nx2/dotfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

copyparty

Browse Source
This commit is contained in:
Lennart J. Kurzweg (Nx2)
2025-08-24 14:50:35 +02:00
parent 7978dc1987
commit 871a270a21
5 changed files with 120 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
configuration.nix
View File

@@ -49,6 +49,7 @@
./system-modules/postgres.nix
./system-modules/nx2site/proxy.nix
./system-modules/nx2site/audiobookshelf.nix
./system-modules/nx2site/copyparty.nix
./system-modules/nx2site/gitea.nix
./system-modules/nx2site/open-web-calendar.nix
./system-modules/nx2site/radicale.nix

56
flake.nix
View File

@@ -2,28 +2,30 @@
description = "Multisystem NixOS Flake of Lennart J. Kurzweg";
inputs = {
nixpkgs = { url = "nixpkgs/nixos-25.05"; };
nixpkgs-unstable = { url = "nixpkgs/nixos-unstable"; };
nixpkgs-latest = { url = "github:nixos/nixpkgs?ref=master"; };
nixpkgs = { url = "nixpkgs/nixos-25.05"; };
nixpkgs-unstable = { url = "nixpkgs/nixos-unstable"; };
nixpkgs-latest = { url = "github:nixos/nixpkgs?ref=master"; };
home-manager = { url = "github:nix-community/home-manager/release-25.05"; inputs.nixpkgs.follows = "nixpkgs"; };
home-manager = { url = "github:nix-community/home-manager/release-25.05"; inputs.nixpkgs.follows = "nixpkgs"; };
nixos-wsl = { url = "github:nix-community/NixOS-WSL/main"; };
nixos-wsl = { url = "github:nix-community/NixOS-WSL/main"; };
sops-nix = { url = "github:Mic92/sops-nix"; inputs.nixpkgs.follows = "nixpkgs"; };
lanzaboote = { url = "github:nix-community/lanzaboote/v0.4.2"; };
sops-nix = { url = "github:Mic92/sops-nix"; inputs.nixpkgs.follows = "nixpkgs"; };
lanzaboote = { url = "github:nix-community/lanzaboote/v0.4.2"; };
hyprland = { url = "git+https://github.com/hyprwm/Hyprland?submodules=1"; };
hyprland-plugins = { url = "github:hyprwm/hyprland-plugins"; inputs.hyprland.follows = "hyprland"; };
hyprspace = { url = "github:KZDKM/Hyprspace"; inputs.hyprland.follows = "hyprland"; };
hyprland = { url = "git+https://github.com/hyprwm/Hyprland?submodules=1"; };
hyprland-plugins = { url = "github:hyprwm/hyprland-plugins"; inputs.hyprland.follows = "hyprland"; };
hyprspace = { url = "github:KZDKM/Hyprspace"; inputs.hyprland.follows = "hyprland"; };
yazi = { url = "github:sxyazi/yazi"; };
yazi = { url = "github:sxyazi/yazi"; };
copyparty = { url = "github:9001/copyparty"; };
};
outputs = { ... }@inputs: with inputs; let
system = "x86_64-linux";
config = { allowUnfreePredicate = pkg: builtins.elem (pkgs.lib.getName pkg) (import ./flake-modules/allowed.nix).unfree; };
simple-pkgs = import nixpkgs { inherit system; };
config = { allowUnfreePredicate = pkg: builtins.elem (simple-pkgs.lib.getName pkg) (import ./flake-modules/allowed.nix).unfree; };
hyper-base = rec {
inherit system;
@@ -34,31 +36,31 @@
pkgs-version = "25.05";
};
pkgs = import nixpkgs {
my-pkgs = host: import nixpkgs {
inherit system config;
overlays = [
(final: prev: {
unstable = import nixpkgs-unstable { inherit system config; };
latest = import nixpkgs-latest { inherit system config; };
version = "25.05";
})
];
overlays = [(final: prev: {
unstable = import nixpkgs-unstable { inherit system config; };
latest = import nixpkgs-latest { inherit system config; };
version = "25.05";
})] ++ (if host == "NxACE" then [
copyparty.overlays.default
] else []);
};
nvidia-base = import ./flake-modules/nvidia.nix;
secrets = import ./git-crypt/secrets.nix;
rice = import ./flake-modules/rice.nix pkgs;
rice = import ./flake-modules/rice.nix simple-pkgs;
in {
nixosConfigurations = let
make-nixos-system = host: nvidia-settings: nixpkgs.lib.nixosSystem {
inherit pkgs;
pkgs = my-pkgs host;
modules = [ ./configuration.nix ];
specialArgs = let
hyper = hyper-base // { inherit host; nvidia = (nvidia-base // nvidia-settings); };
in { inherit inputs hyper rice secrets; };
};
make-nixos-wsl-system = host: nixpkgs.lib.nixosSystem {
inherit pkgs;
pkgs = my-pkgs host;
modules = [ ./nixos-wsl.nix ];
specialArgs = let
hyper = hyper-base // { inherit host; };
@@ -73,18 +75,18 @@
homeConfigurations = let
make-home-configuration = host: user: nvidia-settings: home-manager.lib.homeManagerConfiguration {
inherit pkgs;
pkgs = my-pkgs host;
modules = [ ./home.nix ];
extraSpecialArgs = let
hyper = hyper-base // { inherit host; nvidia = nvidia-base // nvidia-settings; };
in { inherit pkgs inputs hyper rice secrets; };
in { inherit inputs hyper rice secrets; };
};
make-shell-configuration = host: user: home-manager.lib.homeManagerConfiguration {
inherit pkgs;
pkgs = my-pkgs host;
modules = [ ./shell-only.nix ];
extraSpecialArgs = let
hyper = hyper-base // { inherit host; };
in { inherit pkgs inputs hyper rice secrets; };
in { inherit inputs hyper rice secrets; };
};
in {
"${hyper-base.user}@NxXPS" = make-home-configuration "NxXPS" hyper-base.user { enable = true; prime = true; };

