diff --git a/flake.nix b/flake.nix index 494c6a1..0dc57ba 100644 --- a/flake.nix +++ b/flake.nix @@ -32,6 +32,9 @@ url = "github:lavafroth/mustache2konsole"; inputs.nixpkgs.follows = "nixpkgs"; }; + + copyparty.url = "github:9001/copyparty"; + nix-ld.url = "github:Mic92/nix-ld"; nix-ld.inputs.nixpkgs.follows = "nixpkgs"; }; @@ -47,6 +50,7 @@ stylix, nix-ld, mustache2konsole, + copyparty, ... }: @@ -93,6 +97,18 @@ rahu = nixpkgs.lib.nixosSystem { inherit system specialArgs; modules = [ + copyparty.nixosModules.default + ( + { pkgs, ... }: + { + # add the copyparty overlay to expose the package to the module + nixpkgs.overlays = [ copyparty.overlays.default ]; + # (optional) install the package globally + environment.systemPackages = [ pkgs.copyparty ]; + # configure the copyparty module + services.copyparty.enable = true; + } + ) ./hosts/rahu/configuration.nix sops-nix.nixosModules.sops ]; diff --git a/hosts/rahu/configuration.nix b/hosts/rahu/configuration.nix index 8716ea0..337ac80 100644 --- a/hosts/rahu/configuration.nix +++ b/hosts/rahu/configuration.nix @@ -12,21 +12,75 @@ sops.defaultSopsFormat = "yaml"; sops.age.keyFile = "/home/user/.config/sops/age/keys.txt"; - sops.secrets.photoprism_password = { }; sops.secrets.wireless_ap = { }; + sops.secrets.copyparty_himadri = { + owner = "copyparty"; + }; + sops.secrets.copyparty_sampurna = { + owner = "copyparty"; + }; sops.secrets.transmission = { owner = "transmission"; restartUnits = [ "transmission.service" ]; }; - services.photoprism = { + services.immich.enable = true; + services.immich.port = 2283; + services.immich.openFirewall = true; + services.immich.host = "0.0.0.0"; + services.immich.accelerationDevices = null; + + users.users.immich.extraGroups = [ + "video" + "render" + ]; + + services.copyparty = { enable = true; - originalsPath = "/media/Himadri/Stasis/Camera"; - address = "0.0.0.0"; - passwordFile = "/run/secrets/photoprism_password"; + # directly maps to values in the [global] section of the copyparty config. + # see `copyparty --help` for available options settings = { - PHOTOPRISM_ADMIN_USER = "user"; + i = "0.0.0.0"; + p = 3210; + # using 'false' will do nothing and omit the value when generating a config + ignored-flag = false; }; + + # create users + accounts = { + himadri.passwordFile = "/run/secrets/copyparty_himadri"; + sampurna.passwordFile = "/run/secrets/copyparty_sampurna"; + }; + + # create a volume + volumes = { + # create a volume at "/" (the webroot), which will + "/" = { + path = "/media/ssd0"; + access = { + rwmda = "himadri"; + }; + flags = { + fk = 4; + scan = 60; + e2d = true; + }; + }; + + "/Music" = { + path = "/media/ssd0/Stasis/Music"; + access.r = "*"; + flags.e2d = true; + }; + + "/Movies" = { + path = "/media/ssd0/Stasis/Movies"; + access.r = "*"; + flags.e2d = true; + }; + }; + # you may increase the open file limit for the process + openFilesLimit = 8192; }; # Bootloader. @@ -61,6 +115,7 @@ systemd.services.transmission.serviceConfig.BindPaths = [ "/media/ssd0/Stasis/Games" + "/media/ssd0/Stasis/Movies" "/media/ssd0/Stasis/Books" ]; @@ -149,6 +204,7 @@ }; networking.firewall.allowedTCPPorts = [ 2342 + 3210 80 ]; system.stateVersion = "23.11"; diff --git a/hosts/rahu/secrets/secrets.yaml b/hosts/rahu/secrets/secrets.yaml index 0975db3..20f7fdc 100644 --- a/hosts/rahu/secrets/secrets.yaml +++ b/hosts/rahu/secrets/secrets.yaml @@ -1,11 +1,8 @@ -photoprism_password: ENC[AES256_GCM,data:CEutJB7WeTQuGZkB,iv:4dixCOtdCbrWTl02KLKlm9eID38tKL85yzhjv3KBDQM=,tag:QC7KEEvtMcYY9O88l5ElqA==,type:str] +copyparty_himadri: ENC[AES256_GCM,data:iAQJnMCeAILKxsU=,iv:d8WHGJmostTF/0fRc/XgjFnLx2Ci0GoQqsPIVnld+/8=,tag:lru8J0VPxJeRrPwsUBKiig==,type:str] +copyparty_sampurna: ENC[AES256_GCM,data:FpVkrg1JRw==,iv:grtJqDVvUz5JeEpOysZ7h2soNvfTgyZjaxKCMqCFNME=,tag:eF4xj0nmzWoIAs73HLGYUQ==,type:str] wireless_ap: ENC[AES256_GCM,data:0OPCycOfyuh+28irp8VryPIuASNahyo0P/U3t/SGIe023TAPEvs0h2zQ25mGWg5rl1BKTiL0kolQycRYZTXhn3CE5HaDR0/CzXMGqxEBa17QfaNCx9wRblyoH976WqwGrzHZ,iv:LHK7JYd+PU7Wjjs55mjVNVrzvTL2j7ef7LXtKuudDws=,tag:Kp3GVtH+UiXyG+JjtR5IDA==,type:str] transmission: ENC[AES256_GCM,data:+aHe6QIrCBCbH5/AsxAmphGqVW3LD2MchRoDYlRGWOHBhCguaOiCzENaDWoGNFEhM6+G0OGEqgg7MefgJY4r7zxP+w==,iv:ErWgXCpzFnq1mTdjFwbkMFPrxJclg5XOWYReNqD2qu0=,tag:BrqANx78qE0OwAcHe7Pevw==,type:str] sops: - kms: [] - gcp_kms: [] - azure_kv: [] - hc_vault: [] age: - recipient: age1mvqrpx830w7pk34wasvlc03n0qe85ux2zqx6y7zvu5mycm0tcawq4q6lke enc: | @@ -16,8 +13,7 @@ sops: K1NuRWpyQlFKSXIrcWVwR1FFbkpDa0EKTmDcy1D/LbiJfYiQGWPoNEInICjj1Q0S jjj0dwQGA86L8GZgOavMBxz36Qyp71WPNr52nMCE2ny6VxflpVwAVA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-02-17T15:21:13Z" - mac: ENC[AES256_GCM,data:VtZ52U2Bvmn0y+musMLjDOEpBoh/y0ZS9ITWXEOOUz0pXXta2/7XIGs5bhpKIky0PTQwY4OuJw2/UG+240Xa/UpzCqIDUK1A5TOQwkWLF90XtMAobqcU22tSgfsyQBwpfT6m2eBOtRg06YV4pVXpnftSYQ32j+LcR8P55Q3GsFw=,iv:3DFXaA3S9EXt3epYWfT3/VKPeMHwLg0LnWD2fMoO1dw=,tag:fVrQqi2WdyVj+TneRedVQg==,type:str] - pgp: [] + lastmodified: "2025-07-31T14:13:42Z" + mac: ENC[AES256_GCM,data:L6n7XuZtMQ0PrEOLfiEaOeE5XzuyDTX9l27dYy7k7sZC4kGXBfsjeMsPVnrV3mruZlURKl5hflEk6sZKCOTpIiTQVvNKaF6dNWRMC69FWaGySr5oLrN6dYKbZJbDWPGz6YQDB62DihI3mCZC5A9sZ75+uCKn0J6j+cjcS95OZYw=,iv:VGNmNGhXqSzoF6GHh3aGrwqpNtcsieUl0rVkF/ucExY=,tag:Lx0pd0M/jY1qA13AD6eYXw==,type:str] unencrypted_suffix: _unencrypted - version: 3.9.4 + version: 3.10.2