setup few services

flake.lock

@@ -59,6 +59,25 @@
         "type": "github"
       }
     },
+    "copyparty": {
+      "inputs": {
+        "flake-utils": "flake-utils_2",
+        "nixpkgs": "nixpkgs_2"
+      },
+      "locked": {
+        "lastModified": 1756068868,
+        "narHash": "sha256-CmviJx9dcIpdkqMtJEJJBsTiA5/skVtIF4ziBFddr+A=",
+        "owner": "9001",
+        "repo": "copyparty",
+        "rev": "48d6224ec899b47b6a3509625af744fc60cc1903",
+        "type": "github"
+      },
+      "original": {
+        "owner": "9001",
+        "repo": "copyparty",
+        "type": "github"
+      }
+    },
     "dolphin-overlay": {
       "inputs": {
         "nixpkgs": [
@@ -144,6 +163,21 @@
         "type": "github"
       }
     },
+    "flake-utils_2": {
+      "locked": {
+        "lastModified": 1678901627,
+        "narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
     "gitignore": {
       "inputs": {
         "nixpkgs": [
@@ -283,7 +317,7 @@
         "hyprlang": "hyprlang",
         "hyprutils": "hyprutils",
         "hyprwayland-scanner": "hyprwayland-scanner",
-        "nixpkgs": "nixpkgs_2",
+        "nixpkgs": "nixpkgs_3",
         "pre-commit-hooks": "pre-commit-hooks",
         "systems": "systems",
         "xdph": "xdph"
@@ -519,7 +553,7 @@
     "nix-gaming": {
       "inputs": {
         "flake-parts": "flake-parts",
-        "nixpkgs": "nixpkgs_3"
+        "nixpkgs": "nixpkgs_4"
       },
       "locked": {
         "lastModified": 1756001208,
@@ -639,6 +673,21 @@
       }
     },
     "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1748162331,
+        "narHash": "sha256-rqc2RKYTxP3tbjA+PB3VMRQNnjesrT0pEofXQTrMsS8=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "7c43f080a7f28b2774f3b3f43234ca11661bf334",
+        "type": "github"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "ref": "nixos-25.05",
+        "type": "indirect"
+      }
+    },
+    "nixpkgs_3": {
       "locked": {
         "lastModified": 1751792365,
         "narHash": "sha256-J1kI6oAj25IG4EdVlg2hQz8NZTBNYvIS0l4wpr9KcUo=",
@@ -654,7 +703,7 @@
         "type": "github"
       }
     },
-    "nixpkgs_3": {
+    "nixpkgs_4": {
       "locked": {
         "lastModified": 1755829505,
         "narHash": "sha256-4/Jd+LkQ2ssw8luQVkqVs9spDBVE6h/u/hC/tzngsPo=",
@@ -670,7 +719,7 @@
         "type": "github"
       }
     },
-    "nixpkgs_4": {
+    "nixpkgs_5": {
       "locked": {
         "lastModified": 1755922037,
         "narHash": "sha256-wY1+2JPH0ZZC4BQefoZw/k+3+DowFyfOxv17CN/idKs=",
@@ -686,7 +735,7 @@
         "type": "github"
       }
     },
-    "nixpkgs_5": {
+    "nixpkgs_6": {
       "locked": {
         "lastModified": 1755615617,
         "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=",
@@ -729,13 +778,14 @@
     "root": {
       "inputs": {
         "colmena": "colmena",
+        "copyparty": "copyparty",
         "dolphin-overlay": "dolphin-overlay",
         "home-manager": "home-manager",
         "hyprland-plugins": "hyprland-plugins",
         "nix-gaming": "nix-gaming",
         "nix-index-database": "nix-index-database",
         "nixos-hardware": "nixos-hardware",
-        "nixpkgs": "nixpkgs_4",
+        "nixpkgs": "nixpkgs_5",
         "nixpkgs-unstable": "nixpkgs-unstable",
         "zen-browser": "zen-browser"
       }
@@ -821,7 +871,7 @@
     "zen-browser": {
       "inputs": {
         "home-manager": "home-manager_2",
-        "nixpkgs": "nixpkgs_5"
+        "nixpkgs": "nixpkgs_6"
       },
       "locked": {
         "lastModified": 1756009581,

