations."/p/" = { - root = "/srv/web/files.inx.moe"; - }; - }; "archive.inx.moe" = ssl-inx // { locations."/" = { root = "/srv/web/archive.inx.moe"; From db1880f92a982b860846d532eaa56f715cd4b4b6 Mon Sep 17 00:00:00 2001 From: Infinidoge Date: Thu, 21 Aug 2025 21:03:18 -0400 Subject: [PATCH 10/10] desktop/wm: skip running autorandr on startup --- modules/modules/desktop/wm.nix | 3 --- 1 file changed, 3 deletions(-) diff --git a/modules/modules/desktop/wm.nix b/modules/modules/desktop/wm.nix index 9a72a31..9ba2d4d 100644 --- a/modules/modules/desktop/wm.nix +++ b/modules/modules/desktop/wm.nix @@ -51,9 +51,6 @@ in services.xserver.displayManager = { lightdm.enable = true; - setupCommands = '' - ${lib.getExe pkgs.autorandr} -c - ''; }; home-manager.sharedModules = [