7
sops-secrets.yaml
View File

File diff suppressed because one or more lines are too long

44
system-modules/nx2site/copyparty.nix Normal file
View File

@@ -0,0 +1,44 @@
{ config, pkgs, ... }@all: with all; {
imports = [ inputs.copyparty.nixosModules.default ];
config = {
sops.secrets."nx2site/copyparty/user-password/${hyper.user}".owner = "copyparty";
environment.systemPackages = with pkgs; [ copyparty ];
services.copyparty = {
enable = true;
package = pkgs.copyparty;
openFilesLimit = 8192;
settings = {
i = [ "0.0.0.0" "unix:770:copyparty:/dev/shm/party.sock" ];
p = [ 3210 3211 ];
no-reload = true;
ignored-flag = false;
shr = "/shares";
css-browser = "https://nx2.site/copyparty/extra-browser.css";
theme = 6;
xff-hdr = "X-Forwarded-For"; # so that cpp knows the real client ip behind nginx. Must match with nginx config
rproxy = 1;
no-robots = true;
};
accounts = {
"${hyper.user}" = {
passwordFile = config.sops.secrets."nx2site/copyparty/user-password/${hyper.user}".path;
};
};
volumes = {
"/" = {
path = "/srv/copyparty/root";
access = {
"A" = "${hyper.user}";
};
flags = {
fk = 4; # url password length
scan = 60; # scan interval in seconds
e2d = true; # volflag "e2d" enables the uploads database
d2t = true; # "d2t" disables multimedia parsers (in case the uploads are malicious)
nohash = "\.iso$"; # skips hashing file contents if path matches *.iso
};
};
};
};
};
}

43
system-modules/nx2site/proxy.nix
View File

@@ -19,7 +19,7 @@
};
};
users.users."nginx" = {
extraGroups = [ "nginx" "acme" ];
extraGroups = [ "nginx" "acme" "copyparty" ];
useDefaultShell = false;
linger = true;
home = "/var/nginx/";
@@ -65,6 +65,14 @@
statusPage = false;
streamConfig = ""; # udp config
validateConfigFile = true;
upstreams = {
"partysock" = {
servers."unix:/dev/shm/party.sock".fail_timeout = "1s";
extraConfig = /* nginx */ ''
keepalive 1;
'';
};
};
virtualHosts = let
vh = {
kTLS = true;
@@ -186,10 +194,41 @@
# proxyWebsockets = true;
# }; };
# };
"file.${hyper.domain}" = { # copyparty
listen = dl;
forceSSL = true;
enableACME = true;
locations = {
"/" = {
proxyPass = "http://partysock";
proxyWebsockets = true;
extraConfig = /* nginx */ ''
proxy_redirect off;
# disable buffering (next 4 lines)
# proxy_http_version 1.1; # this is set by nixos
client_max_body_size 0;
proxy_buffering off;
proxy_request_buffering off;
# improve download speed from 600 to 1500 MiB/s
proxy_buffers 32 8k;
proxy_buffer_size 16k;
proxy_busy_buffers_size 24k;
proxy_set_header Connection "Keep-Alive";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# NOTE: with cloudflare you want this X-Forwarded-For instead:
#proxy_set_header X-Forwarded-For $http_cf_connecting_ip;
'';
};
};
};
"~^(.*).${hyper.domain}$" = {
listen = dl;
root = "/var/nginx/webroot";
locations = { "~.*" = { return = "301 https://${hyper.domain}/502.html"; }; };
locations."~.*".return = "502";
};
};
};