flake.nix

@@ -25,6 +25,8 @@
     nix-index-database.inputs.nixpkgs.follows = "nixpkgs";
 
     colmena.url = "github:zhaofengli/colmena";
+
+    copyparty.url = "github:9001/copyparty";
   };
 
   outputs = { nixpkgs, colmena, zen-browser, dolphin-overlay, hyprland-plugins, home-manager, nixpkgs-unstable, nix-gaming, nix-index-database, ... }@attrs: {
@@ -61,6 +63,7 @@
           system = "x86_64-linux";
           overlays = [];
         };
+        specialArgs = attrs;
       };
 
       eisen = import ./servers/eisen/configuration.nix;

servers/eisen/configuration.nix

@@ -1,11 +1,24 @@
 
-{ config, pkgs, lib, name ? "eisen", ... }:
+{ config, pkgs, lib, name ? "eisen", copyparty, ... }:
+let
+  # these are used both in service configuration but also to
+  # create mappings {name}.eisen.danbulant.cloud to port in caddy
+  ports = {
+    "uptime-kuma" = 3001;
+    "glance" = 5678;
+    "copyparty" = 3210;
+    "syncthing" = 8384;
+  };
+in
 {
   deployment = {
     buildOnTarget = true;
   };
 
+  nixpkgs.overlays = [ copyparty.overlays.default ];
+
   imports = [
+    copyparty.nixosModules.default
     ./hardware-configuration.nix
   ];
 
@@ -23,8 +36,6 @@
   time.timeZone = lib.mkForce "Europe/Prague";
   i18n.defaultLocale = "en_US.UTF-8";
 
-  services.dnsmasq.enable = true;
-
   security = {
     rtkit.enable = true;
     polkit.enable = true;
@@ -33,6 +44,7 @@
   services = {
     logind.lidSwitchExternalPower = "ignore";
 
+    geoclue2.enable = true;
     localtimed.enable = true;
     openssh.enable = true;
     tailscale = {
@@ -43,12 +55,102 @@
     };
     avahi.enable = true;
     lldpd.enable = true;
+
     syncthing = {
       enable = true;
       openDefaultPorts = true;
+      settings = {
+        gui = {
+          insecureSkipHostCheck = true;
+        };
+      };
     };
     
+    copyparty = {
+      enable = true;
 
+      settings = {
+        p = ports.copyparty;
+        idp-hm-usr = "^X-Webauth-Login^danbulant@github^dan";
+      };
+
+      # accounts = {
+      #   dan = {
+
+      #   };
+      # };
+
+      volumes = {
+        "/" = {
+          path = "/media/large";
+          access = {};
+        };
+      };
+
+      openFilesLimit = 8192;
+    };
+    
+    dnsmasq = {
+      enable = true;
+    };
+    
+    uptime-kuma = {
+      enable = true;
+      settings = {
+        PORT = toString ports."uptime-kuma";
+      };
+    };
+    
+    # perhaps add ntfy.sh
+
+    glance = {
+      enable = true;
+      settings = {
+        server = {
+          port = ports.glance;
+        };
+        pages = import ./glance-pages.nix;
+      };
+    };
+
+    caddy = {
+      enable = true;
+
+      extraConfig = ''
+        (auth) {
+          forward_auth unix//run/tailscale-nginx-auth/tailscale-nginx-auth.sock {
+            uri /auth
+            header_up Remote-Addr {remote_host}
+            header_up Remote-Port {remote_port}
+            header_up Original-URI {uri}
+            copy_headers {
+              Tailscale-User>X-Webauth-User
+              Tailscale-Name>X-Webauth-Name
+              Tailscale-Login>X-Webauth-Login
+              Tailscale-Tailnet>X-Webauth-Tailnet
+              Tailscale-Profile-Picture>X-Webauth-Profile-Picture
+            }
+          }
+        }
+      '';
+
+      virtualHosts = builtins.listToAttrs (
+        map (k: {
+          name = "${k}.eisen.danbulant.cloud:80, ${k}.eisen:80";
+          value = {
+            extraConfig = ''
+              import auth
+              reverse_proxy http://localhost:${toString ports.${k}}
+            '';
+          };
+        }) (builtins.attrNames ports)
+      );
+    };
+    tailscaleAuth = {
+       # this is what's used above in forward_auth
+      enable = true;
+      group = "caddy";
+    };
   };
   systemd.services.syncthing.environment.STNODEFAULTFOLDER = "true";
 

