{ config, lib, pkgs, ... }: let cfg = config.sydnix.deertopia.slskd; in { options = { sydnix.deertopia.slskd = { enable = lib.mkEnableOption "Soulseek"; }; }; config = lib.mkIf cfg.enable { sydnix.sops.secrets.slskd-credentials = {}; services.slskd = { enable = true; openFirewall = true; domain = null; environmentFile = "/run/secrets/slskd-credentials"; settings = { # Disable slskd's authentication in favour of Authelia. web.authentication.disabled = true; shares.directories = [ "/persist/media/library" # "/persist/vault/jellyfin/Music" # "/persist/vault/jellyfin/Shows" # "/persist/vault/jellyfin/Documents" # "/persist/vault/jellyfin/Music Videos" # "/persist/vault/jellyfin/Movies" ]; # directories.downloads = "/persist/vault/jellyfin/Music"; }; }; networking.firewall.allowedTCPPorts = [ config.services.slskd.settings.web.port ]; # HACK: Consult with Molly on idiomatic Unix permissions. users.users.${config.services.slskd.user}.extraGroups = [ "jellyfin" ]; sydnix.deertopia.nginx.vhosts."slsk" = { directory = null; vhost = { forceSSL = true; enableACME = true; extraConfig = let port = builtins.toString config.services.slskd.settings.web.port; in '' include ${./authelia/authelia-location.conf}; set $upstream http://127.0.0.1:${port}; ''; locations."/".extraConfig = '' include ${./authelia/authelia-authrequest.conf}; include ${./authelia/proxy.conf}; proxy_pass $upstream; ''; locations."/hub".extraConfig = '' proxy_pass $upstream; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Protocol $scheme; proxy_set_header X-Forwarded-Host $http_host; ''; }; }; }; }