From 9bc0f4c8413fc8ba57870880c82a32b5047f07cb Mon Sep 17 00:00:00 2001 From: teidesu Date: Mon, 2 Dec 2024 05:52:18 +0300 Subject: [PATCH] feat(koi): slskd --- hosts/koi/containers/soulseek/default.nix | 62 +++++++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100644 hosts/koi/containers/soulseek/default.nix diff --git a/hosts/koi/containers/soulseek/default.nix b/hosts/koi/containers/soulseek/default.nix new file mode 100644 index 0000000..0b7e179 --- /dev/null +++ b/hosts/koi/containers/soulseek/default.nix @@ -0,0 +1,62 @@ +{ config, ... }: + +let + UID = 1119; +in { + users.users.soulseek = { + isNormalUser = true; + uid = UID; + extraGroups = [ "geesefs" ]; + }; + + systemd.services.docker-slskd.requires = [ "ecryptfs.service" ]; + virtualisation.oci-containers.containers.slskd = { + image = "slskd/slskd:0.21.4.65534-9a68c184"; + volumes = [ + "/srv/slskd:/app" + "/mnt/s3-desu-priv-encrypted/music:/mnt/music" + "/mnt/puffer/Downloads:/mnt/downloads" + ]; + + ports = [ + "50300:50300" + ]; + + environment = { + SLSKD_REMOTE_CONFIGURATION = "true"; + SLSKD_DOWNLOADS_DIR = "/mnt/downloads"; + SLSKD_REMOTE_FILE_MANAGEMENT = "true"; + SLSKD_SHARED_DIR = "/mnt/music"; + SLSKD_NO_HTTPS = "true"; + SLSKD_NO_AUTH = "true"; # managed by oidc proxy + }; + + user = "${builtins.toString UID}:${builtins.toString UID}"; + extraOptions = [ + "--group-add=${builtins.toString config.users.groups.geesefs.gid}" + ]; + }; + + systemd.tmpfiles.rules = [ + "d /srv/slskd 0700 ${builtins.toString UID} ${builtins.toString UID} -" + ]; + + desu.openid-proxy.services.soulseek = { + clientId = "torrent"; + domain = "soulseek.stupid.fish"; + upstream = "http://slskd.docker:5030"; + envSecret = "torrent-proxy-env"; + }; + + services.nginx.virtualHosts."soulseek.stupid.fish" = { + forceSSL = true; + useACMEHost = "stupid.fish"; + + locations."/" = { + proxyPass = "http://soulseek-oidc.docker$request_uri"; + proxyWebsockets = true; + }; + }; + + networking.firewall.allowedTCPPorts = [ 50300 ]; +} \ No newline at end of file