copyparty

configuration.nix

@@ -49,6 +49,7 @@
     ./system-modules/postgres.nix
     ./system-modules/nx2site/proxy.nix
     ./system-modules/nx2site/audiobookshelf.nix
+    ./system-modules/nx2site/copyparty.nix
     ./system-modules/nx2site/gitea.nix
     ./system-modules/nx2site/open-web-calendar.nix
     ./system-modules/nx2site/radicale.nix

flake.nix

@@ -18,12 +18,14 @@
     hyprspace =        { url = "github:KZDKM/Hyprspace";                          inputs.hyprland.follows = "hyprland"; };
 
     yazi =             { url = "github:sxyazi/yazi";                                                                    };
+    copyparty =        { url = "github:9001/copyparty";                                                                 };
   };
 
   outputs = { ... }@inputs: with inputs; let
 
     system = "x86_64-linux";
-    config = { allowUnfreePredicate = pkg: builtins.elem (pkgs.lib.getName pkg) (import ./flake-modules/allowed.nix).unfree; };
+    simple-pkgs = import nixpkgs { inherit system; };
+    config = { allowUnfreePredicate = pkg: builtins.elem (simple-pkgs.lib.getName pkg) (import ./flake-modules/allowed.nix).unfree; };
 
     hyper-base = rec {
       inherit system;
@@ -34,31 +36,31 @@
       pkgs-version = "25.05";
     };
 
-    pkgs = import nixpkgs {
+    my-pkgs = host: import nixpkgs {
       inherit system config;
-      overlays = [
+      overlays = [(final: prev: {
-        (final: prev: {
         unstable = import nixpkgs-unstable { inherit system config; };
         latest   = import nixpkgs-latest   { inherit system config; };
         version  = "25.05";
-        })
+      })] ++ (if host == "NxACE" then [
-      ];
+        copyparty.overlays.default
+      ] else []);
     };
 
     nvidia-base = import ./flake-modules/nvidia.nix;
     secrets     = import ./git-crypt/secrets.nix;
-    rice        = import ./flake-modules/rice.nix pkgs;
+    rice        = import ./flake-modules/rice.nix simple-pkgs;
   in {
     nixosConfigurations = let
       make-nixos-system = host: nvidia-settings: nixpkgs.lib.nixosSystem { 
-        inherit pkgs;
+        pkgs = my-pkgs host;
         modules = [ ./configuration.nix ];
         specialArgs = let
           hyper = hyper-base // { inherit host; nvidia = (nvidia-base // nvidia-settings); };
         in { inherit inputs hyper rice secrets; };
       };
       make-nixos-wsl-system = host: nixpkgs.lib.nixosSystem { 
-        inherit pkgs;
+        pkgs = my-pkgs host;
         modules = [ ./nixos-wsl.nix ];
         specialArgs = let
           hyper = hyper-base // { inherit host; };
@@ -73,18 +75,18 @@
 
     homeConfigurations = let 
       make-home-configuration = host: user: nvidia-settings: home-manager.lib.homeManagerConfiguration {
-        inherit pkgs;
+        pkgs = my-pkgs host;
         modules = [ ./home.nix ];
         extraSpecialArgs = let
           hyper = hyper-base // { inherit host; nvidia = nvidia-base // nvidia-settings; };
-        in { inherit pkgs inputs hyper rice secrets; };
+        in { inherit inputs hyper rice secrets; };
       };
       make-shell-configuration = host: user: home-manager.lib.homeManagerConfiguration {
-        inherit pkgs;
+        pkgs = my-pkgs host;
         modules = [ ./shell-only.nix ];
         extraSpecialArgs = let
           hyper = hyper-base // { inherit host; };
-        in { inherit pkgs inputs hyper rice secrets; };
+        in { inherit inputs hyper rice secrets; };
       };
     in {
       "${hyper-base.user}@NxXPS" = make-home-configuration "NxXPS" hyper-base.user { enable = true; prime = true; }; 

