From e50d4aeee1ba067cdbdf30ffb4614db587d5f3e5 Mon Sep 17 00:00:00 2001
From: uttarayan21 <email@uttarayan.me>
Date: Tue, 4 Feb 2025 03:01:46 +0530
Subject: [PATCH] feat: Added sunshine

---
 nixos/mirai/services/authelia.nix |  4 +++
 nixos/mirai/services/default.nix  |  1 +
 nixos/mirai/services/seafile.nix  | 47 +++++++++++++++++++++++++++++++
 nixos/ryu/services/sunshine.nix   |  6 ++--
 4 files changed, 55 insertions(+), 3 deletions(-)
 create mode 100644 nixos/mirai/services/seafile.nix

diff --git a/nixos/mirai/services/authelia.nix b/nixos/mirai/services/authelia.nix
index 16c1f3c5..cfe11728 100644
--- a/nixos/mirai/services/authelia.nix
+++ b/nixos/mirai/services/authelia.nix
@@ -35,6 +35,10 @@
                 domain = "darksailor.dev";
                 policy = "one_factor";
               }
+              {
+                domain = "cloud.darksailor.dev";
+                policy = "one_factor";
+              }
               {
                 domain = "code.darksailor.dev";
                 policy = "one_factor";
diff --git a/nixos/mirai/services/default.nix b/nixos/mirai/services/default.nix
index 1f3b63e0..ef9b8186 100644
--- a/nixos/mirai/services/default.nix
+++ b/nixos/mirai/services/default.nix
@@ -2,6 +2,7 @@
   imports = [
     ./atuin.nix
     ./authelia.nix
+    ./seafile.nix
     # ./home-assistant.nix
     # ./navidrome.nix
     # ./llama.nix
diff --git a/nixos/mirai/services/seafile.nix b/nixos/mirai/services/seafile.nix
new file mode 100644
index 00000000..8e0d7969
--- /dev/null
+++ b/nixos/mirai/services/seafile.nix
@@ -0,0 +1,47 @@
+{config, ...}: {
+  # sops = {
+  #   # secrets."nextcloud/adminpass".owner = config.users.users..name;
+  # };
+  services = {
+    seafile = {
+      enable = false;
+      adminEmail = "admin@uttarayan.me";
+      initialAdminPassword = "foobar";
+
+      seafileSettings = {
+        fileserver.host = "unix:/run/seafile/server.sock";
+      };
+      seahubExtraConf =
+        /*
+        python
+        */
+        ''
+          ENABLE_REMOTE_USER_AUTHENTICATION = True
+          # Optional, HTTP header, which is configured in your web server conf file,
+          # used for Seafile to get user's unique id, default value is 'HTTP_REMOTE_USER'.
+          REMOTE_USER_HEADER = 'HTTP_REMOTE_USER'
+          # Optional, when the value of HTTP_REMOTE_USER is not a valid email address，
+          # Seafile will build a email-like unique id from the value of 'REMOTE_USER_HEADER'
+          # and this domain, e.g. user1@example.com.
+          REMOTE_USER_DOMAIN = 'uttarayan.me'
+          # Optional, whether to create new user in Seafile system, default value is True.
+          # If this setting is disabled, users doesn't preexist in the Seafile DB cannot login.
+          # The admin has to first import the users from external systems like LDAP.
+          REMOTE_USER_CREATE_UNKNOWN_USER = True
+          # Optional, whether to activate new user in Seafile system, default value is True.
+          # If this setting is disabled, user will be unable to login by default.
+          # the administrator needs to manually activate this user.
+          REMOTE_USER_ACTIVATE_USER_AFTER_CREATION = True
+        '';
+    };
+    caddy = {
+      virtualHosts."cloud.darksailor.dev".extraConfig = ''
+        forward_auth localhost:5555 {
+            uri /api/authz/forward-auth
+            copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
+        }
+        reverse_proxy unix//run/seafile/server.sock
+      '';
+    };
+  };
+}
diff --git a/nixos/ryu/services/sunshine.nix b/nixos/ryu/services/sunshine.nix
index ed89e19b..52a63007 100644
--- a/nixos/ryu/services/sunshine.nix
+++ b/nixos/ryu/services/sunshine.nix
@@ -5,7 +5,7 @@
   ];
 
   services.sunshine = {
-    enable = false;
+    enable = true;
     openFirewall = true;
     capSysAdmin = true;
     autoStart = true;
@@ -20,7 +20,7 @@
           name = "Steam Big Picture";
           icon = "steam";
           # detached = ["setsid steam steam://open/gamepadui"];
-          detached = ["${pkgs.util-linux}/bin/setsid ${pkgs.steam}/bin/steam steam://open/gamepadui"];
+          detached = ["/run/wrappers/bin/sudo -u servius ${pkgs.util-linux}/bin/setsid ${pkgs.steam}/bin/steam steam://open/gamepadui"];
           exclude-global-prep-cmd = "false";
           auto-detach = "true";
         }
@@ -31,7 +31,7 @@
           exclude-global-prep-cmd = "false";
           prep-cmd = [];
           # detached = ["setsid steam steam://rungameid/1086940"];
-          detached = ["${pkgs.util-linux}/bin/setsid ${pkgs.steam}/bin/steam steam://rungameid/1086940"];
+          detached = ["/run/wrappers/bin/sudo -u servius ${pkgs.util-linux}/bin/setsid ${pkgs.steam}/bin/steam steam://rungameid/1086940"];
           wait-all = true;
           exit-timeout = 5;
         }