servers/eisen/glance-pages.nix

@@ -0,0 +1,137 @@
+[
+  {
+    name = "Home";
+    columns = [
+      {
+        size = "small";
+        widgets = [
+          {
+            type = "calendar";
+            "first-day-of-week" = "monday";
+          }
+          {
+            type = "rss";
+            limit = 10;
+            "collapse-after" = 3;
+            cache = "12h";
+            feeds = [
+              {
+                url = "https://selfh.st/rss/";
+                title = "selfh.st";
+                limit = 4;
+              }
+              {
+                url = "https://ciechanow.ski/atom.xml";
+              }
+              {
+                url = "https://www.joshwcomeau.com/rss.xml";
+                title = "Josh Comeau";
+              }
+              {
+                url = "https://samwho.dev/rss.xml";
+              }
+              {
+                url = "https://ishadeed.com/feed.xml";
+                title = "Ahmad Shadeed";
+              }
+            ];
+          }
+          {
+            type = "twitch-channels";
+            channels = [
+              "theprimeagen"
+              "j_blow"
+              "piratesoftware"
+              "cohhcarnage"
+              "christitustech"
+              "EJ_SA"
+            ];
+          }
+        ];
+      }
+      {
+        size = "full";
+        widgets = [
+          {
+            type = "group";
+            widgets = [
+              { type = "hacker-news"; }
+              { type = "lobsters"; }
+            ];
+          }
+          {
+            type = "videos";
+            channels = [
+              "UCXuqSBlHAE6Xw-yeJA0Tunw" # Linus Tech Tips
+              "UCR-DXc1voovS8nhAvccRZhg" # Jeff Geerling
+              "UCsBjURrPoezykLs9EqgamOA" # Fireship
+              "UCBJycsmduvYEL83R_U4JriQ" # Marques Brownlee
+              "UCHnyfMqiRRG1u-2MsSQLbXA" # Veritasium
+            ];
+          }
+          {
+            type = "group";
+            widgets = [
+              {
+                type = "reddit";
+                subreddit = "technology";
+                "show-thumbnails" = true;
+              }
+              {
+                type = "reddit";
+                subreddit = "selfhosted";
+                "show-thumbnails" = true;
+              }
+            ];
+          }
+        ];
+      }
+      {
+        size = "small";
+        widgets = [
+          {
+            type = "weather";
+            location = "London, United Kingdom";
+            units = "metric";
+            "hour-format" = "12h";
+          }
+          {
+            type = "markets";
+            markets = [
+              {
+                symbol = "SPY";
+                name = "S&P 500";
+              }
+              {
+                symbol = "BTC-USD";
+                name = "Bitcoin";
+              }
+              {
+                symbol = "NVDA";
+                name = "NVIDIA";
+              }
+              {
+                symbol = "AAPL";
+                name = "Apple";
+              }
+              {
+                symbol = "MSFT";
+                name = "Microsoft";
+              }
+            ];
+          }
+          {
+            type = "releases";
+            cache = "1d";
+            repositories = [
+              "glanceapp/glance"
+              "go-gitea/gitea"
+              "immich-app/immich"
+              "syncthing/syncthing"
+            ];
+          }
+        ];
+      }
+    ];
+  }
+]

servers/eisen/hardware-configuration.nix

@@ -25,9 +25,9 @@
     };
 
   fileSystems."/media/large" = {
-    device = "/dev/disk/by-label/large";
+    device = "/dev/disk/by-uuid/79f63619-39db-4fbe-8036-f2279f6067a3";
     fsType = "btrfs";
-    options = [ "subvol=@" "nofail" "exec" "users" ];
+    options = [ "nofail" "defaults" ];
   };
 
   swapDevices =