lyes/nixfiles
1
0
Fork 0
Code Issues Pull requests Activity Actions

Adding agraf

Browse source
This commit is contained in:
Lyes Saadi 2026-01-18 12:49:32 +01:00
parent 5e22d64d04
commit 9b595c7f13
Signed by: lyes
GPG key ID: 55A1D803917CF39A
11 changed files with 265 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

67
flake.lock generated
View file

@ -39,6 +39,27 @@
"type": "gitlab"
}
},
"copyparty": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1768696246,
"narHash": "sha256-IuoFZtPL/M0lNN4V+MOZT0eyTfh1FvUj9Ubo7yvhYPU=",
"owner": "9001",
"repo": "copyparty",
"rev": "d9255538100f5196a7e4ffdd78661f68d77cdb4f",
"type": "github"
},
"original": {
"owner": "9001",
"repo": "copyparty",
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
@ -133,6 +154,21 @@
"type": "github"
}
},
"flake-utils": {
"locked": {
"lastModified": 1678901627,
"narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"git-hooks": {
"inputs": {
"flake-compat": [
@ -209,11 +245,11 @@
]
},
"locked": {
"lastModified": 1768434960,
"narHash": "sha256-cJbFn17oyg6qAraLr+NVeNJrXsrzJdrudkzI4H2iTcg=",
"lastModified": 1768703115,
"narHash": "sha256-JAXjGiDWlQJSwniCYlnEwU/2KjI0bJ/lV0gpyD9UjxE=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "b4d88c9ac42ae1a745283f6547701da43b6e9f9b",
"rev": "05fd3bababe5924f9a6128285e7cf6c67d45f3c0",
"type": "github"
},
"original": {
@ -299,11 +335,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1768397375,
"narHash": "sha256-7QqbFi3ERvKjEdAzEYPv7iSGwpUKSrQW5wPLMFq45AQ=",
"lastModified": 1768584846,
"narHash": "sha256-IRPmIOV2tPwxbhP/I9M5AmwhTC0lMPtoPStC+8T6xl0=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "efe2094529d69a3f54892771b6be8ee4a0ebef0f",
"rev": "cce68f4a54fa4e3d633358364477f5cc1d782440",
"type": "github"
},
"original": {
@ -347,11 +383,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1768305791,
"narHash": "sha256-AIdl6WAn9aymeaH/NvBj0H9qM+XuAuYbGMZaP0zcXAQ=",
"lastModified": 1768564909,
"narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "1412caf7bf9e660f2f962917c14b1ea1c3bc695e",
"rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f",
"type": "github"
},
"original": {
@ -379,11 +415,11 @@
},
"nixpkgs_3": {
"locked": {
"lastModified": 1768305791,
"narHash": "sha256-AIdl6WAn9aymeaH/NvBj0H9qM+XuAuYbGMZaP0zcXAQ=",
"lastModified": 1768564909,
"narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "1412caf7bf9e660f2f962917c14b1ea1c3bc695e",
"rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f",
"type": "github"
},
"original": {
@ -428,6 +464,7 @@
"root": {
"inputs": {
"agenix": "agenix",
"copyparty": "copyparty",
"deploy-rs": "deploy-rs",
"disko": "disko",
"home-manager": "home-manager_2",
@ -496,11 +533,11 @@
"nixpkgs": "nixpkgs_4"
},
"locked": {
"lastModified": 1768379550,
"narHash": "sha256-z94S29l5V86h11LZbPIMbHTJyksDG63aqISsZkTTuJY=",
"lastModified": 1768638486,
"narHash": "sha256-+LC0wOiliUXbIj6zT2hCoOQ0zn33BD2NxGoy0QqP3Eo=",
"owner": "0xc000022070",
"repo": "zen-browser-flake",
"rev": "06f61b4e4f4f6ba8027c96a5611c63dc0db12b90",
"rev": "76bbc35c59419b8b0616fb779ce5600e85edab11",
"type": "github"
},
"original": {

8
flake.nix
View file

@ -18,6 +18,11 @@
mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
copyparty = {
url = "github:9001/copyparty";
inputs.nixpkgs.follows = "nixpkgs";
};
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
@ -35,7 +40,7 @@
pin-factorio.url = "github:NixOS/nixpkgs?rev=c5ae371f1a6a7fd27823bc500d9390b38c05fa55";
};
outputs = { self, nixpkgs, mailserver, deploy-rs, ... }@inputs: {
outputs = { self, nixpkgs, mailserver, copyparty, deploy-rs, ... }@inputs: {
nixosConfigurations = {
# Framework Computer
piaf = nixpkgs.lib.nixosSystem {
@ -51,6 +56,7 @@
modules = [
./hosts/zora
mailserver.nixosModules.default
copyparty.nixosModules.default
];
};

