feat(copyparty,authelia): personal storage & webDAV

modules/nixos/deertopia/authelia.nix

@@ -65,9 +65,22 @@ in {
            server = {
              address = "tcp://:${builtins.toString cfg.httpPort}";
              # asset_path = "${authelia-state-dir}/assets";
-             # Necessary for Nginx integration.  No, I do not understand what it
-             # does.
-             endpoints.authz.auth-request.implementation = "AuthRequest";
+	     endpoints.authz = {
+	       # Necessary for Nginx integration.  No, I do not understand what it
+	       # does.
+	       auth-request = {
+		 implementation = "AuthRequest";
+		 authn_strategies = [
+		   {
+		     name = "HeaderAuthorization";
+		     schemes = [ "Basic" ];
+		   }
+		   {
+		     name = "CookieSession";
+		   }
+		 ];
+	       };
+	     };
            };
            authentication_backend =
              let base-dn = config.services.lldap.settings.ldap_base_dn;

modules/nixos/deertopia/copyparty.nix

@@ -13,8 +13,13 @@ in {
     };
   };
 
+  imports = [ ./copyparty/vault.nix ];
+
   config = lib.mkIf cfg.enable {
+    sydnix.deertopia.copyparty.vault.enable = true;
+
     sydnix.impermanence.directories = [
+      "/var/lib/copyparty"
     ];
 
     nixpkgs.overlays = [ inputs.copyparty.overlays.default ];

modules/nixos/deertopia/copyparty/vault.nix

@@ -0,0 +1,41 @@
+{ config, lib, pkgs, ... }:
+
+let cfg = config.sydnix.deertopia.copyparty.vault;
+in {
+  options.sydnix.deertopia.copyparty.vault = {
+    enable = lib.mkEnableOption "personal storage under Copyparty";
+  };
+
+  config = lib.mkIf cfg.enable {
+    sydnix.impermanence.directories = [ "/vault" ];
+
+    # HACK: Ad-hoc permissions, as typical.
+    users.groups.vault = {};
+    users.users.copyparty.extraGroups = [ "vault" ];
+
+    systemd.tmpfiles.settings."50-vault" =
+      let e = {
+	z.group = "vault";
+	z.mode = "2775";
+	v.group = "vault";
+	v.mode = "2775";
+      };
+      in {
+	"/vault" = e;
+	"/vault/~msyds" = e;
+      };
+
+    services.copyparty.volumes = {
+      "/~msyds" = {
+	path = "/vault/~msyds";
+	access.A = [ "msyds" ];
+      };
+      "/~msyds/zotero" = {
+	path = "/vault/~msyds/zotero";
+	flags.daw = true;
+	access.A = [ "msyds" ];
+	access.rwmd = [ "zotero" ];
+      };
+    };
+  };
+}

modules/nixos/deertopia/webdav.nix

@@ -29,6 +29,8 @@ in {
     };
   };
 
+  imports = [ ./copyparty/vault.nix ];
+
   config = mkIf cfg.enable {
     users.users.${cfg.user} = {
       isSystemUser = true;