system-modules/nx2site/copyparty.nix

@@ -0,0 +1,44 @@
+{ config, pkgs, ... }@all: with all; {
+  imports = [ inputs.copyparty.nixosModules.default ];
+  config = {
+    sops.secrets."nx2site/copyparty/user-password/${hyper.user}".owner = "copyparty";
+    environment.systemPackages = with pkgs; [ copyparty ];
+    services.copyparty = {
+      enable = true;
+      package = pkgs.copyparty;
+      openFilesLimit = 8192;
+      settings = {
+        i = [ "0.0.0.0" "unix:770:copyparty:/dev/shm/party.sock" ];
+        p = [ 3210 3211 ];
+        no-reload = true;
+        ignored-flag = false;
+        shr = "/shares";
+        css-browser = "https://nx2.site/copyparty/extra-browser.css";
+        theme = 6;
+        xff-hdr = "X-Forwarded-For"; # so that cpp knows the real client ip behind nginx. Must match with nginx config
+        rproxy = 1;
+        no-robots = true;
+      };
+      accounts = {
+        "${hyper.user}" = {
+          passwordFile = config.sops.secrets."nx2site/copyparty/user-password/${hyper.user}".path;
+        };
+      };
+      volumes = {
+        "/" = {
+          path = "/srv/copyparty/root";
+          access = {
+            "A" = "${hyper.user}";
+          };
+          flags = {
+            fk = 4; # url password length
+            scan = 60; # scan interval in seconds 
+            e2d = true; # volflag "e2d" enables the uploads database
+            d2t = true; # "d2t" disables multimedia parsers (in case the uploads are malicious)
+            nohash = "\.iso$"; # skips hashing file contents if path matches *.iso
+          };
+        };
+      };
+    };
+  };
+}

system-modules/nx2site/proxy.nix

@@ -19,7 +19,7 @@
     };
   };
   users.users."nginx" = {
-    extraGroups = [ "nginx" "acme" ];
+    extraGroups = [ "nginx" "acme" "copyparty" ];
     useDefaultShell = false;
     linger = true;
     home = "/var/nginx/";
@@ -65,6 +65,14 @@
     statusPage = false;
     streamConfig = ""; # udp config
     validateConfigFile = true;
+    upstreams = {
+      "partysock" = {
+        servers."unix:/dev/shm/party.sock".fail_timeout = "1s";
+        extraConfig = /* nginx */ ''
+          keepalive 1;
+        '';
+      };
+    };
     virtualHosts = let
       vh = {
         kTLS = true;
@@ -186,10 +194,41 @@
       #     proxyWebsockets = true;
       #   }; }; 
       # };
+      "file.${hyper.domain}" = { # copyparty
+        listen = dl;
+        forceSSL = true;
+        enableACME = true;
+        locations = {
+          "/" = {
+            proxyPass = "http://partysock";
+            proxyWebsockets = true;
+            extraConfig = /* nginx */ ''
+          		proxy_redirect off;
+          		# disable buffering (next 4 lines)
+          		# proxy_http_version 1.1; # this is set by nixos
+          		client_max_body_size 0;
+          		proxy_buffering off;
+          		proxy_request_buffering off;
+          		# improve download speed from 600 to 1500 MiB/s
+          		proxy_buffers 32 8k;
+          		proxy_buffer_size 16k;
+          		proxy_busy_buffers_size 24k;
+
+          		proxy_set_header   Connection        "Keep-Alive";
+          		proxy_set_header   Host              $host;
+          		proxy_set_header   X-Real-IP         $remote_addr;
+          		proxy_set_header   X-Forwarded-Proto $scheme;
+          		proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
+          		# NOTE: with cloudflare you want this X-Forwarded-For instead:
+          		#proxy_set_header   X-Forwarded-For   $http_cf_connecting_ip;
+            ''; 
+          };
+        };
+      };
       "~^(.*).${hyper.domain}$" = {
         listen = dl;
         root = "/var/nginx/webroot";
-        locations = { "~.*" = { return = "301 https://${hyper.domain}/502.html"; }; };
+        locations."~.*".return = "502";
       };
     };
   };