1
hosts/zora/default.nix
View file

@ -16,6 +16,7 @@
../../modules
../../modules/server
../../modules/server/agraf
../../modules/server/baba
../../modules/server/biggoron
../../modules/server/biggoron/runner.nix

14
hosts/zora/reverse-proxy.nix
View file

@ -91,12 +91,14 @@
enableACME = true;
locations."/" = {
proxyPass = "http://${config.networking.vpn-netns.vethIP}:${toString config.services.qbittorrent.webuiPort}";
# extraConfig = ''
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-Proto $scheme;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# '';
};
};
# 44305
"files.lyes.eu" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:${toString config.services.copyparty.settings.p}";
};
};

6
modules/desktop/networking.nix
View file

@ -30,9 +30,9 @@
"2620:fe::fe"
"2620:fe::9"
];
extraConfig = ''
DNSOverTLS=yes
'';
settings.Resolve = {
DNSOverTLS = true;
};
};
environment.systemPackages = with pkgs; [ wireguard-tools ];

1
modules/server/README.md
View file

@ -1,3 +1,4 @@
- `agraf` : Copyparty (`files.lyes.eu`)
- `baba` : Nextcloud (`cloud.lyes.eu`)
- `biggoron` : Forgejo (`git.lyes.eu`)
- `giovanni` : Vaultwarden (`vault.lyes.eu`)

172
modules/server/agraf/default.nix Normal file
View file

@ -0,0 +1,172 @@
{ config, copyparty, ... }:
{
services.copyparty = {
enable = true;
package = copyparty.packages."x86_64-linux".copyparty.override {
withBasicAudioMetadata = true;
withFTPS = true;
};
# package = pkgs.copyparty-most;
user = "copyparty";
group = "copyparty";
# Order by order of appearence in help text:
# https://ocv.me/copyparty/helptext.html
settings = {
# General options
ed = true; # See hidden files (starting with a dot)
name = "zora"; # Server name
name-url = "https://files.lyes.eu"; # Server URL
j = 4; # Max jobs (CPU usage)
# Network options
i = "127.0.0.1"; # Bind IP address
p = "44305"; # Listening port
rproxy = -1;
xff-src = "lan"; # List of trusted reverse-proxy
# IdP options
# idp-h-usr = "x-username";
# idp-h-grp = "x-groups";
# TODO: check for LDAP integration in copyparty
# Share options
shr = "/share"; # Path where will be available
# Upload options
dotpart = true; # Puts incomplete uploads in dotfiles
dedup = true; # Symlink duplicate files
safe-dedup = 50; # Verify file contents have not been altered for dedups
hardlink = true; # Use hardlink for dedup when possible
# General DB options
e2d = true; # up2k DB (file search, upload-undo, better dedup)
e2dsa = true; # Scan all folders on startup
# Metadata DB options
e2t = true; # Metadata indexing
e2ts = true; # Scan new files for metadata on startup
no-mtag-ff = true; # Nevert use FFprobe
# Transcoding options
q-opus = 320; # Target bitrate for transcoding to OPUS
q-mp3 = "320k"; # Target bitrate for transcoding to MP3
allow-wav = true; # Allow transcoding to WAV
allow-flac = true; # Allow transcoding to FLAC
# FTP options
ftps = 3990; # Enable FTPS on PORT
ftp-no-ow = false; # Reject upload if overwrite
# WebDAV options
daw = true;
# dav-inf = true;
dav-auth = true;
# OPDS options
opds = true; # Allow e-book readers to browse and download files
# Safety options
ls = "**,*,ln,p,r"; # Sanity check on startup
xvol = true; # Never follow symlink leaving the volume root
force-js = true; # Slight protection against web crawlers ignoring robots.txt
no-robots = true; # Set a robot.txt rejecting everything
dont-ban = "auth";
# Grafana / Prometheus metrics endpoint
# stats = true; # Enable openmetrics
# UI options
localtime = true; # Use local timezone
lang = "fra"; # UI language
theme = 2;
# Logging options
ansi = true; # Force colors
};
# globalExtraConfig = "-lo=cpp-%Y-%m%d-%H%M%S.txt.xz";
accounts = {
root.passwordFile = config.age.secrets.agraf-root-pass.path;
lyes.passwordFile = config.age.secrets.agraf-lyes-pass.path;
};
groups = {
su = [ "root" ];
};
volumes =
let
root = "/var/data/files";
in
{
"/u/\${u}" = {
path = "${root}/u/\${u}";
access = {
"rwmd." = [ "\${u}" ];
};
};
"/u/\${u}/public" = {
path = "${root}/u/\${u}/public";
access = {
r = [ "*" ];
"rwmd." = [ "\${u}" ];
};
};
"/u/\${u}/depot" = {
path = "${root}/u/\${u}/depot";
access = {
w = [ "*" ];
"rwmd." = [ "\${u}" ];
};
};
"/~\${u}" = {
path = "${root}/u/\${u}/web";
access = {
h = [ "*" ];
"rwmd." = [ "\${u}" ];
};
};
"/" = {
path = "${root}";
access = {
A = [ "@su" ];
"rwmd." = [ "@acct" ];
};
};
"/public" = {
path = "${root}/public";
access = {
A = [ "@su" ];
"rwmd." = [ "@acct" ];
r = [ "*" ];
};
};
};
openFilesLimit = 65536;
};
age.secrets = {
agraf-root-pass = {
file = ../../../secrets/zora/services/agraf-root-pass.age;
owner = "copyparty";
};
agraf-lyes-pass = {
file = ../../../secrets/zora/services/agraf-lyes-pass.age;
owner = "copyparty";
};
};
}

