From 16ffe4e125a3410d00d2cfb817f81ded01ba50d5 Mon Sep 17 00:00:00 2001
From: Lander Van den Bulcke <landervandenbulcke@gmail.com>
Date: Sun, 21 Sep 2025 00:13:05 +0200
Subject: [PATCH] feat: add slskd

Signed-off-by: Lander Van den Bulcke <landervandenbulcke@gmail.com>
---
 hosts/servers/hosting-02.nix  | 36 +++++++++++++++++++++++++++++++++++
 hosts/servers/hosting-02.yaml |  5 +++--
 modules/nixos/storagebox.nix  |  2 +-
 3 files changed, 40 insertions(+), 3 deletions(-)

diff --git a/hosts/servers/hosting-02.nix b/hosts/servers/hosting-02.nix
index 90359a5..83af31b 100644
--- a/hosts/servers/hosting-02.nix
+++ b/hosts/servers/hosting-02.nix
@@ -34,6 +34,39 @@
     passFile = config.sops.secrets.storageboxCryptKey.path;
   };
 
+  services.slskd = {
+    enable = true;
+    domain = "slsk.escapeangle.com";
+    environmentFile = config.sops.secrets.slskdEnvFile.path;
+    settings = {
+      shares.directories = [ "/data/slsk/share" ];
+      directories = {
+        downloads = "/data/slsk/downloads";
+        incomplete = "/data/slsk/incomplete";
+      };
+    };
+  };
+
+  systemd.services.slskd.serviceConfig = {
+    UMask = "0002";
+    NetworkNamespacePath = "/run/netns/vpn";
+  };
+
+  users.groups.storage = {
+    name = "storage";
+    gid = 491729;
+    members = [ "slskd" ];
+  };
+
+  services.nginx.virtualHosts."sls.escapeangle.com" = {
+    forceSSL = true;
+    enableACME = true;
+    locations."/" = {
+      proxyPass = "http://10.10.10.2:${toString config.services.slskd.settings.web.port}";
+      proxyWebsockets = true;
+    };
+  };
+
   sops = {
     defaultSopsFile = ./hosting-02.yaml;
     secrets = {
@@ -46,6 +79,9 @@
       storageboxCryptKey = {
         owner = "root";
       };
+      slskdEnvFile = {
+        owner = config.services.slskd.user;
+      };
     };
   };
 
