msyds/sydnix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(copyparty,authelia): personal storage & webDAV

Browse Source
This commit is contained in:
Madeleine Sydney Slaga
2026-01-31 16:23:04 -07:00
parent 7b5a43954c
commit 096dd77726
4 changed files with 64 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
modules/nixos/deertopia/authelia.nix
View File

@@ -65,9 +65,22 @@ in {
server = { server = {
address = "tcp://:${builtins.toString cfg.httpPort}"; address = "tcp://:${builtins.toString cfg.httpPort}";
# asset_path = "${authelia-state-dir}/assets"; # asset_path = "${authelia-state-dir}/assets";
# Necessary for Nginx integration. No, I do not understand what it endpoints.authz = {
# does. # Necessary for Nginx integration. No, I do not understand what it
endpoints.authz.auth-request.implementation = "AuthRequest"; # does.
auth-request = {
implementation = "AuthRequest";
authn_strategies = [
{
name = "HeaderAuthorization";
schemes = [ "Basic" ];
}
{
name = "CookieSession";
}
];
};
};
}; };
authentication_backend = authentication_backend =
let base-dn = config.services.lldap.settings.ldap_base_dn; let base-dn = config.services.lldap.settings.ldap_base_dn;

5
modules/nixos/deertopia/copyparty.nix
View File

@@ -13,8 +13,13 @@ in {
}; };
}; };
imports = [ ./copyparty/vault.nix ];
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
sydnix.deertopia.copyparty.vault.enable = true;
sydnix.impermanence.directories = [ sydnix.impermanence.directories = [
"/var/lib/copyparty"
]; ];
nixpkgs.overlays = [ inputs.copyparty.overlays.default ]; nixpkgs.overlays = [ inputs.copyparty.overlays.default ];

41
modules/nixos/deertopia/copyparty/vault.nix Normal file
View File

@@ -0,0 +1,41 @@
{ config, lib, pkgs, ... }:
let cfg = config.sydnix.deertopia.copyparty.vault;
in {
options.sydnix.deertopia.copyparty.vault = {
enable = lib.mkEnableOption "personal storage under Copyparty";
};
config = lib.mkIf cfg.enable {
sydnix.impermanence.directories = [ "/vault" ];
# HACK: Ad-hoc permissions, as typical.
users.groups.vault = {};
users.users.copyparty.extraGroups = [ "vault" ];
systemd.tmpfiles.settings."50-vault" =
let e = {
z.group = "vault";
z.mode = "2775";
v.group = "vault";
v.mode = "2775";
};
in {
"/vault" = e;
"/vault/~msyds" = e;
};
services.copyparty.volumes = {
"/~msyds" = {
path = "/vault/~msyds";
access.A = [ "msyds" ];
};
"/~msyds/zotero" = {
path = "/vault/~msyds/zotero";
flags.daw = true;
access.A = [ "msyds" ];
access.rwmd = [ "zotero" ];
};
};
};
}

2
modules/nixos/deertopia/webdav.nix
View File

@@ -29,6 +29,8 @@ in {
}; };
}; };
imports = [ ./copyparty/vault.nix ];
config = mkIf cfg.enable { config = mkIf cfg.enable {
users.users.${cfg.user} = { users.users.${cfg.user} = {
isSystemUser = true; isSystemUser = true;