4
modules/server/biggoron/runner.nix
View file

@ -12,6 +12,9 @@
"podman*"
];
users.users.gitea-runner.isSystemUser = true;
users.users.gitea-runner.group = "gitea-runner";
users.groups.gitea-runner = {};
services.gitea-actions-runner = {
package = pkgs.forgejo-runner;
@ -37,5 +40,6 @@
age.secrets.ptigoron-token = {
file = ../../../secrets/zora/services/ptigoron-token.age;
owner = "gitea-runner";
group = "gitea-runner";
};
}

2
secrets.nix
View file

@ -25,4 +25,6 @@ in
"secrets/zora/services/mogma-privatekey.age".publicKeys = all;
"secrets/zora/services/tetra-pass.age".publicKeys = all;
"secrets/zora/services/lanayru-pass.age".publicKeys = all;
"secrets/zora/services/agraf-root-pass.age".publicKeys = all;
"secrets/zora/services/agraf-lyes-pass.age".publicKeys = all;
}

8
secrets/zora/services/agraf-lyes-pass.age Normal file
View file

@ -0,0 +1,8 @@
age-encryption.org/v1
-> ssh-ed25519 whuRpQ lYyPg6IxJ6FET84KEAJ8kFRykUU0X0k5Lob49RCR52E
t7fJ1o3nMhtFCM9RpEG8DvTgQHtazjpYxxevx4Cloe8
-> ssh-ed25519 TFqgIg DoOo4VX+QG/5itpb7gComQrFvEe/s25ol248KXAJBzQ
Xb+xyGfZb0MS7DAYOBhrhr9AUn4xUpEsQbdy/wtSlQE
--- 1as+tbVwIlYCEZJGRsmkt/pG7haXRIb82IYILMg1gGI
J_ÚΚÆ×yi«wæS úÆÕ5°¯È ÿYQJ ¦M?ÿO¡Ê !¼§hTqzÛÓ]¿¤YD
­ŸÈ~½ˆ¦„

7
secrets/zora/services/agraf-root-pass.age Normal file
View file

@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 whuRpQ /PMUWkh9LQks8Gf8VALPn6SuKBcitEkG1lFeCPLcf3E
J1+3l3CWUFBiqHJ2hizUEAWN4Mineotjm3Qf/pEviRk
-> ssh-ed25519 TFqgIg PRR72I27NZq0RyEI8AWOQf/E8DjmCAsz9awmQcJN5Ho
8jzH/Zr01wpk7X84sZSZUT7ob7a5kvdkwV2yQXx+VX8
--- A4VPCOCifeXXEVLERs7KFt3QHMtATMfD9uYldbUuixQ
1ÃàÄÙ#Ú™<C39A>¹rQ=9õ¼q.â!8‰E=oŸ«ù˜r 19µS˜8ƒÅ•“¼%šÎad7iï