copyparty configs!

configs/nixos/copyparty.nix

@@ -1,71 +0,0 @@
-{
-  inputs,
-  config,
-  pkgs,
-  lib,
-  ...
-}: let
-  port = "3923";
-in {
-  nixpkgs.overlays = [inputs.copyparty.overlays.default];
-  environment.systemPackages = with pkgs; [copyparty];
-  services.copyparty = {
-    enable = true;
-    # directly maps to values in the [global] section of the copyparty config.
-    # see `copyparty --help` for available options
-    settings = {
-      i = "127.0.0.1";
-      p = port;
-      ed = true;
-      e2dsa = true;
-      # hist = "/storage/copyparty";
-      forget-ip = 1440;
-      e2ts = true;
-      shr = "/share";
-      shr-adm = "gabe";
-      u2abort = 3;
-      magic = true;
-      df = 5;
-      u2j = 16;
-      ls = "**,*,ln,p,r";
-      xvol = true;
-      xdev = true;
-      no-logues = true;
-      no-robots = true;
-      md-hist = "v";
-      nsort = true;
-      log-utc = true;
-    };
-
-    # create users
-    accounts = {
-      # gabe.passwordFile = "/run/keys/copyparty/k_password";
-    };
-
-    # create a volume
-    volumes = {
-      "/" = {
-        path = "/storage/syncthing/";
-        # see `copyparty --help-accounts` for available options
-        access = {
-          r = "*";
-          A = "*";
-          # rw = ["gabe" "erica"];
-        };
-        # see `copyparty --help-flags` for available options
-        flags = {
-          # "fk" enables filekeys (necessary for upget permission) (4 chars long)
-          fk = 4;
-          # scan for new files every 60sec
-          scan = 600;
-          # volflag "e2d" enables the uploads database
-          e2d = true;
-          # "d2t" disables multimedia parsers (in case the uploads are malicious)
-          d2t = false;
-        };
-      };
-    };
-    # you may increase the open file limit for the process
-    openFilesLimit = 8192;
-  };
-}

flake.lock

@@ -10,15 +10,16 @@
         ]
       },
       "locked": {
-        "lastModified": 1745176775,
+        "lastModified": 1745400750,
-        "narHash": "sha256-7bWct47AKcQntlJaY8NMECZ1FXIaFlYb/yCMC0Bm30M=",
+        "narHash": "sha256-sXLl6fuWPyZll4ok1b1pbxJLJ5ZnK/NUfL8+SK42P5Q=",
-        "owner": "9001",
+        "owner": "gabevenberg",
         "repo": "copyparty",
-        "rev": "68e7000275425f5dd1d2d80dc428fe2fcab6cc9c",
+        "rev": "a54e950ecca45225d94c5e982e2dd3453c09ea22",
         "type": "github"
       },
       "original": {
-        "owner": "9001",
+        "owner": "gabevenberg",
+        "ref": "nixos-module",
         "repo": "copyparty",
         "type": "github"
       }
@@ -192,10 +193,10 @@
     "nix-secrets": {
       "flake": false,
       "locked": {
-        "lastModified": 1742472608,
+        "lastModified": 1745397247,
-        "narHash": "sha256-CelDYGqeNk4pGs9ObnV56rAK9C0ajN4Pz4n/5y8Ghtw=",
+        "narHash": "sha256-R8RPX20EJFpaUSQpiUE0N5d31UDbB+3Qu8yapab5F2k=",
         "ref": "refs/heads/main",
-        "rev": "69bdba99f321bc9adbff9a147450e23d6e15c89b",
+        "rev": "01654a652e4b9b5ade200d85a1e3fd3e1b058053",
         "shallow": true,
         "type": "git",
         "url": "ssh://forgejo@git.venberg.xyz/Gabe/nix-secrets.git"

flake.nix

@@ -34,7 +34,8 @@
     };
 
