diff --git a/configuration.nix b/configuration.nix index 28e0e2f..427350e 100644 --- a/configuration.nix +++ b/configuration.nix @@ -49,6 +49,7 @@ ./system-modules/postgres.nix ./system-modules/nx2site/proxy.nix ./system-modules/nx2site/audiobookshelf.nix + ./system-modules/nx2site/copyparty.nix ./system-modules/nx2site/gitea.nix ./system-modules/nx2site/open-web-calendar.nix ./system-modules/nx2site/radicale.nix diff --git a/flake.nix b/flake.nix index 37f839b..e539f4d 100644 --- a/flake.nix +++ b/flake.nix @@ -2,28 +2,30 @@ description = "Multisystem NixOS Flake of Lennart J. Kurzweg"; inputs = { - nixpkgs = { url = "nixpkgs/nixos-25.05"; }; - nixpkgs-unstable = { url = "nixpkgs/nixos-unstable"; }; - nixpkgs-latest = { url = "github:nixos/nixpkgs?ref=master"; }; + nixpkgs = { url = "nixpkgs/nixos-25.05"; }; + nixpkgs-unstable = { url = "nixpkgs/nixos-unstable"; }; + nixpkgs-latest = { url = "github:nixos/nixpkgs?ref=master"; }; - home-manager = { url = "github:nix-community/home-manager/release-25.05"; inputs.nixpkgs.follows = "nixpkgs"; }; + home-manager = { url = "github:nix-community/home-manager/release-25.05"; inputs.nixpkgs.follows = "nixpkgs"; }; - nixos-wsl = { url = "github:nix-community/NixOS-WSL/main"; }; + nixos-wsl = { url = "github:nix-community/NixOS-WSL/main"; }; - sops-nix = { url = "github:Mic92/sops-nix"; inputs.nixpkgs.follows = "nixpkgs"; }; - lanzaboote = { url = "github:nix-community/lanzaboote/v0.4.2"; }; + sops-nix = { url = "github:Mic92/sops-nix"; inputs.nixpkgs.follows = "nixpkgs"; }; + lanzaboote = { url = "github:nix-community/lanzaboote/v0.4.2"; }; - hyprland = { url = "git+https://github.com/hyprwm/Hyprland?submodules=1"; }; - hyprland-plugins = { url = "github:hyprwm/hyprland-plugins"; inputs.hyprland.follows = "hyprland"; }; - hyprspace = { url = "github:KZDKM/Hyprspace"; inputs.hyprland.follows = "hyprland"; }; + hyprland = { url = "git+https://github.com/hyprwm/Hyprland?submodules=1"; }; + hyprland-plugins = { url = "github:hyprwm/hyprland-plugins"; inputs.hyprland.follows = "hyprland"; }; + hyprspace = { url = "github:KZDKM/Hyprspace"; inputs.hyprland.follows = "hyprland"; }; - yazi = { url = "github:sxyazi/yazi"; }; + yazi = { url = "github:sxyazi/yazi"; }; + copyparty = { url = "github:9001/copyparty"; }; }; outputs = { ... }@inputs: