diff --git a/flake.lock b/flake.lock index b5644ea..d142b17 100644 --- a/flake.lock +++ b/flake.lock @@ -67,6 +67,27 @@ "type": "github" } }, + "copyparty": { + "inputs": { + "flake-utils": "flake-utils_5", + "nixpkgs": [ + "nixpkgs-unstable" + ] + }, + "locked": { + "lastModified": 1757362872, + "narHash": "sha256-juUSWjxX8y2gueU34BpkQipUlhZRFJNLFccdprle0iM=", + "owner": "9001", + "repo": "copyparty", + "rev": "e09f3c9e2c3dccf8f3912539e04dd840b10b51ee", + "type": "github" + }, + "original": { + "owner": "9001", + "repo": "copyparty", + "type": "github" + } + }, "crane": { "locked": { "lastModified": 1725409566, @@ -148,7 +169,7 @@ }, "devshell-tools": { "inputs": { - "flake-utils": "flake-utils_8", + "flake-utils": "flake-utils_9", "nixpkgs": "nixpkgs_4" }, "locked": { @@ -239,6 +260,24 @@ } }, "flake-utils_10": { + "inputs": { + "systems": "systems_9" + }, + "locked": { + "lastModified": 1705309234, + "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_11": { "locked": { "lastModified": 1667395993, "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", @@ -302,6 +341,21 @@ } }, "flake-utils_5": { + "locked": { + "lastModified": 1678901627, + "narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_6": { "inputs": { "systems": "systems_4" }, @@ -319,7 +373,7 @@ "type": "github" } }, - "flake-utils_6": { + "flake-utils_7": { "inputs": { "systems": "systems_5" }, @@ -337,7 +391,7 @@ "type": "github" } }, - "flake-utils_7": { + "flake-utils_8": { "inputs": { "systems": "systems_7" }, @@ -355,7 +409,7 @@ "type": "github" } }, - "flake-utils_8": { + "flake-utils_9": { "inputs": { "systems": "systems_8" }, @@ -373,24 +427,6 @@ "type": "github" } }, - "flake-utils_9": { - "inputs": { - "systems": "systems_9" - }, - "locked": { - "lastModified": 1705309234, - "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": [ @@ -485,7 +521,7 @@ }, "nixGL": { "inputs": { - "flake-utils": "flake-utils_6", + "flake-utils": "flake-utils_7", "nixpkgs": [ "nixpkgs-unstable" ] @@ -669,7 +705,7 @@ "inputs": { "agenix": "agenix", "crane": "crane", - "flake-utils": "flake-utils_7", + "flake-utils": "flake-utils_8", "nixpkgs": [ "nixpkgs-unstable" ], @@ -694,9 +730,10 @@ "inputs": { "boardie": "boardie", "borgthin": "borgthin", + "copyparty": "copyparty", "deploy-rs": "deploy-rs", "devshell": "devshell_3", - "flake-utils": "flake-utils_5", + "flake-utils": "flake-utils_6", "home-manager-stable": "home-manager-stable", "home-manager-unstable": "home-manager-unstable", "impermanence": "impermanence", @@ -733,7 +770,7 @@ }, "sbt": { "inputs": { - "flake-utils": "flake-utils_10", + "flake-utils": "flake-utils_11", "nixpkgs": "nixpkgs_5" }, "locked": { @@ -753,7 +790,7 @@ "sharry": { "inputs": { "devshell-tools": "devshell-tools", - "flake-utils": "flake-utils_9", + "flake-utils": "flake-utils_10", "nixpkgs": [ "nixpkgs-unstable" ], diff --git a/flake.nix b/flake.nix index 4ce0c12..9be9284 100644 --- a/flake.nix +++ b/flake.nix @@ -41,6 +41,8 @@ borgthin.url = "github:devplayer0/borg"; # TODO: Update borgthin so this works # borgthin.inputs.nixpkgs.follows = "nixpkgs-mine"; + copyparty.url = "github:9001/copyparty"; + copyparty.inputs.nixpkgs.follows = "nixpkgs-unstable"; }; outputs = diff --git a/lib/constants.nix b/lib/constants.nix index e02d3ef..46356c7 100644 --- a/lib/constants.nix +++ b/lib/constants.nix @@ -13,6 +13,7 @@ rec { kea = 404; keepalived_script = 405; photoprism = 406; + copyparty = 408; }; gids = { matrix-syncv3 = 400; @@ -23,6 +24,7 @@ rec { keepalived_script = 405; photoprism = 406; adbusers = 407; + copyparty = 408; }; }; diff --git a/nixos/boxes/colony/vms/shill/containers/jackflix/default.nix b/nixos/boxes/colony/vms/shill/containers/jackflix/default.nix index 5f0b0ff..74c6b16 100644 --- a/nixos/boxes/colony/vms/shill/containers/jackflix/default.nix +++ b/nixos/boxes/colony/vms/shill/containers/jackflix/default.nix @@ -23,7 +23,7 @@ in }; }; - configuration = { lib, pkgs, config, ... }: + configuration = { lib, pkgs, config, allAssignments, ... }: let inherit (lib) mkForce; in @@ -39,8 +39,18 @@ in key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPUv1ntVrZv5ripsKpcOAnyDQX2PHjowzyhqWK10Ml53"; files = { "jackflix/photoprism-pass.txt" = {}; + "jackflix/copyparty-pass.txt" = { + owner = "copyparty"; + group = "copyparty"; + }; }; }; + + firewall = { + tcp.allowed = [ + 3923 + ]; + }; }; users = with lib.my.c.ids; { @@ -60,11 +70,16 @@ in uid = uids.photoprism; group = "photoprism"; }; + copyparty = { + uid = uids.copyparty; + extraGroups = [ "media" ]; + }; }; groups = { media.gid = 2000; jellyseerr.gid = gids.jellyseerr; photoprism.gid = gids.photoprism; + copyparty.gid = gids.copyparty; }; }; @@ -159,6 +174,50 @@ in PHOTOPRISM_DATABASE_DRIVER = "sqlite"; }; }; + + copyparty = { + enable = true; + package = pkgs.copyparty.override { + withMagic = true; + }; + settings = { + name = "dev-stuff"; + no-reload = true; + j = 8; # cores + http-only = true; + xff-src = + with allAssignments.middleman.internal; + [ "${ipv4.address}/32" prefixes.ctrs.v6 ]; + rproxy = 1; # get if from x-forwarded-for + magic = true; # enable checking file magic on upload + hist = "/var/cache/copyparty"; + shr = "/share"; # enable share creation + ed = true; # enable dotfiles + chmod-f = 664; + chmod-d = 775; + e2dsa = true; # file indexing + e2t = true; # metadata indexing + og-ua = "(Discord|Twitter|Slack)bot"; # embeds + theme = 6; + }; + accounts.dev.passwordFile = config.age.secrets."jackflix/copyparty-pass.txt".path; + volumes = { + "/" = { + path = "/mnt/media/stuff"; + access.A = "dev"; # dev has admin access + }; + "/pub" = { + path = "/mnt/media/public"; + access = { + A = "dev"; + "r." = "*"; + }; + flags = { + shr_who = "no"; # no reason to have shares here + }; + }; + }; + }; }; }; }; diff --git a/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix b/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix index 44e3b57..79e3b83 100644 --- a/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix +++ b/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix @@ -347,12 +347,7 @@ in "stuff.${pubDomain}" = { locations."/" = { - basicAuthFile = config.age.secrets."middleman/htpasswd".path; - root = "/mnt/media/stuff"; - extraConfig = '' - fancyindex on; - fancyindex_show_dotfiles on; - ''; + proxyPass = "http://jackflix-ctr.${domain}:3923"; }; useACMEHost = pubDomain; }; diff --git a/nixos/modules/common.nix b/nixos/modules/common.nix index 77614d4..7a2ad81 100644 --- a/nixos/modules/common.nix +++ b/nixos/modules/common.nix @@ -12,6 +12,7 @@ in inputs.impermanence.nixosModule inputs.ragenix.nixosModules.age inputs.sharry.nixosModules.default + inputs.copyparty.nixosModules.default ]; config = mkMerge [ @@ -70,6 +71,7 @@ in # TODO: Re-enable when borgthin is updated # inputs.borgthin.overlays.default inputs.boardie.overlays.default + inputs.copyparty.overlays.default ]; config = { allowUnfree = true; diff --git a/nixos/modules/tmproot.nix b/nixos/modules/tmproot.nix index c1e37f8..138e816 100644 --- a/nixos/modules/tmproot.nix +++ b/nixos/modules/tmproot.nix @@ -587,6 +587,22 @@ in } ]; }) + (mkIf config.services.copyparty.enable { + my.tmproot.persistence.config.directories = [ + { + directory = "/var/lib/copyparty"; + mode = "0755"; + user = "copyparty"; + group = "copyparty"; + } + { + directory = "/var/cache/copyparty"; + mode = "0755"; + user = "copyparty"; + group = "copyparty"; + } + ]; + }) ])) ]); diff --git a/secrets/jackflix/copyparty-pass.txt.age b/secrets/jackflix/copyparty-pass.txt.age new file mode 100644 index 0000000..07754b0 --- /dev/null +++ b/secrets/jackflix/copyparty-pass.txt.age @@ -0,0 +1,11 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGhNYTRudyA4Qk8z +SkhFWWMyaGM1c2luVzZzbWNvT0ZsS09yN0w1N01oY0tldWFXZnhVCkM0YzBVZUM1 +MmRzdFlCL1o5ZTdkTjkxQ1YyQ0kwbnJ0eVRuYUpQNWw2c0EKLT4gWDI1NTE5IGli +dkp5RjZRSmROMEtQeWJiVkt2UktxdTAwUzZBRW9XajFDblFqZ3ZVR0EKYzFubnp0 +UHo5WlViYTNwbXFBd01qM0R4Wk82MTV1TzJsVVczdGRNSFRBQQotPiAnLWdyZWFz +ZSAuPzVDCm1SZkdDMHRjT2NBVXI5ektKZ1R3dXhMUEVRblhBdC9mclFZSitSODI0 +OHZzZThEQnlBY25lVnFTQXRaV2FIYTIKeHkrY1NRCi0tLSBhUFgvd1BUbFlJeEFO +RWRBQzcrT0ZFMG5SZVliNlZnK2N2VDJVV05UTkhBCrZM7RtMrOVIGIpod8aU4GLn +0KBGTSq6kE01+f1kmTZDAKHx/LhiWgHYKLxTLW4VpYnUCg== +-----END AGE ENCRYPTED FILE-----