refactor(slskd): Log in w/ Authelia

- Currently, Firefox reports some errors about failure to connect to a
  websocket somewhere at slsk.deertopia.net.  Further fixes may be
  required if that's a serious issue.

modules/nixos/deertopia/authelia.nix

@@ -99,10 +99,7 @@ in {
              default_policy = "deny";
              rules = [
                {
-                 # TODO: Remove this.  It's only used for a quick demo for myself.
+                 domain = "*.deertopia.net";
-                 # The domain choice is arbitrary.  It's just one I happen to have
-                 # set up.
-                 domain = "ldap.deertopia.net";
                  policy = "one_factor";
                }
              ];
@@ -117,10 +114,7 @@ in {
                {
                  domain = "deertopia.net";
                  authelia_url = "https://auth.deertopia.net";
-                 # TODO: Remove this.  It's only used for a quick demo for myself.
+                 default_redirection_url = "https://deertopia.net";
-                 # The domain choice is arbitrary.  It's just one I happen to have
-                 # set up.
-                 default_redirection_url = "https://ldap.deertopia.net";
                }
              ];
            };
@@ -160,13 +154,13 @@ in {
            forceSSL = true;
            enableACME = true;
            extraConfig = ''
-          include ${./authelia/authelia-location.conf};
+            include ${./authelia/authelia-location.conf};
-        '';
+           '';
            locations."/".extraConfig = ''
-          include ${./authelia/authelia-authrequest.conf};
+             include ${./authelia/authelia-authrequest.conf};
-          include ${./authelia/proxy.conf};
+             include ${./authelia/proxy.conf};
-          root /persist/deertopia.net/ldap;
+             root /persist/deertopia.net/ldap;
-        '';
+           '';
          };
        };
      });

modules/nixos/deertopia/slskd.nix

@@ -19,9 +19,14 @@ in {
       environmentFile = "/run/secrets/slskd-credentials";
 
       settings = {
+        # Disable slskd's authentication in favour of Authelia.
+        web.authentication.disabled = true;
         shares.directories = [
           "/persist/vault/jellyfin/Music"
           "/persist/vault/jellyfin/Shows"
+          "/persist/vault/jellyfin/Documents"
+          "/persist/vault/jellyfin/Music Videos"
+          "/persist/vault/jellyfin/Movies"
         ];
         # directories.downloads = "/persist/vault/jellyfin/Music";
       };
@@ -34,14 +39,22 @@ in {
     # HACK: Consult with Molly on idiomatic Unix permissions.
     users.users.${config.services.slskd.user}.extraGroups = [ "jellyfin" ];
 
-    sydnix.deertopia.nginx.vhosts."slsk".vhost = {
+    sydnix.deertopia.nginx.vhosts."slsk" = {
-      forceSSL = true;
+      directory = null;
-      enableACME = true;
+      vhost = {
-      locations."/" = {
+        forceSSL = true;
-        proxyWebsockets = true;
+        enableACME = true;
-        proxyPass =
+        extraConfig =
           let port = builtins.toString config.services.slskd.settings.web.port;
-          in "http://localhost:${port}";
+          in ''
+            include ${./authelia/authelia-location.conf};
+            set $upstream http://127.0.0.1:${port};
+          '';
+        locations."/".extraConfig = ''
+          include ${./authelia/authelia-authrequest.conf};
+          include ${./authelia/proxy.conf};
+          proxy_pass $upstream;
+        '';
       };
     };
   };