     copyparty = {
-      url = "github:9001/copyparty";
+      # url = "github:9001/copyparty";
+      url = "github:gabevenberg/copyparty/nixos-module";
       inputs.nixpkgs.follows = "nixpkgs";
       inputs.flake-utils.follows = "flake-utils";
     };

hosts/cirrostratus/copyparty.nix

@@ -0,0 +1,89 @@
+{
+  inputs,
+  config,
+  pkgs,
+  lib,
+  ...
+}: let
+  port = "3923";
+  defaultvolflags = {
+    scan = 60;
+    grid = true;
+    nsort = true;
+    fk = 8;
+  };
+in {
+  nixpkgs.overlays = [inputs.copyparty.overlays.default];
+  environment.systemPackages = with pkgs; [copyparty];
+  services.copyparty = {
+    enable = true;
+    user = config.host.details.user;
+    group = "users";
+    # directly maps to values in the [global] section of the copyparty config.
+    # see `copyparty --help` for available options
+    settings = {
+      # i = "127.0.0.1";
+      p = port;
+      ed = true;
+      e2dsa = true;
+      forget-ip = 1440;
+      e2ts = true;
+      shr = "/share";
+      shr-adm = "gabe";
+      u2abort = 3;
+      magic = true;
+      df = 5;
+      u2j = 16;
+      ls = "**,*,ln,p,r";
+      xvol = true;
+      xdev = true;
+      no-logues = true;
+      no-robots = true;
+      md-hist = "v";
+      nsort = true;
+      log-utc = true;
+      ah-alg = "argon2";
+      ah-salt = "ImSaltyAboutNonPersistentSalts";
+    };
+    accounts = lib.mkIf (inputs ? nix-secrets) (
+      builtins.mapAttrs (name: value: {passwordFile = "${inputs.nix-secrets}/copyparty/${name}";})
+      (builtins.readDir "${inputs.nix-secrets}/copyparty")
+    );
+    volumes = {
+      "/" = {
+        path = "/storage/syncthing/family";
+        access = {
+          rwmd = ["gabe" "erica"];
+          A = ["gabe"];
+        };
+        flags = defaultvolflags;
+      };
+      "/gabe" = {
+        path = "/storage/syncthing/gabe";
+        access = {
+          rwmd = "gabe";
+          A = ["gabe"];
+        };
+        flags = defaultvolflags;
+      };
+      "/erica" = {
+        path = "/storage/syncthing/erica";
+        access = {
+          rwmd = "erica";
+          A = ["erica"];
+        };
+        flags = defaultvolflags;
+      };
+    };
+    # you may increase the open file limit for the process
+    openFilesLimit = 8192;
+  };
+
+  services.nginx.virtualHosts."files.venberg.xyz" = {
+    enableACME = true;
+    forceSSL=true;
+    locations."/" = {
+      proxyPass= "http://localhost:${port}";
+    };
+  };
+}

hosts/cirrostratus/default.nix

@@ -16,6 +16,7 @@ inputs.nixpkgs.lib.nixosSystem {
     ./hardware-configuration.nix
     ./restic.nix
     ./nginx.nix
+    ./copyparty.nix
     ../../configs/nixos/common.nix
     ../../configs/nixos/tailscale.nix
     ../../configs/nixos/sshd.nix
@@ -29,7 +30,6 @@ inputs.nixpkgs.lib.nixosSystem {
     ../../configs/nixos/miniserve-tmp-upload.nix
     ../../configs/nixos/minecraft-docker.nix
     ../../configs/nixos/nginx-static.nix
-    ../../configs/nixos/copyparty.nix
     ({
       config,
       pkgs,

modules/nixos/restic.nix

@@ -130,7 +130,7 @@
       })
       (
         lib.mkIf cfg.enable (
-          lib.mapAttrs (
+          builtins.mapAttrs (
             name: backup: {
               repositoryFile = cfg.repositoryFile;
               repository = cfg.repository;