msyds/sydnix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor(slskd): Log in w/ Authelia

Browse Source 
- Currently, Firefox reports some errors about failure to connect to a
  websocket somewhere at slsk.deertopia.net.  Further fixes may be
  required if that's a serious issue.
This commit is contained in:
Madeleine Sydney
2025-02-21 18:47:24 -07:00
parent a29fcde32d
commit c738bed3d8
2 changed files with 28 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
modules/nixos/deertopia/authelia.nix
View File

@@ -99,10 +99,7 @@ in {
default_policy = "deny";
rules = [
{
# TODO: Remove this. It's only used for a quick demo for myself.
# The domain choice is arbitrary. It's just one I happen to have
# set up.
domain = "ldap.deertopia.net";
domain = "*.deertopia.net";
policy = "one_factor";
}
];
@@ -117,10 +114,7 @@ in {
{
domain = "deertopia.net";
authelia_url = "https://auth.deertopia.net";
# TODO: Remove this. It's only used for a quick demo for myself.
# The domain choice is arbitrary. It's just one I happen to have
# set up.
default_redirection_url = "https://ldap.deertopia.net";
default_redirection_url = "https://deertopia.net";
}
];
};

23
modules/nixos/deertopia/slskd.nix
View File

@@ -19,9 +19,14 @@ in {
environmentFile = "/run/secrets/slskd-credentials";
settings = {
# Disable slskd's authentication in favour of Authelia.
web.authentication.disabled = true;
shares.directories = [
"/persist/vault/jellyfin/Music"
"/persist/vault/jellyfin/Shows"
"/persist/vault/jellyfin/Documents"
"/persist/vault/jellyfin/Music Videos"
"/persist/vault/jellyfin/Movies"
];
# directories.downloads = "/persist/vault/jellyfin/Music";
};
@@ -34,14 +39,22 @@ in {
# HACK: Consult with Molly on idiomatic Unix permissions.
users.users.${config.services.slskd.user}.extraGroups = [ "jellyfin" ];
sydnix.deertopia.nginx.vhosts."slsk".vhost = {
sydnix.deertopia.nginx.vhosts."slsk" = {
directory = null;
vhost = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyWebsockets = true;
proxyPass =
extraConfig =
let port = builtins.toString config.services.slskd.settings.web.port;
in "http://localhost:${port}";
in ''
include ${./authelia/authelia-location.conf};
set $upstream http://127.0.0.1:${port};
'';
locations."/".extraConfig = ''
include ${./authelia/authelia-authrequest.conf};
include ${./authelia/proxy.conf};
proxy_pass $upstream;
'';
};
};
};