desktop/wm: skip running autorandr on startup

bin/addtovpn.sh

@@ -0,0 +1,31 @@
+#!/usr/bin/env bash
+
+name=$1
+number=$2
+address="192.168.200.$number/32"
+
+private=$(wg genkey)
+public=$(echo "$private" | wg pubkey)
+psk=$(wg genpsk)
+
+cat << EOF > /tmp/$name.conf
+[Interface]
+Address = $address
+PrivateKey = $private
+DNS = 1.1.1.1
+
+[Peer]
+PublicKey = $(cat /etc/secrets/wireguard/public)
+PresharedKey = $psk
+Endpoint = vpn.inx.moe:51820
+AllowedIPs = 0.0.0.0/0
+EOF
+
+cat << EOF >> /tmp/wireguard-config.nix
+{
+  name = "$name";
+  publicKey = "$public";
+  presharedKey = "$psk";
+  allowedIPs = ip $number;
+}
+EOF

flake.lock

@@ -206,6 +206,29 @@
         "type": "github"
       }
     },
+    "copyparty": {
+      "inputs": {
+        "flake-utils": [
+          "flake-utils"
+        ],
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1753651064,
+        "narHash": "sha256-k405QhnJ0kpX2/EvBDX5SdWTbkhhQKHaRGwsLwiPPCk=",
+        "owner": "9001",
+        "repo": "copyparty",
+        "rev": "d197e754b9691f9c4277278396b230c98c3bd228",
+        "type": "github"
+      },
+      "original": {
+        "owner": "9001",
+        "repo": "copyparty",
+        "type": "github"
+      }
+    },
     "crane": {
       "locked": {
         "lastModified": 1739936662,
@@ -710,11 +733,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1750906391,
+        "lastModified": 1752863484,
-        "narHash": "sha256-zLR0SM1oUewUpZL+WCF7IgtfxcXw7bRl+P285mkX9Ug=",
+        "narHash": "sha256-0xUULcxlaxbqknWbGmMrTkvXizQqj2K+gJXEyRMh/dk=",
         "owner": "Infinidoge",
         "repo": "nix-minecraft",
-        "rev": "e8575513ca4495e12073824ebd8bfc88c68ee011",
+        "rev": "35ee5b4387265a0682eb0cd556c0345439c0145a",
         "type": "github"
       },
       "original": {
@@ -854,11 +877,11 @@
     },
     "private": {
       "locked": {
-        "lastModified": 1752168841,
+        "lastModified": 1754018037,
-        "narHash": "sha256-pgK70x5RQ7hD0s8j21TwdM7aNesdgqt0zbm6U1Ua098=",
+        "narHash": "sha256-zG6wWTKBorCaFvD8X0jQV8R6JLuJ/NBEDTo2GAE7v1g=",
         "ref": "refs/heads/master",
-        "rev": "b8d3a313856a3eb41fdd4061f3d36f95168d123c",
+        "rev": "31e2ac721e711ba2e8fe7af135beeaf3aac4ce23",
-        "revCount": 52,
+        "revCount": 60,
         "type": "git",
         "url": "ssh://git@github.com/Infinidoge/universe-private"
       },
@@ -961,6 +984,7 @@
         "authentik-nix": "authentik-nix",
         "blank": "blank",
         "conduwuit": "conduwuit",
+        "copyparty": "copyparty",
         "devshell": "devshell",
         "disko": "disko",
         "drasl": "drasl",

flake.nix

@@ -72,6 +72,9 @@
     ## Authentik
     authentik-nix.url = "github:nix-community/authentik-nix";
 
+    # Misc
+    copyparty.url = "github:9001/copyparty";
+
     ### Cleanup ###
     ## Common
     blank.url = "github:divnix/blank";
@@ -100,6 +103,8 @@
     conduwuit.inputs.flake-compat.follows = "blank";
     conduwuit.inputs.flake-utils.follows = "flake-utils";
     conduwuit.inputs.nixpkgs.follows = "nixpkgs";
+    copyparty.inputs.flake-utils.follows = "flake-utils";
+    copyparty.inputs.nixpkgs.follows = "nixpkgs";
     devshell.inputs.nixpkgs.follows = "nixpkgs";
     disko.inputs.nixpkgs.follows = "nixpkgs";
     drasl.inputs.nixpkgs.follows = "nixpkgs";
@@ -212,6 +217,7 @@
 
                     # --- Domain-Specific Overlays
                     inputs.agenix.overlays.default
+                    inputs.copyparty.overlays.default
                     inputs.nil.overlays.default
                     inputs.nix-minecraft.overlay
                     inputs.qtile.overlays.default
@@ -260,6 +266,7 @@
                 inputs.hydra.nixosModules.overlayNixpkgsForThisHydra
                 inputs.nix-minecraft.nixosModules.minecraft-servers
                 inputs.drasl.nixosModules.drasl
+                inputs.copyparty.nixosModules.default
               ] ++ (self.lib.leaves ./modules);
             }) (self.lib.flattenLeaves ./hosts);
 

hosts/Infini-DL360/continuwuity.nix

@@ -1,20 +1,18 @@
 {
   config,
   common,
-  inputs,
   ...
 }:
 let
   domain = common.subdomain "matrix";
-  cfg = config.services.conduwuit-vendor;
+  cfg = config.services.matrix-continuwuity;
   host = "http://localhost:${toString cfg.settings.global.port}";
 in
 {
-  persist.directories = [ "/var/lib/private/conduwuit" ];
+  persist.directories = [ "/var/lib/private/continuwuity" ];
 