diff --git a/hosts/servers/hosting-02.yaml b/hosts/servers/hosting-02.yaml
index 85ef193..a210d37 100644
--- a/hosts/servers/hosting-02.yaml
+++ b/hosts/servers/hosting-02.yaml
@@ -1,6 +1,7 @@
 wireguardKey: ENC[AES256_GCM,data:Z239oQMzOp4C33pBePuANX3aPkmjTcrT+Z/UY0dnUCmMOs2Oy3iktS6Fgsw=,iv:21XLXpgsoYpvz887ZlLJW/A6IOJwEX5YwJrnO725M5U=,tag:VDGjOiYqFN8tMhf8s2YV6g==,type:str]
 storageboxKey: ENC[AES256_GCM,data:uWDkiWIk3OePRfoaqjllVlRVzW5+ryE4sIOs8qm6cS8JN/+YFbnkCsT5sdFeXSpJyQ7ymgD6uJJ75RWH6Y/iIARbmZN/x/9hnB3LORHSl/C0F3xMHUf6prXtYyPNLWe+ghCMygaLyvBuCBiEhleevRQANXLUJCysiODepSkXwyasAHKTKuKQUPU/T+1R7eXaQPDMehzD4/0o8SdLkqcZXBQzs3VRp+CbQyl7dx6znwoPWckmFH2W+9fZCE+AxFxBP3jPVjBPuOC3BviTYFSvZPEkmtH+lxYv+PXFAPpgYwmAEjCwWyDMDRy6bNVQIG6TKHn60TJv+GCfRwPJ46mVtbruyil23d7g/V7dhu8btPbgtvcBx/8EexJ0PHAVWcIZ1FJwr7inMCAghbSDD3CkGpOV8btaYgUZtosqfg9r5cd75jB+7RZPwyb8/1mrLWE3eL9Za2lZ6bC7a9AeIn1q3Cn6+aoMKqXp8q/sVwozNpUJj73yhjR146MGjCGpqoKJqK453qc3VCC50OZTOULV,iv:sEwA6zrK6FFqTmVJOMD77g0OuDjCHDLRBlirjhZBx/0=,tag:z1fX+7goXk4U6Di+4EK6Fw==,type:str]
 storageboxCryptKey: ENC[AES256_GCM,data:ryYOzFvdPaVkOHmypYbqw+KU6aB2OQutLw==,iv:FL4c7P36qxYR1KJlg7t0dvFHlKGMIrTlQG+CDkeJu9U=,tag:Ia4mhV9Ed/m1rRMCNnHqXw==,type:str]
+slskdEnvFile: ENC[AES256_GCM,data:K1S1PXQMiBoEdbuM/NTBUYRrUSnAC/KBhm/PFzoCJATiLLPsstzgqzbe9vG8tnULb2driAH4Ytd03cmROp30V+9vW6J9eyCofWySWZNEYriRfY1y7y5AR8W13zQL0FGZOewUy/1T7YRvN8FjZFh4n7S3c0GREX3FSSNrmaHwOqgueDs=,iv:VziNMRpC2clhFyOMG8LRReMGUxhYqjUaZeA8gh599aM=,tag:H1tQBZ8nSgATSJB6nFSdlA==,type:str]
 sops:
     age:
         - recipient: age1hvrssz7k9akz66evj4kja53zvdtrss8k2ljxsh5myh2mru62sggqznlzrt
@@ -12,8 +13,8 @@ sops:
             b1ZqUzZLUkFwNHJyVlhmK0FOZ1JFYUEKDU4NmBCHRY+ZK+RFK/LioGzjJTaOE1ky
             MC6jxt7Y5RkCk0BBqeoEVLaNXNViPjwakbvyfH0w0P6l0KDJ4mNlYQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-09-18T21:32:51Z"
-    mac: ENC[AES256_GCM,data:y3iMxGNyJfkmJZebiJ/iW/fhX3758Bz8/z8GfzvBiosjHOE6Awka70uQ7rFvHrLIFATDCrWW09ERD16/EIGL7bZMBKeXmjpkTe9WrmqYu4aS9qj1A/UzcW9zkxj6kKSZlgbdh2RaPXj9VcVfdYs/WDp8cxAuNmFLLEpY9Ar0SSY=,iv:rSGm4Y9XWrYmA2rL3t63NfSgHd6wBPWbtvfGivj6Qq0=,tag:gdHWOS0NO5piFK3fQiCSrw==,type:str]
+    lastmodified: "2025-09-20T23:35:47Z"
+    mac: ENC[AES256_GCM,data:idOk0S4lGYWOPHayOgqX0oKk8cWmm9YUXbAIDlojOmroE8qL45nBMNpb6npuA7wGoHWsg8kYCidi8v8Gz+dGnEMURdcT7NoqcgtDWisYxyw5sMQ52Wc+pNQzct34FGnIVcuQl/kFWEc5s7+jsXCiF5o0YbJLeyr6tyl1D2rWKkw=,iv:6n69rCiyETkV3hnGvAhxd3o+DcDI/Se7JMIs4fsDdag=,tag:Lf7lXw0dhgRqb7lnbJ2H6g==,type:str]
     pgp:
         - created_at: "2025-09-18T21:32:42Z"
           enc: |-
diff --git a/modules/nixos/storagebox.nix b/modules/nixos/storagebox.nix
index 7ed47b5..7011c4d 100644
--- a/modules/nixos/storagebox.nix
+++ b/modules/nixos/storagebox.nix
@@ -61,10 +61,10 @@ in
         "defaults"
         "_netdev"
         "allow_other"
-        "default_permissions"
         "port=23"
         "compression=no"
         "reconnect"
+        "umask=000"
         "ServerAliveInterval=15"
         "IdentityFile=${cfg.sshKeyFile}"
       ];