with inputs; let system = "x86_64-linux"; - config = { allowUnfreePredicate = pkg: builtins.elem (pkgs.lib.getName pkg) (import ./flake-modules/allowed.nix).unfree; }; + simple-pkgs = import nixpkgs { inherit system; }; + config = { allowUnfreePredicate = pkg: builtins.elem (simple-pkgs.lib.getName pkg) (import ./flake-modules/allowed.nix).unfree; }; hyper-base = rec { inherit system; @@ -34,31 +36,31 @@ pkgs-version = "25.05"; }; - pkgs = import nixpkgs { + my-pkgs = host: import nixpkgs { inherit system config; - overlays = [ - (final: prev: { - unstable = import nixpkgs-unstable { inherit system config; }; - latest = import nixpkgs-latest { inherit system config; }; - version = "25.05"; - }) - ]; + overlays = [(final: prev: { + unstable = import nixpkgs-unstable { inherit system config; }; + latest = import nixpkgs-latest { inherit system config; }; + version = "25.05"; + })] ++ (if host == "NxACE" then [ + copyparty.overlays.default + ] else []); }; nvidia-base = import ./flake-modules/nvidia.nix; secrets = import ./git-crypt/secrets.nix; - rice = import ./flake-modules/rice.nix pkgs; + rice = import ./flake-modules/rice.nix simple-pkgs; in { nixosConfigurations = let make-nixos-system = host: nvidia-settings: nixpkgs.lib.nixosSystem { - inherit pkgs; + pkgs = my-pkgs host; modules = [ ./configuration.nix ]; specialArgs = let hyper = hyper-base // { inherit host; nvidia = (nvidia-base // nvidia-settings); }; in { inherit inputs hyper rice secrets; }; }; make-nixos-wsl-system = host: nixpkgs.lib.nixosSystem { - inherit pkgs; + pkgs = my-pkgs host; modules = [ ./nixos-wsl.nix ]; specialArgs = let hyper = hyper-base // { inherit host; }; @@ -73,18 +75,18 @@ homeConfigurations = let make-home-configuration = host: user: nvidia-settings: home-manager.lib.homeManagerConfiguration { - inherit pkgs; + pkgs = my-pkgs host; modules = [ ./home.nix ]; extraSpecialArgs = let hyper = hyper-base // { inherit host; nvidia = nvidia-base // nvidia-settings; }; - in { inherit pkgs inputs hyper rice secrets; }; + in { inherit inputs hyper rice secrets; }; }; make-shell-configuration = host: user: home-manager.lib.homeManagerConfiguration { - inherit pkgs; + pkgs = my-pkgs host; modules = [ ./shell-only.nix ]; extraSpecialArgs = let hyper = hyper-base // { inherit host; }; - in { inherit pkgs inputs hyper rice secrets; }; + in { inherit inputs hyper rice secrets; }; }; in { "${hyper-base.user}@NxXPS" = make-home-configuration "NxXPS" hyper-base.user { enable = true; prime = true; }; diff --git a/sops-secrets.yaml b/sops-secrets.yaml index ea7232d..da36693 100644 --- a/sops-secrets.yaml +++ b/sops-secrets.yaml @@ -37,6 +37,9 @@ nx2site: nextcloud: admin-pass: ENC[AES256_GCM,data:u6k70HwxBKAom8kvUihNjwbYsOikOt4sG1U=,iv:K0XPh1NfaGhFJ0ZVOWqnihZee6uuWxr0Vu8aR0ykr30=,tag:YyxgoVUxk4YxFnDmXkBXpw==,type:str] db-pass: ENC[AES256_GCM,data:HHY1XolLvLngYQHkfFEYTEmcIR7BSpwQ,iv:hFeuULgGVq+QxzIO0dcBaSlTFP1E7B6tv7BM0EUcTQA=,tag:ZsZyKMSeRLCEB3mZUiBa6w==,type:str] + copyparty: + user-password: + nx2: ENC[AES256_GCM,data:55yxXcN1eKvfpjWySw54r2dMlSg9,iv:w9rGUSUkumysj4ti6XqUm+sL0wwU6sgObfCefwfS5Mo=,tag:2TEDwHqU4RzOZ9+oiffGlg==,type:str] USERTrust: ECC: ENC[AES256_GCM,data:yVSxTKRhXXPwfY7STz4YOWjgBSINYG4zjISQ/9Q9Zn1gZl/wbDQjSk7prN5fSn9aVH46TbT2mPlRDt7jcfbEZ5JmUnIfDZ7JqrAukOxy7wLAF+m4R7/KdLmdM3xJ6cnH6Tm3KQjRPL26zN4BD3T1oqNw/NPxlfqWeMrjMYZSktmoNAwAjntIqrnoXIuEPKvAsqIbg+SLvrSo05DhDy48c16jSi5zzfQ9M4fEgsugw8y7BWF/eAooLsvnpinc3Ek0XpSy2QJoD9plaW0z1lUT/UFmVVZsLDejb5hbzOnklhjSgE8S7wO4Zmvnu3It5M1YATSR5PsaG7QqaP1w6dd2DdvSnfeVeS28AdgVnOUM2MwJsgTWlvtol6ErIxaUf3n3+PAXTubhH37auOoMDeFeu1lAAe2lKiQcCtpE9gy1dkZ3vSZO6eHq7REo1qauao2LrrgBfPS0p0nhMBjOiORDI06JkNwDFBktjBI9JFHBNfd/CMrgXhfsxujbVxFSD6VD7DxBb3TDgOAm5GS6YJVC5bxQx038GnHorBsUBeR6BzpxG/lrNcBdNaHKqjngBbQmYR/skbLlrJblDyXdI4Xyh55Eogz28rwT5HhjoWOGjAk9P2qk9QAqKcWuRXsS77jRIeD59cqq9EKDRzixEJntCvxxsS1LLYBG4vmzXk4qgb1vGUgNKUaVXPNjXX2ueaLtkEMkx9sMmKcyKLzLoD3/yPYEiUTwCoXaNf3o4OUrvli7mW7qzGrqXTQtQfOd7fMGupgjtR68dEQxP2M/J1725phvSUQNx8SuERMOwzHwd7Yt/Z5TKJ+B/m7uxYyVeo9QYlkHrjVAVLmHc6qnKGVZrSGSkdVVr4dksOc7gyB28MP7JZRADCnHq7+1jhRMCiOT51I/ZyrqWtTqDNBFATCeDDWF7qZcrzWq4GrWm2dmWwQlUm5lW7+MsVgrFowjnbbjwcWy2ROIPiiC3cQ7ztxqXMZZjHUVDa4OC19d4vsDETphTuFQtNHTWGnps/phrV5X5QfIC5nmrHqeyJR2YRNb1M/IZMD1nWFvDJG0B46ES03YaIrQYt46HK3Pd25arssGS+Gzx8p65NTriRBp+KAkGf8dN9+/bECHI8coWKXpi31Uu1GoN4tf0f3OoQtpq2mCF9wz9B/cl/j7jBVKN1/OPqmd/IWr737eYQLeJ/XOKs3W5+5bdnl5I0ewaipPYelUY/ZNWCMN91U8PInGrThnASRdCkNMPOzU56MIBj3gFWn/DIq/kaFpf5CFq3Zvniy5HIf/+ZyLhMH4v7O4GSgMCcomEXLlQJZ9K4ZPHo1IYfHJqi0OEfmZageDkRrD9434ByYibg1wJRVvZfUbh4HJjgIrf1yZhTAe4DVBpYnf7wuJIw0HkNRu4piiNw8LIh2ga+f36iDs5Nl0qaZtMR3gLUBiMxrLS3Yakuof+xcglzfVMo8YBD90qBFKke7OUi7CQCZw6orE/EJ8pxDTWL4sedcv/OowKo4xqh5PtUBAOljs7i1z/zHtr4Cr64SH6DW/2vp7gYA62+BPrbhSRJbW6wkWR2hWn4pYJLirKwUBasO1Iewpj6ps3if5IKVrv6kfFoFYfLF8cEpIDjek61OU15tjXRMZENR0vSQRAm9D92VGCXcD3gnW34jF+i6HnArPF8hJ8vDIAb7LYf0xuCZ0JU8QNIUqSdHIcH/GAZGNHAP2EBV+Xbffw9rIycPM4JUIPvbUNVnXsR4+Hc1URd1FkTDlvQEE3lWlPVtcbChbg/221OdKVewi4YwXFWQV45fbwsZX05FGunVBr+/G0SEGeJ25kud9YbP/C2K1i/GQeGw5ItOmThpkXr2X/OyonnFSXnYQjy6fwEBnAX2KPVTqY7T8OxgAj7UT63Niv+w68uoay/pgyuAUBKOQ3t4HmfXPaKm0bYNQNt0r8CTLIxqFxJZxJ1syTqnMXLOdowWpDpDszFHQChiFAOuBwK61dYjUC/OHFlxDkLKkKe38EuWdBCyGqHPfj7m23+h/E09u1WzwksUk9jm6DfyTAoz/MZGsbm9pSQl22qzC3og2SwUi+smgCSrcojp4q0W92onAAxe3siPAPIPpt1Gj8GRvkImHQ/rNQkgiJ4jJfN3epiJgBJ+YCGIByivV0XFLB/9UVu7Vw554/nG9BlfKJ9h0G7VPQgd5MJGvkLqJzCrPh6QyK9uOjbJLO4dWkmaL3oZr4IVbwGk3NXZ7oef7A4RFOHDDevJintMLz1ZOkaaJKWe6YoijmAC2tQNGMIoRw6YcLjcmVPJz12W+6MEPH3YOdUl3b/NnfScuTVYBSP0cFXlDwg/rphUD7oykohsLtPOWhYW/GWvAdV4iwZpzQ0yFHasYGiERPytDKmRffoILDoTOn4HGVVCQaGnm/o7pl5BU4hFQOzvUC4C4LYRwpsz7EaRp0Y3Qqt4S2Xc/k0E0W3XU+sVNSvoBgweNhDlKaefjjSSjDNza6l9fTS3XPTprrEhMU7CvDjpsC8vfd5QTiNDxC7XGJEa0FTiCr2Xyz3YM5c8jWOk1hNOcSvJ1GvZhUWw0pX/HaihI49WQqA4/4GtLfG9f5TkCsLanj0wzVLM7XntN5ol0H5R69nJ5mPLIGXsErG9A/Xai9ol9joVUIJVRwLx8iJEyGx8m1pyOENjOkudgnKFryoWsNGbQo6G+0JEvEAjUuApkYNJvqKNRKrw+GSjxRZtewo8V9rC5a6nsUOPK/U5WaF5UMxu/L4fk8jQltcBRhQpuPZboEo6KNmUzMsK3aweMrQdHnLDlOIoJiDqj9ySPv2C3aeVoKWiscQ==,iv:GS5GMpbxeweqwjUvOzqg59xBOzNZqrL5t7RjsFjpucM=,tag:j0MaMw71fnRHxeydlqAaww==,type:str] RSA: ENC[AES256_GCM,data:pgCzxri1wLZbl5e/KeVvtHRRe0XkdB8GLp2UbQOlJ9hRvRerJ6r8VhSSDh5vfySL6ow4urXzTG5oZwOcXeZgb+DgT3ZFS+npPvbzcc8T/hU8C5tVXYdqdLJHLXAmVG2nbkuIE6z7Bu8SngBZx1jXNBBl2W4vO6GcL0naNj2IyT+1nGhwuNdn4iMMTIjZhlF81PwYRY/TzcljyST4FZc4u/55oSUNrb8Z7KmhkrmaHNPFACTXiXli/zrPKfisztRvZZLfRZ57067/fiOTdwxXyiSxsh+oKRG8JlvdLQvjZ9tMGagzAafEyWVYyrVJIRBme9Uy4HtG/uOZ39gXVE+D8sh1GWftrmvjXPO2OdD/tIa6kskfZNWWFoEOtiRcKH+fuBTe7/ezjzqJA0qZvfwduXqkfVbNcS3YRNRM3jpLwGHDEv2hnVqn4bjB5We/1KBMCtbrHtAc26M3AepeAUy+ka1xW5WO9LsZ5ck1gnFrV5bkFWDr+evBRUuiId5QuAifkDsKlqLsWAeWFpgc7DdjUrpRG0yry8PFEOZP7w7D2/AEeoGc1dMDgX95mvs+0EmA4lutmt2fF14QZJwzhH39/TLGrRmjrohqJ0kD+h8XykBt1JbOPg91dnxmEJuESPNAxhotrj8xuuklvyLKAcfWWRJ1NIvbG6rmlL+m1x+2hUVw9gVGzyGaaSLOqG/6kHwIV2v+ZvCm+n3JBle+ooSi9mxgefVvJc28hSdC5SvNN0KyDvAY32NgOqYFPrvwx4QHxdm6D5jHXOoFEAkN4duSmDwmVGUq9fL5ds4v815