extend body capacity for copyparty to 100M

hosts/sin/authelia.nix

@@ -0,0 +1,54 @@
+{ config, lib, ... }:
+let
+  cfg = config.services.authelia.instances.main;
+  dataDir = /var/lib/authelia/${cfg.name};
+in
+{
+  services.authelia.instances = {
+    main = {
+      enable = true;
+      secrets = {
+        jwtSecretFile = config.age.secrets.authelia-jwt.path;
+        storageEncryptionKeyFile = config.age.secrets.authelia-encryption.path;
+        sessionSecretFile = config.age.secrets.authelia-session.path;
+      };
+      settings = {
+        theme = "light";
+        log.level = "debug";
+
+        authentication_backend = {
+          file = {
+            path = dataDir + "/users.yml";
+          };
+        };
+        storage = {
+          local = {
+            path = dataDir + "/db.sqlite3";
+          };
+        };
+        session = {
+          cookies = [
+            {
+              domain = "shobu.fr";
+              authelia_url = "https://auth.Shobu.fr";
+              default_redirection_url = "https://shobu.fr";
+            }
+          ];
+        };
+        access_control = {
+          default_policy = "deny";
+          rules = [
+            {
+              domain = "*.shobu.fr";
+              policy = "one_factor";
+            }
+          ];
+        };
+      };
+    };
+  };
+
+  systemd.tmpfiles.rules = lib.mkif cfg.enable [
+    "d '${dataDir}' 0700 ${cfg.user} ${cfg.group} - -"
+  ];
+}

hosts/sin/configuration.nix

@@ -17,6 +17,8 @@
     ./secrets.nix
     ./coredns
     ./copyparty.nix
+    # ./authelia.nix
+    # ./trilium.nix
   ];
 
   boot.initrd.kernelModules = [ "usb_storage" ];

hosts/sin/secrets.nix

@@ -15,5 +15,17 @@
       mode = "700";
       owner = "copyparty";
     };
+    authelia-jwt = {
+      file = ./secrets/authelia-jwt.age;
+      mode = "700";
+    };
+    authelia-encryption = {
+      file = ./secrets/authelia-encryption.age;
+      mode = "700";
+    };
+    authelia-session = {
+      file = ./secrets/authelia-session.age;
+      mode = "700";
+    };
   };
 }

hosts/sin/secrets/authelia-encryption.age

@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 /uqj4A L95rgX9APIgoMvkplZIYgMQDhKBOsPGOw/maymMhiks
+LNfa/YBCd84iknAMk4wbQps4KMXCvrhPp2d9KkhJWHI
+-> ssh-ed25519 NoSl6Q G/y6DUFTyV6Jy6KHo8yc+xxtu3aJtTOF3Ldmxq3FmyE
+FOExj321S/VIPQ/qdvZBcJ930HI/GsjDVjJp9WMSXLA
+--- iIpq/CWng+4+kQbvJQb/qgejr/eza94wCkegEJ2dvno
+ÿNôU*1=DÔOˆ£W6]_â©Kà=©*ÊÞký¦_ù˜Ýøɇ™tmË•ãw°

hosts/sin/secrets/authelia-jwt.age

@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 /uqj4A i6SPCzjkGrPMjhC9NQDdYTk3fzXoD4OSQdhS1togN0A
+Lqus8sROz1O4EepauPwC4RX/qH+SnDiL2H5iZGtAhXo
+-> ssh-ed25519 NoSl6Q LxV4a5HiB6qfPjbba75dkVVECzaqrMjksMXHh53JbGQ
+x4POzurz+J2mymT81M+cu69Iv/MeiYt+JvaRteinm5Q
+--- OFqooyZ2HPBxP756PqpgJAyVOTkqhJ0LhEQsLJBZUtE
+—>»&Ȇw·\D„Au{õz{CˆÁ~á$‘_ˆ9»¢ZZ<5A>U^„ÎÊL!(lnпÂó‰Üv{fdº 1Ýßl
¢,<2C>|<7C>Ü.¤çH«¤³êVaù¥ÍÓˆ™PêwOo3ž

hosts/sin/secrets/authelia-session.age

@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 /uqj4A eff535EaT7gEZOacWx9raBJMdd4PPd9+y6Y3eOt1wBI
+5P4aefjWVJ4L11ff+Cg8j3gQ58I+agDPUMFWiCaL/sQ
+-> ssh-ed25519 NoSl6Q 3+EZtaiiZQk7JK6zCNo/nUSSRAJzf8nal2X1sFkYmxo
+f5gzpiOtCbYdiV7vOxfZvJPRmRruTbHg6T8g0r5JRgc
+--- BBL3wE2eSmHVI4tlhq+5fy84cauw6P6G69nFXuObLKE
+êéæí	@[¡SÓcñ‘<C3B1>SyÉŠ‡<; í†<C3AD>e±Ë茟<C592><C5B8>§(°Æž1\Yj›È¯½½4åõ Ý
ȹ.3>Â[Èq¢Jh8í·šÕVt”øX[Ì~[(#
^‘_5€§<E282AC>

hosts/sin/trilium.nix

@@ -0,0 +1 @@
+{ ... }: { }

hosts/thea/nginx.nix

@@ -42,7 +42,6 @@ in
         // mkStarr "prowlarr.shobu.fr" "9696"
         // mkStarr "bazarr.shobu.fr" "6767"
         // mkStarr "jellyseerr.shobu.fr" "5055"
-        // mkStarr "fileshelter.shobu.fr" "5091"
         // mkStarr "lidarr.shobu.fr" "8686"
         // mkStarr "whisparr.shobu.fr" "6969"
         // mkStarr "transmission.shobu.fr" "9091"
@@ -113,6 +112,7 @@ in
               proxyPass = "http://${sin-address}:8086";
               extraConfig = ''
                 proxy_set_header X-Real-IP $remote_addr;
+                client_max_body_size 100M;
               '';
             };
           };