nixos/jackflix: Add copyparty

2025-09-08 23:28:31 +01:00
parent 1f145334f3
commit adaf8b6a83
8 changed files with 158 additions and 34 deletions
--- a/nixos/boxes/colony/vms/shill/containers/jackflix/default.nix
+++ b/nixos/boxes/colony/vms/shill/containers/jackflix/default.nix
@@ -23,7 +23,7 @@ in
      };
    };

-    configuration = { lib, pkgs, config, ... }:
+    configuration = { lib, pkgs, config, allAssignments, ... }:
    let
      inherit (lib) mkForce;
    in
@@ -39,8 +39,18 @@ in
            key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPUv1ntVrZv5ripsKpcOAnyDQX2PHjowzyhqWK10Ml53";
            files = {
              "jackflix/photoprism-pass.txt" = {};
+              "jackflix/copyparty-pass.txt" = {
+                owner = "copyparty";
+                group = "copyparty";
+              };
            };
          };
+
+          firewall = {
+            tcp.allowed = [
+              3923
+            ];
+          };
        };

        users = with lib.my.c.ids; {
@@ -60,11 +70,16 @@ in
              uid = uids.photoprism;
              group = "photoprism";
            };
+            copyparty = {
+              uid = uids.copyparty;
+              extraGroups = [ "media" ];
+            };
          };
          groups = {
            media.gid = 2000;
            jellyseerr.gid = gids.jellyseerr;
            photoprism.gid = gids.photoprism;
+            copyparty.gid = gids.copyparty;
          };
        };

@@ -159,6 +174,50 @@ in
              PHOTOPRISM_DATABASE_DRIVER = "sqlite";
            };
          };
+
+          copyparty = {
+            enable = true;
+            package = pkgs.copyparty.override {
+              withMagic = true;
+            };
+            settings = {
+              name = "dev-stuff";
+              no-reload = true;
+              j = 8; # cores
+              http-only = true;
+              xff-src =
+                with allAssignments.middleman.internal;
+                [ "${ipv4.address}/32" prefixes.ctrs.v6 ];
+              rproxy = 1; # get if from x-forwarded-for
+              magic = true; # enable checking file magic on upload
+              hist = "/var/cache/copyparty";
+              shr = "/share"; # enable share creation
+              ed = true; # enable dotfiles
+              chmod-f = 664;
+              chmod-d = 775;
+              e2dsa = true; # file indexing
+              e2t = true; # metadata indexing
+              og-ua = "(Discord|Twitter|Slack)bot"; # embeds
+              theme = 6;
+            };
+            accounts.dev.passwordFile = config.age.secrets."jackflix/copyparty-pass.txt".path;
+            volumes = {
+              "/" = {
+                path = "/mnt/media/stuff";
+                access.A = "dev"; # dev has admin access
+              };
+              "/pub" = {
+                path = "/mnt/media/public";
+                access = {
+                  A = "dev";
+                  "r." = "*";
+                };
+                flags = {
+                  shr_who = "no"; # no reason to have shares here
+                };
+              };
+            };
+          };
        };
      };
    };
--- a/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix
+++ b/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix
@@ -347,12 +347,7 @@ in

      "stuff.${pubDomain}" = {
        locations."/" = {
-          basicAuthFile = config.age.secrets."middleman/htpasswd".path;
-          root = "/mnt/media/stuff";
-          extraConfig = ''
-            fancyindex on;
-            fancyindex_show_dotfiles on;
-          '';
+          proxyPass = "http://jackflix-ctr.${domain}:3923";
        };
        useACMEHost = pubDomain;
      };