a2Fgn2IZB1l82mLFgy4xaBPlbjrqRnuhgpRRbKu+eSNh13lTEwbrEKJfL89cX1Q9N4Y9aK/I7nq9lfybZ+XYXfoLU+7yXZ6gmm2hw6EkwvmAg1zPnoec5hCOZxotPYByvROOK4TyBCWoF2w+5vmSatZdodLwyoNWSsqtpowWHImCH/UZZ5NkBs0pWOnLBSuP32nFN5GN+0y1EKq+4AxL3pwutpo2iMAFlXI5lu5S4fP6nreZUsYqpp9QpwQtmSbU3iMC4bMSHA4LrhLSCfa3AClVirB4xabCnDWDa8tD5j40Zy0gqk289/qbcmmNC9RpTzrI3aag/hZx4eKjb92Ma5s4E2FZL0BQVrdQ8vD0yuhIaU0qp0ahU1D0/H+HS6Gsi1mfWsfNhsSBBDW0IVC/+8zFxvWYysbVPJJj7m7JY0IwW1yKzPvPnMdkWVS8OcJoODa97V15TaXt7yAstmCVYGZS9qc6VurF5MqQM6c4PluJXPyMlZAwQojrnaCuGuljXpmot5M62MvNMdh4psfa0Y1YiCWjer8XtmYhVvzQPepD/YhsouMrCRGD5pxaXozhoS1bUVD9ReBQb9Gg2sQr8MEQ8oNB/a6fLmNwqY7IWmk9pAhBmk5ng120LS5q+3vjj/hw9+Dz6Ojp6BAVNGs1us5YW86GSSlqVmLew4p+HBiYQyhFCmi9p1WIjrNyT/oHUDYGreL2A6NEo6aePPYeVtbNEYi0UahEscGUrqu953MV+PpbanJI7WHKpHek3Nsdgwyel4V9wjgxSpLWvfwj7QqXL8Xngoyd/4FL+G9MvLc3cDYhIFAryBvqRgXrwRk3CkAijzpk/2hui0qlhmDza8KRpfo/4bwz0i4d/wRyWe3+24WY1CjPkDzclc3VZVQDiSg6KsUQvGnc6Wv1+awjE2kA18j3NR4RYBXgxEflj5Ft2BLG6rq+RakLguXDCAMQA4hcx1L+ThDCdn09c58H9Uc/GRLE5uuFRgLB5UtsQimGXuXzxsA3YIN3CijT6NJTKH9WCvQ4tZnk0Jq73rq4oynTCbZBVPgQi5SrfD1Zr0eXgmirLQZFCEV4EqNrtheZ+vqTkWf7rrvG04C6QqLIHWttdsL3ejfB6ddfwM/sou1JmmgTzEo52CCYf1otKNQwD+shx7Xcrm17vu+v57q6bOQrbeBNb/MDPm8qH4/J89NgSKHO8kzvfAm2qWxmr+90Of0cxVT5l7IdnOBCuYSHgTLIALgTmLmKvPm9l/pOjfIQZmvJ7Alo/eqKfcPw6uwoSDn/5+Pj1c9p2ub1CwRZKZlnULQLI0uyw5eQGceOsuivjO6iQjsk4iGecvlGYwZtlqidz359zCysMSuKrXS+XNGT1xy7fmnyct72HJvSeyq8bSNSAEc/iW+ia9n1GJDj4vW84v/zwi0dm1s/qKnq5M2m/pUvZembcOK/1vY0tsD2McTqIjgKPDS0UO3lgEr8vHFok5kJrU3rVV8iJeLHv3oCzKvjgR9jjqdlceRjSJarVFz1lSxenzoVq0JcH2cde2yQ3vdPusEd2LZC2tVYgqPprp/zOSbWsJPq57eiUl/UX2vOuNAV28HXVIuDqs27q2BOlUvBLCirIurjlONXpdRybN3dtevk/lIel0aRU5L5g9Mr1zhtHsoo6WI0In+RzFsD63AsBNDoufVmXgHr0G/bZLwPCdk1xCeEKv1Bq4fpappx8iEQv5GtwZBkPh8N8D0+ngbccx5N0pMcL2BM/HqeRDXR1Tw72EVEG8Bx4Twue5NBi6rtlfDnDvAj524fylSMSPgab8zq3tY9DnIci3ajnRYpIO3uDgH5cbMxqEb6gnpQNkzVUk0yJXR8nvS8qT6TbryX94howqnrID/8HQZ13ja2d8pW4Sro4+xI9WFFSx8bFSeBjhj4nzyvsyam9nJGDJnuYtNEod/CBMjkRPbBq1doske2twYLudoEObY3FXdZJ5VfiD/zGKXPHjL+pd9L8V2QFicazwE4CcIDoSaOr44VADVwh/Iu6Wr1fVZvmSRPmorlRS4DnUDXEC4dl+C2Z9JhxuL9CEoin+k6yILXsBcRrp2LrRs0U6IW2rVrrtD9MzBosjOGflVABVGhCA4q0LOWF+/5NonHaeB3E0mntFyTvuGTEN2fhnrpW86UERIXOySKTm6nN6BcgmvozgGKQ49jdzuzqVjfWGI9isL9UBNmkamrqbYmdqpoIiWycS7Aeyfh6XWMR+zEjeImqvdF8RQs7Ro9MJWj5Bm5bXs+gaLV4vzNj9/ZzzHZs/UmkBWEPtYs/5KO89Xj9lHBSVfE