Merge
This commit is contained in:
Madeleine Sydney
4
flake.lock
generated
4
flake.lock
generated
@@ -531,8 +531,8 @@
|
|||||||
"nixpkgs": "nixpkgs_9"
|
"nixpkgs": "nixpkgs_9"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1737870551,
|
"lastModified": 1739938885,
|
||||||
"narHash": "sha256-KOYxo5/vnDOLX1uodNNe0+2kU1tVj0i5nqYx79Q1LbI=",
|
"narHash": "sha256-h19Bg+BTV/51MiCnKa3rN3QbRC74cBWjBHhDrpVgdXM=",
|
||||||
"path": "/persist/dots/scripts/sydnix-cli",
|
"path": "/persist/dots/scripts/sydnix-cli",
|
||||||
"type": "path"
|
"type": "path"
|
||||||
},
|
},
|
||||||
|
|||||||
@@ -87,6 +87,7 @@
|
|||||||
sshfs
|
sshfs
|
||||||
waypipe
|
waypipe
|
||||||
sydnix-cli.packages.x86_64-linux.default
|
sydnix-cli.packages.x86_64-linux.default
|
||||||
|
(import ../../scripts/port-tools { inherit pkgs; })
|
||||||
];
|
];
|
||||||
|
|
||||||
services.openssh = {
|
services.openssh = {
|
||||||
|
|||||||
@@ -148,23 +148,5 @@ in {
|
|||||||
locations."/api/authz".proxyPass = "$upstream";
|
locations."/api/authz".proxyPass = "$upstream";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# TODO: Remove this. It's only used for a quick demo for myself. The
|
|
||||||
# domain choice is arbitrary. It's just one I happen to have set up.
|
|
||||||
sydnix.deertopia.nginx.vhosts."ldap" = {
|
|
||||||
directory = null;
|
|
||||||
vhost = {
|
|
||||||
forceSSL = true;
|
|
||||||
enableACME = true;
|
|
||||||
extraConfig = ''
|
|
||||||
include ${./authelia/authelia-location.conf};
|
|
||||||
'';
|
|
||||||
locations."/".extraConfig = ''
|
|
||||||
include ${./authelia/authelia-authrequest.conf};
|
|
||||||
include ${./authelia/proxy.conf};
|
|
||||||
root /persist/deertopia.net/ldap;
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -29,13 +29,23 @@ in {
|
|||||||
services.copyparty = {
|
services.copyparty = {
|
||||||
enable = true;
|
enable = true;
|
||||||
settings = {
|
settings = {
|
||||||
# These three options are necessary for SSO integration. No idea what
|
# These three options (`idp-h-usr`, `idp-h-grp`, `xff-src`) are
|
||||||
# they do. }:)
|
# necessary for SSO integration.
|
||||||
xff-src = "lan";
|
|
||||||
|
# The HTTP headers (provided by the coproxy) where Copyparty can expect
|
||||||
|
# to find the user's name and groups.
|
||||||
idp-h-usr = "remote-user";
|
idp-h-usr = "remote-user";
|
||||||
idp-h-grp = "remote-groups";
|
idp-h-grp = "remote-groups";
|
||||||
|
# For security reasons, Copyparty will only acknowledge those headers
|
||||||
|
# when the request comes from a known IP address specified here. In our
|
||||||
|
# case, we tell it to accept requests from any private IP.
|
||||||
|
xff-src = "lan";
|
||||||
};
|
};
|
||||||
volumes = {
|
volumes = {
|
||||||
|
"/Soulseek" = {
|
||||||
|
path = "/var/lib/slskd";
|
||||||
|
access.r = "*";
|
||||||
|
};
|
||||||
"/Jellyfin" = {
|
"/Jellyfin" = {
|
||||||
path = "/persist/vault/jellyfin";
|
path = "/persist/vault/jellyfin";
|
||||||
# View and upload, but no deleting.
|
# View and upload, but no deleting.
|
||||||
|
|||||||
Reference in New Issue
Block a user