feat(copyparty): Allow reading of /var/lib/slskd

modules/nixos/deertopia/authelia.nix

@@ -148,23 +148,5 @@ in {
            locations."/api/authz".proxyPass = "$upstream";
          };
        };
-
-       # TODO: Remove this.  It's only used for a quick demo for myself.  The
-       # domain choice is arbitrary.  It's just one I happen to have set up.
-       sydnix.deertopia.nginx.vhosts."ldap" = {
-         directory = null;
-         vhost = {
-           forceSSL = true;
-           enableACME = true;
-           extraConfig = ''
-            include ${./authelia/authelia-location.conf};
-           '';
-           locations."/".extraConfig = ''
-             include ${./authelia/authelia-authrequest.conf};
-             include ${./authelia/proxy.conf};
-             root /persist/deertopia.net/ldap;
-           '';
-         };
-       };
      });
 }

modules/nixos/deertopia/copyparty.nix

@@ -29,13 +29,23 @@ in {
     services.copyparty = {
       enable = true;
       settings = {
-        # These three options are necessary for SSO integration.  No idea what
+        # These three options (`idp-h-usr`, `idp-h-grp`, `xff-src`) are
-        # they do. }:)
+        # necessary for SSO integration.
-        xff-src = "lan";
+
+        # The HTTP headers (provided by the coproxy) where Copyparty can expect
+        # to find the user's name and groups.
         idp-h-usr = "remote-user";
         idp-h-grp = "remote-groups";
+        # For security reasons, Copyparty will only acknowledge those headers
+        # when the request comes from a known IP address specified here.  In our
+        # case, we tell it to accept requests from any private IP.
+        xff-src = "lan";
       };
       volumes = {
+        "/Soulseek" = {
+          path = "/var/lib/slskd";
+          access.r = "*";
+        };
         "/Jellyfin" = {
           path = "/persist/vault/jellyfin";
           # View and upload, but no deleting.