{ config, copyparty, ... }: { services.copyparty = { enable = true; package = copyparty.packages."x86_64-linux".copyparty.override { withBasicAudioMetadata = true; withFTPS = true; }; # package = pkgs.copyparty-most; user = "copyparty"; group = "copyparty"; # Order by order of appearence in help text: # https://ocv.me/copyparty/helptext.html settings = { # General options ed = true; # See hidden files (starting with a dot) name = "zora"; # Server name name-url = "https://files.lyes.eu"; # Server URL j = 4; # Max jobs (CPU usage) # Network options i = "127.0.0.1"; # Bind IP address p = "44305"; # Listening port rproxy = -1; xff-src = "lan"; # List of trusted reverse-proxy # IdP options # idp-h-usr = "x-username"; # idp-h-grp = "x-groups"; # TODO: check for LDAP integration in copyparty # Share options shr = "/share"; # Path where will be available # Upload options dotpart = true; # Puts incomplete uploads in dotfiles dedup = true; # Symlink duplicate files safe-dedup = 50; # Verify file contents have not been altered for dedups hardlink = true; # Use hardlink for dedup when possible # General DB options e2d = true; # up2k DB (file search, upload-undo, better dedup) e2dsa = true; # Scan all folders on startup # Metadata DB options e2t = true; # Metadata indexing e2ts = true; # Scan new files for metadata on startup no-mtag-ff = true; # Nevert use FFprobe # Transcoding options q-opus = 320; # Target bitrate for transcoding to OPUS q-mp3 = "320k"; # Target bitrate for transcoding to MP3 allow-wav = true; # Allow transcoding to WAV allow-flac = true; # Allow transcoding to FLAC # FTP options ftps = 3990; # Enable FTPS on PORT ftp-no-ow = false; # Reject upload if overwrite # WebDAV options daw = true; # dav-inf = true; dav-auth = true; # OPDS options opds = true; # Allow e-book readers to browse and download files # Safety options ls = "**,*,ln,p,r"; # Sanity check on startup xvol = true; # Never follow symlink leaving the volume root force-js = true; # Slight protection against web crawlers ignoring robots.txt no-robots = true; # Set a robot.txt rejecting everything dont-ban = "auth"; # Grafana / Prometheus metrics endpoint # stats = true; # Enable openmetrics # UI options localtime = true; # Use local timezone lang = "fra"; # UI language theme = 2; # Logging options ansi = true; # Force colors }; # globalExtraConfig = "-lo=cpp-%Y-%m%d-%H%M%S.txt.xz"; accounts = { root.passwordFile = config.age.secrets.agraf-root-pass.path; lyes.passwordFile = config.age.secrets.agraf-lyes-pass.path; }; groups = { su = [ "root" ]; }; volumes = let root = "/var/data/files"; in { "/u/\${u}" = { path = "${root}/u/\${u}"; access = { "rwmd." = [ "\${u}" ]; }; }; "/u/\${u}/public" = { path = "${root}/u/\${u}/public"; access = { r = [ "*" ]; "rwmd." = [ "\${u}" ]; }; }; "/u/\${u}/depot" = { path = "${root}/u/\${u}/depot"; access = { w = [ "*" ]; "rwmd." = [ "\${u}" ]; }; }; "/~\${u}" = { path = "${root}/u/\${u}/web"; access = { h = [ "*" ]; "rwmd." = [ "\${u}" ]; }; }; "/" = { path = "${root}"; access = { A = [ "@su" ]; "rwmd." = [ "@acct" ]; }; }; "/public" = { path = "${root}/public"; access = { A = [ "@su" ]; "rwmd." = [ "@acct" ]; r = [ "*" ]; }; }; }; openFilesLimit = 65536; }; age.secrets = { agraf-root-pass = { file = ../../../secrets/zora/services/agraf-root-pass.age; owner = "copyparty"; }; agraf-lyes-pass = { file = ../../../secrets/zora/services/agraf-lyes-pass.age; owner = "copyparty"; }; }; }