wip: fix(copypary): zotero webdav

modules/nixos/deertopia/copyparty.nix

@@ -13,10 +13,14 @@ in {
     };
   };
 
-  imports = [ ./copyparty/vault.nix ];
+  imports = [
+    ./copyparty/vault.nix
+    ./copyparty/webdav.nix
+  ];
 
   config = lib.mkIf cfg.enable {
     sydnix.deertopia.copyparty.vault.enable = true;
+    sydnix.deertopia.copyparty.webdav.enable = true;
 
     sydnix.impermanence.directories = [
       "/var/lib/copyparty"
@@ -29,8 +33,8 @@ in {
       "media"
     ];
 
-    # HACK: Make files created by copyparty.service initialise with the mode
-    # 775.
+    # HACK: Make files created by copyparty.service initialise with
+    # the mode 775.
     systemd.services.copyparty.serviceConfig.UMask = lib.mkForce "002";
 
     services.copyparty = {
@@ -56,7 +60,7 @@ in {
         "/Media library" = {
           path = "/media/library";
           # View and upload, but no deleting.
-          access.rw = "*";
+          access.r = "*";
           access.rwmd = "@jellyfin-admin";
         };
         "/Torrents" = {

modules/nixos/deertopia/copyparty/vault.nix

@@ -36,6 +36,12 @@ in {
 	access.A = [ "msyds" ];
 	access.rwmd = [ "zotero" ];
       };
+      "/msyds/zotero-root" = {
+	path = "/vault/msyds/zotero-root";
+	flags.daw = true;
+	access.A = [ "msyds" ];
+	access.rwmd = [ "zotero" ];
+      };
       "/~msyds/public" = {
 	path = "/vault/~msyds/public";
 	access.A = [ "msyds" ];

modules/nixos/deertopia/copyparty/webdav.nix

@@ -0,0 +1,57 @@
+{ config, lib, pkgs, ... }:
+
+let cfg = config.sydnix.deertopia.copyparty.webdav;
+in {
+  options.sydnix.deertopia.copyparty.webdav = {
+    enable = lib.mkEnableOption "WebDAV via copyparty";
+    port = lib.mkOption {
+      type = lib.types.port;
+      description = ''
+        Port on which Copyparty shall listen for WebDAV traffic.
+      '';
+      default = 3924;
+    };
+  };
+
+  # https://github.com/9001/copyparty/issues/1142
+  config = lib.mkIf cfg.enable {
+    services.copyparty.settings = {
+      rproxy = -1;
+      xff-src = "lan";
+      daw = true;
+      dav-auth = true;
+      ihead = "*";
+      ohead = "*";
+      dav-port = cfg.port;
+    };
+
+    services.authelia.instances.deertopia.settings =
+      lib.mkIf config.sydnix.deertopia.authelia.enable {
+        access_control.rules = lib.mkBefore [
+          {
+            domain = "dav.deertopia.net";
+            policy = "bypass";
+            methods = [ "OPTIONS" "PROPFIND" ];
+          }
+        ];
+      };
+
+    sydnix.deertopia.nginx.vhosts."dav" = {
+      directory = null;
+      vhost = {
+        forceSSL = true;
+        enableACME = true;
+        extraConfig = ''
+          include ${../authelia/authelia-location.conf};
+          # Increase limit of upload sizes.
+          client_max_body_size 20G;
+        '';
+        locations."/".extraConfig = ''
+          include ${../authelia/authelia-authrequest.conf};
+          include ${../authelia/proxy.conf};
+          proxy_pass http://localhost:${builtins.toString cfg.port};
+        '';
+      };
+    };
+  };
+}