From c738bed3d888845ce6b0f0bfdd18bd453228020a Mon Sep 17 00:00:00 2001 From: Madeleine Sydney Date: Fri, 21 Feb 2025 18:47:24 -0700 Subject: [PATCH] refactor(slskd): Log in w/ Authelia - Currently, Firefox reports some errors about failure to connect to a websocket somewhere at slsk.deertopia.net. Further fixes may be required if that's a serious issue. --- modules/nixos/deertopia/authelia.nix | 22 ++++++++-------------- modules/nixos/deertopia/slskd.nix | 27 ++++++++++++++++++++------- 2 files changed, 28 insertions(+), 21 deletions(-) diff --git a/modules/nixos/deertopia/authelia.nix b/modules/nixos/deertopia/authelia.nix index 873eda6..45dcdc2 100644 --- a/modules/nixos/deertopia/authelia.nix +++ b/modules/nixos/deertopia/authelia.nix @@ -99,10 +99,7 @@ in { default_policy = "deny"; rules = [ { - # TODO: Remove this. It's only used for a quick demo for myself. - # The domain choice is arbitrary. It's just one I happen to have - # set up. - domain = "ldap.deertopia.net"; + domain = "*.deertopia.net"; policy = "one_factor"; } ]; @@ -117,10 +114,7 @@ in { { domain = "deertopia.net"; authelia_url = "https://auth.deertopia.net"; - # TODO: Remove this. It's only used for a quick demo for myself. - # The domain choice is arbitrary. It's just one I happen to have - # set up. - default_redirection_url = "https://ldap.deertopia.net"; + default_redirection_url = "https://deertopia.net"; } ]; }; @@ -160,13 +154,13 @@ in { forceSSL = true; enableACME = true; extraConfig = '' - include ${./authelia/authelia-location.conf}; - ''; + include ${./authelia/authelia-location.conf}; + ''; locations."/".extraConfig = '' - include ${./authelia/authelia-authrequest.conf}; - include ${./authelia/proxy.conf}; - root /persist/deertopia.net/ldap; - ''; + include ${./authelia/authelia-authrequest.conf}; + include ${./authelia/proxy.conf}; + root /persist/deertopia.net/ldap; + ''; }; }; }); diff --git a/modules/nixos/deertopia/slskd.nix b/modules/nixos/deertopia/slskd.nix index 3de8aba..5a36b08 100644 --- a/modules/nixos/deertopia/slskd.nix +++ b/modules/nixos/deertopia/slskd.nix @@ -19,9 +19,14 @@ in { environmentFile = "/run/secrets/slskd-credentials"; settings = { + # Disable slskd's authentication in favour of Authelia. + web.authentication.disabled = true; shares.directories = [ "/persist/vault/jellyfin/Music" "/persist/vault/jellyfin/Shows" + "/persist/vault/jellyfin/Documents" + "/persist/vault/jellyfin/Music Videos" + "/persist/vault/jellyfin/Movies" ]; # directories.downloads = "/persist/vault/jellyfin/Music"; }; @@ -34,14 +39,22 @@ in { # HACK: Consult with Molly on idiomatic Unix permissions. users.users.${config.services.slskd.user}.extraGroups = [ "jellyfin" ]; - sydnix.deertopia.nginx.vhosts."slsk".vhost = { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyWebsockets = true; - proxyPass = + sydnix.deertopia.nginx.vhosts."slsk" = { + directory = null; + vhost = { + forceSSL = true; + enableACME = true; + extraConfig = let port = builtins.toString config.services.slskd.settings.web.port; - in "http://localhost:${port}"; + in '' + include ${./authelia/authelia-location.conf}; + set $upstream http://127.0.0.1:${port}; + ''; + locations."/".extraConfig = '' + include ${./authelia/authelia-authrequest.conf}; + include ${./authelia/proxy.conf}; + proxy_pass $upstream; + ''; }; }; };