-  services.conduwuit-vendor = {
+  services.matrix-continuwuity = {
     enable = true;
-    package = inputs.conduwuit.packages.x86_64-linux.default;
     settings = {
       global = {
         allow_registration = false;

hosts/Infini-DL360/copyparty.nix

@@ -0,0 +1,78 @@
+{
+  common,
+  config,
+  private,
+  ...
+}:
+let
+  authentik_internal = config.services.nginx.virtualHosts."auth.inx.moe".locations."/".proxyPass;
+in
+{
+  services.copyparty = {
+    enable = true;
+
+    settings = {
+      e2dsa = true;
+      e2ts = true;
+      ansi = true;
+
+      # OAuth2
+      idp-h-usr = "X-authentik-username";
+      idp-h-key = private.variables.copyparty-key;
+      xff-src = "lan";
+
+      # BUG: These are not properly set in the copyparty module, as changing any settings removes them from default
+      no-reload = true;
+      hist = "/var/cache/copyparty";
+    };
+
+    volumes = {
+      "/" = {
+        path = "/srv/web/files.inx.moe";
+        access = {
+          rh = "*";
+          A = [ "infinidoge" ];
+        };
+      };
+      "/p" = {
+        path = "/srv/web/files.inx.moe/p";
+        access = {
+          h = "*";
+          A = [ "infinidoge" ];
+        };
+      };
+    };
+  };
+
+  services.nginx.virtualHosts."files.inx.moe" = common.nginx.ssl-inx // {
+    locations."/" = {
+      proxyPass = "http://localhost:3923";
+      proxyWebsockets = true;
+      extraConfig = ''
+        auth_request /outpost.goauthentik.io/auth/nginx;
+        auth_request_set $auth_cookie $upstream_http_set_cookie;
+        add_header Set-Cookie $auth_cookie;
+
+        auth_request_set $authentik_username $upstream_http_x_authentik_username;
+        proxy_set_header X-authentik-username $authentik_username;
+        proxy_set_header ${private.variables.copyparty-key} "OK";
+      '';
+    };
+    locations."/outpost.goauthentik.io" = {
+      proxyPass = "${authentik_internal}/outpost.goauthentik.io";
+      extraConfig = ''
+        proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
+        add_header Set-Cookie $auth_cookie;
+        auth_request_set $auth_cookie $upstream_http_set_cookie;
+        proxy_pass_request_body off;
+        proxy_set_header Content-Length "";
+      '';
+    };
+    locations."/oauth/authorize" = {
+      extraConfig = ''
+        add_header Set-Cookie $auth_cookie;
+        return 302 /outpost.goauthentik.io/start?rd=/;
+      '';
+    };
+  };
+}

hosts/Infini-DL360/default.nix

@@ -11,8 +11,10 @@
     ./secrets
 
     private.nixosModules.minecraft-servers
+    private.nixosModules.wireguard
     ./authentik.nix
-    ./conduwuit.nix
+    ./continuwuity.nix
+    ./copyparty.nix
     ./drasl.nix
     ./factorio.nix
     ./forgejo.nix
@@ -35,6 +37,7 @@
     ./torrenting.nix
     ./vaultwarden.nix
     ./web.nix
+    ./wireguard.nix
   ];
 
   system.stateVersion = "23.11";

hosts/Infini-DL360/thelounge.nix

@@ -23,6 +23,8 @@
     port = 9786;
     extraConfig = {
       reverseProxy = true;
+      prefetch = true;
+      fileUpload.enable = true;
     };
   };
 }

hosts/Infini-DL360/web.nix

@@ -91,15 +91,6 @@ in
       };
       locations."/buy".return = "301 https://www.ikea.com/us/en/p/blahaj-soft-toy-shark-90373590/";
     };
-    "files.inx.moe" = ssl-inx // {
-      locations."/" = {
-        root = "/srv/web/files.inx.moe";
-        extraConfig = "autoindex on;";
-      };
-      locations."/p/" = {
-        root = "/srv/web/files.inx.moe";
-      };
-    };
     "archive.inx.moe" = ssl-inx // {
       locations."/" = {
         root = "/srv/web/archive.inx.moe";

hosts/Infini-DL360/wireguard.nix

@@ -0,0 +1,27 @@
+{ pkgs, ... }:
+let
+  subnet = "192.168.200.0/24";
+in
+
+{
+  networking.wireguard.enable = true;
+
+  networking.nat.internalInterfaces = [ "wg0" ];
+  networking.firewall.allowedUDPPorts = [ 51820 ];
+
+  networking.wireguard.interfaces = {
+    wg0 = {
+      ips = [ "192.168.200.1/24" ];
+      listenPort = 51820;
+
+      privateKeyFile = "/etc/secrets/wireguard/private";
+
+      postSetup = ''
+        ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s ${subnet} -o br0 -j MASQUERADE
+      '';
+      postShutdown = ''
+        ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s ${subnet} -o br0 -j MASQUERADE
+      '';
+    };
+  };
+}

modules/modules/desktop/wm.nix

@@ -51,9 +51,6 @@ in
 
       services.xserver.displayManager = {
         lightdm.enable = true;
-        setupCommands = ''
-          ${lib.getExe pkgs.autorandr} -c
-        '';
       };
 
       home-manager.sharedModules = [