1c/sM6iDaGLOeO1v2MAIecOoMvIjBJ/YilYJmyywuILjxGN25jlyPVEy5DWnUOSIln6G9eyDjs3VLNsITXFH1co+M2KhDr9sQqJ5lKBitpZUsl/4KI2uiAXm7+kuQOn/27NDBZ0PdW8cwyVg2tirGJDvkmDH1umCas5/OhDEfu7+N9oW6wMpZCeR2lJwS0nTSEkk2Gis7WisgB7j9yY0evOeSecaKaq9RFxg2T3qJ9QR+ZssCXacezSZm/PTa2BByHeHJJ/P6p/f+rg+hziMkESOqx6C4BgGeEZKTAdwTyRfNmsp4bdg9XcqZAgnhtSHb24qAf7Upd/ttwS496H8HdS5bTrmSr8/JvwIKy+rs+id7CzcKYc2HEq0FSUt473Vb3s7kS2YDiqnGW7BRLIPDMApLuCDYeFfHExZhdtbX7O415herG52VffHfAoVfr+DQfipqkDUqno7+coZxthnBY1e8V4bJTcul36CO/sB2vP2/4yfzv/HSuviVVRLY58cGBVk9lSiTBQao3+N/f8a23k1wqEFy60uL4jW4X9swgFed8Q48kAUq9SSfxnKHeQrKrvo9rPHGcetrCC2GQP1u0gHD1TV4F1JGloN8MhMlBGtwBGhOIFcQvUomiTqNrDCobqOqcLUJuVL7jZ+Saw6CiH1QJrSQZ5QuCW9XHoOOgvZzdPqEGuSb6nky2OQ1EjLMQtp7SsrwYp32lkWJ9RY3OUk3LLvTM8Exxg56nDqiOopg0GaWAhf4H4MTrAlssM69epH+5SaJyUEhweg5BZP3mY9FnnkdhG7W9JeDQXu1JOhSm7Td0ForDAoznBcID3SacOCbeSAqtGRBZGxnXFN01MTmUnA7Sy+Sm1WoN+o9u28ttG372sVavQlDZvM+9qXr15hcXt/IYscnbpgw0L7DrcZ4RWb8ATtOov8zhtlwB7QvDQ1LX2g2+5Ag2QcuQJmAYH731XnctUsrCmPKfCVh3CzdNS7DH90bli3cC4t+fpAuAXVNh5wPrCEb9Xco/WUKYe6XNS0Z/xi7PbGBH0s6ThYNzCFbwH4e4CDwD8uP7UA6iL+Uuts5Cz5Fcm7WMqPDFYFAdcA38fOWpXqVRYo6Dan8x/RNAPVNko6MnwXeq061jz7XTk6zEpNymxgjNPJRgcvhItfDHtrGpUqSIJxkQv0g3wppXnWlNX6zGIelUJmLkWuJUJfbznXTdkCr+oF5vwuauwO8iCx/h+7AZBD61w47BmRQLLdDP5I2ptdbrIN4ygouDUVE6bwiw2nhBZuR9ufzcO+WyWNHt5h/N5IuErH/5QcfJOBVRcJYuyFgEWrFax7fiwMCzgKhxN0x1WHa7F8gxGNTIGG9QVNf/6tpYVCAao4pQGErxKVqfVQ1374zbsFSy5PF0oyW5ueEQOVJ82RBjwYtLjX2gXY56nfdLy+D22S3XEHeHLLLg16Vtkf4Twmvzkxjc/YfN2vxu8d5tFbHnyanicj3SBgiiZLvg5iDwjtfONFQ6oX0vfoJ7B5xBsnxiLptx+HPN2onwsF/e7pCl0cTRTLO8Jt7Z8Ob0FYcmd31R2d8paemcIRzfgsqS2JWtJBckAqeQit+Gn+U82aKGew+1FVjlGUrwTO6Q6ztXh75B71V3urA65MaLRX5/7t3nGE8FKip+KfG+yTCHu0F411obb8TME+YwBfz8M4kDUBVtmFUrXEEF9aYD/atxxF02yB/ABPybB6Zcyo5r/U6P0G6jVUGXn3hgQkl1OzkQt06aH/J/LwMN271gc8whsV3pfZC3YfQ3212BAviAshfPyNtHPkShpu6fx5iVDoaL5LHS/A1K7kQ5yya4ECCndpTpF1rYamNVw9a5m64Tma3AGFORy6ZQfaHcV2w0RUs3P3ZXGPcuE2VKeTLLGG43W/FbqGAvxjax2j3qGtZ99Ox85ZAVu5O6PvZSvGSpUW6ebGTCsAgSz5h8V8TfWpaQtR0RrjuzGWoWiW5R2VqfmmIQcn34+t2GgfkZB5QH/o7S5z86UL05dLzdyXXyxIn5sWi0Q1B3yAjFCOVstaAr92fGfx+JHOrMFFKu+bLBpez8lE6f+h4HHzTDVnIB1Zb7d3wNwLVk7PmFy6NeByj0kmjY3Ts5pWctWAAQkI+nOtuM4o101AwCMdMfj3M/mr1J7OWy3Rxgaj58IknfPJpeoMhgkvu66WrkgS3XZE6e/n55sPkGHSDMcHTm2364+oJOSMzDUAJgGjDt9Jvalo1wruDA5pPF4F6y/F/8njO8qkoXnuWRG5BpzO66LwDTDOcUCCFzym6eRBnLo9sGbGZxlvRRSHwIRMa80tcqZqbAuVeW+2/PiSMN7zhzLTNdzhaC4cIOuilcdat1+//+qI3OWC5y9sti3qGuHO1U8rhSOw8Laac7JgOGCo3FkekHe8PaFF8jSDliQnodO8rGCY36xHTQkUsQjb+5ginp/dBIAUIR3QxXsMaxP/yBLpRbvFhD3DeOJRQXWdLijTcxAxLhTIPav2WC1mwyve+Jd0djTajSBgSzPzHW5ajUBaol+dVJeCD9HqiOrUMEmcMQFZZcA+RCJdIOvkKlt/sAnhQ4RuwPmzck2RMXCQfiYn0pqpJDXmF7xWgvGDBtQKP7xLE1Hj5No2q85KjLsWu8xK99Y+j2ixfBsgdc53CR4rNplnPsFzBHOucqd+Ve0/gqZgF81RbGFV1T9Wn1XFrE0e7+EkNejKj7deRmy31PnVLcBp2NwtIkhrJ06J8hmGquwUm,iv:NJkjWL5kMHET68oR5Xp22kvkThXIp7WxRVajmTfsB5M=,tag:NSXeRItMKlOQYP4QtzMKIg==,type:str] @@ -86,8 +89,8 @@ sops: YkJWUEMySU50ZHVxUzVudjNnYURXak0KkMn/8sFrrviqb3s8DtS/BAbrdCwJ+jv/ A8rXQkKMjvTqG1f0fq5IlSmRAQy7XFBzkfbKdIUoefhey190WPEHaw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-06-16T08:57:57Z" - mac: ENC[AES256_GCM,data:Qwk39Cv+WhxnW8858qWtGPiCrYb4bje5nRGOkG4OrAC/dZ+wpbMd9DXF134PUM1NB/aI3ivnl4EeVAlcv/E32EjodZJOGkseKme5Hler69+nfL0DJT00XhBDR3aGVf3YMA5Po+XR9ikLKFF1wz4DhV4ylN6RxxMrpLJltba+0NI=,iv:QUulKPfnAujRUNWKBKUsIynOHsd4E09NO8TlaQwzFy0=,tag:N1LNlbvdjkXWarIAI9tkZg==,type:str] + lastmodified: "2025-08-06T22:09:56Z" + mac: ENC[AES256_GCM,data:s3lBIa/Y0fjtFFTDggC+Oxd9T5A1al9ULh4VM78vS+A6nmCZWdezLkY1CwXPrCcrwYQtnKrj5N4Y1jQQmEkF1UIcgkvH7ZQsT7MOJyvWhZUx2/wIg1DwcdlHYJAiwFkIkZ1fEvE4m/uDCWA8xO4qWU4NJaxPzTyapPKKF4VwkNs=,iv:tqDVOQlwS+CMzX8MxrBRPjBVj1Svx91eQx2xamAsSiE=,tag:VJf1at+026fQJ5ML2D/PEg==,type:str] pgp: - created_at: "2025-06-08T12:35:30Z" enc: |- diff --git a/system-modules/nx2site/copyparty.nix b/system-modules/nx2site/copyparty.nix new file mode 100644 index 0000000..93d97ca --- /dev/null +++ b/system-modules/nx2site/copyparty.nix @@ -0,0 +1,44 @@ +{ config, pkgs, ... }@all: with all; { + imports = [ inputs.copyparty.nixosModules.default ]; + config = { + sops.secrets."nx2site/copyparty/user-password/${hyper.user}".owner = "copyparty"; + environment.systemPackages = with pkgs; [ copyparty ]; + services.copyparty = { + enable = true; + package = pkgs.copyparty; + openFilesLimit = 8192; + settings = { + i = [ "0.0.0.0" "unix:770:copyparty:/dev/shm/party.sock" ]; + p = [ 3210 3211 ]; + no-reload = true; + ignored-flag = false; + shr = "/shares"; + css-browser = "https://nx2.site/copyparty/extra-browser.css"; + theme = 6; + xff-hdr = "X-Forwarded-For"; # so that cpp knows the real client ip behind nginx. Must match with nginx config + rproxy = 1; + no-robots = true; + }; + accounts = { + "${hyper.user}" = { + passwordFile = config.sops.secrets."nx2site/copyparty/user-password/${hyper.user}".path; + }; + }; + volumes = { + "/" = { + path = "/srv/copyparty/root"; + access = { + "A" = "${hyper.user}"; + }; + flags = { + fk = 4; # url password length + scan = 60; # scan interval in seconds + e2d = true; # volflag "e2d" enables the uploads database + d2t = true; # "d2t" disables multimedia parsers (in case the uploads are malicious) + nohash = "\.iso$"; # skips hashing file contents if path matches *.iso + }; + }; + }; + }; + }; +} diff --git a/system-modules/nx2site/proxy.nix b/system-modules/nx2site/proxy.nix index 0b636b9..a8ab99a 100644 --- a/system-modules/nx2site/proxy.nix +++ b/system-modules/nx2site/proxy.nix @@ -19,7 +19,7 @@ }; }; users.users."nginx" = { - extraGroups = [ "nginx" "acme" ]; + extraGroups = [ "nginx" "acme" "copyparty" ]; useDefaultShell = false; linger = true; home = "/var/nginx/"; @@ -65,6 +65,14 @@ statusPage = false; streamConfig = ""; # udp config validateConfigFile = true; + upstreams = { + "partysock" = { + servers."unix:/dev/shm/party.sock".fail_timeout = "1s"; + extraConfig = /* nginx */ '' + keepalive 1; + ''; + }; + }; virtualHosts = let vh = { kTLS = true; @@ -186,10 +194,41 @@ # proxyWebsockets = true; # }; }; # }; + "file.${hyper.domain}" = { # copyparty + listen = dl; + forceSSL = true; + enableACME = true; + locations = { + "/" = { + proxyPass = "http://partysock"; + proxyWebsockets = true; + extraConfig = /* nginx */ '' + proxy_redirect off; + # disable buffering (next 4 lines) + # proxy_http_version 1.1; # this is set by nixos + client_max_body_size 0; + proxy_buffering off; + proxy_request_buffering off; + # improve download speed from 600 to 1500 MiB/s + proxy_buffers 32 8k; + proxy_buffer_size 16k; + proxy_busy_buffers_size 24k; + + proxy_set_header Connection "Keep-Alive"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + # NOTE: with cloudflare you want this X-Forwarded-For instead: + #proxy_set_header X-Forwarded-For $http_cf_connecting_ip; + ''; + }; + }; + }; "~^(.*).${hyper.domain}$" = { listen = dl; root = "/var/nginx/webroot"; - locations = { "~.*" = { return = "301 https://${hyper.domain}/502.html"; }; }; + locations."~.*".return = "502"; }; }; };