Enable webdav in LAN for Kodi on the TV

flake.lock

@@ -223,6 +223,27 @@
       }
     },
     "flake-parts_3": {
+      "inputs": {
+        "nixpkgs-lib": [
+          "nix-fast-build",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1722555600,
+        "narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=",
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "rev": "8471fe90ad337a8074e957b69ca4d0089218391d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "flake-parts",
+        "type": "github"
+      }
+    },
+    "flake-parts_4": {
       "inputs": {
         "nixpkgs-lib": "nixpkgs-lib_2"
       },
@@ -240,7 +261,7 @@
         "type": "github"
       }
     },
-    "flake-parts_4": {
+    "flake-parts_5": {
       "inputs": {
         "nixpkgs-lib": [
           "nixThePlanet",
@@ -398,7 +419,7 @@
     },
     "hercules-ci-effects": {
       "inputs": {
-        "flake-parts": "flake-parts_4",
+        "flake-parts": "flake-parts_5",
         "nixpkgs": "nixpkgs_6"
       },
       "locked": {
@@ -622,6 +643,28 @@
         "type": "github"
       }
     },
+    "nix-fast-build": {
+      "inputs": {
+        "flake-parts": "flake-parts_3",
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "treefmt-nix": "treefmt-nix_2"
+      },
+      "locked": {
+        "lastModified": 1730278911,
+        "narHash": "sha256-CrbqsC+lEA3w6gLfpqfDMDEKoEta2sl4sbQK6Z/gXak=",
+        "owner": "Mic92",
+        "repo": "nix-fast-build",
+        "rev": "8e7c9d76979381441facb8888f21408312cf177a",
+        "type": "github"
+      },
+      "original": {
+        "owner": "Mic92",
+        "repo": "nix-fast-build",
+        "type": "github"
+      }
+    },
     "nix-formatter-pack": {
       "inputs": {
         "nixpkgs": [
@@ -712,7 +755,7 @@
     },
     "nixThePlanet": {
       "inputs": {
-        "flake-parts": "flake-parts_3",
+        "flake-parts": "flake-parts_4",
         "hercules-ci-effects": "hercules-ci-effects",
         "nixpkgs": [
           "nixpkgs"
@@ -1119,12 +1162,13 @@
         "lix-eval-jobs": "lix-eval-jobs",
         "lix-module": "lix-module",
         "mobile-nixos": "mobile-nixos",
+        "nix-fast-build": "nix-fast-build",
         "nix-on-droid": "nix-on-droid",
         "nixDarwin": "nixDarwin",
         "nixThePlanet": "nixThePlanet",
         "nixosHardware": "nixosHardware",
         "nixpkgs": "nixpkgs_7",
-        "treefmt-nix": "treefmt-nix_2",
+        "treefmt-nix": "treefmt-nix_3",
         "vscode-server": "vscode-server"
       }
     },
@@ -1254,6 +1298,27 @@
       }
     },
     "treefmt-nix_2": {
+      "inputs": {
+        "nixpkgs": [
+          "nix-fast-build",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1723808491,
+        "narHash": "sha256-rhis3qNuGmJmYC/okT7Dkc4M8CeUuRCSvW6kC2f3hBc=",
+        "owner": "numtide",
+        "repo": "treefmt-nix",
+        "rev": "1d07739554fdc4f8481068f1b11d6ab4c1a4167a",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "treefmt-nix",
+        "type": "github"
+      }
+    },
+    "treefmt-nix_3": {
       "inputs": {
         "nixpkgs": [
           "nixpkgs"

flake.nix

@@ -62,6 +62,10 @@
     };
     catppuccin.url = "github:catppuccin/nix";
     emacs-overlay.url = "github:nix-community/emacs-overlay";
+    nix-fast-build = {
+      url = "github:Mic92/nix-fast-build";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
   };
 
   outputs =

hosts/default.nix

@@ -110,11 +110,13 @@
           "cloudflare-dyndns-api-token" = { };
           "restic-hetzner-password" = { };
           "hass-ssh-key".owner = "hass";
+          "sisko-attic-environment-file".owner = "atticd";
           "autistici-password" = {
             # FIXME terrible, should create a third ad-hoc group
             owner = "grafana";
             group = "forgejo";
           };
+
         };
       };
     };

hosts/sisko/default.nix

@@ -18,7 +18,7 @@
       "sisko-proxy"
       "invidious"
       "searx"
-      "sisko-nfs"
+      "sisko-share"
       "forgejo"
       "prometheus"
       "grafana"
@@ -30,6 +30,7 @@
       "immich"
       "paperless"
       "syncthing"
+      "atticd"
     ]
     ++ [
       ./disko.nix

modules/atticd/default.nix

@@ -0,0 +1,52 @@
+{ config, lib, ... }:
+{
+  services.atticd = {
+    enable = true;
+    settings = {
+      listen = "0.0.0.0:8081";
+      allowed-hosts = [ ]; # Allow all hosts
+      # api-endpoint = "https://cache.staging.mlabs.city/";
+      soft-delete-caches = false;
+      require-proof-of-possession = true;
+
+      database.url = "sqlite://${config.services.atticd.settings.storage.path}/server.db?mode=rwc";
+
+      storage = {
+        type = "local";
+        path = "/mnt/hd/atticd";
+      };
+
+      compression = {
+        level = 8;
+        type = "zstd";
+      };
+
+      chunking = {
+        nar-size-threshold = 64 * 1024; # 64 KiB
+        min-size = 16 * 1024; # 16 KiB
+        avg-size = 64 * 1024; # 64 KiB
+        max-size = 256 * 1024; # 256 KiB
+      };
+    };
+    environmentFile = config.age.secrets.sisko-attic-environment-file.path;
+  };
+
+  systemd.services.atticd = {
+    serviceConfig = {
+      DynamicUser = lib.mkForce false;
+    };
+  };
+
+  systemd.tmpfiles.rules = [
+    "d config.services.atticd.settings.storage.path 770 atticd atticd"
+  ];
+
+  users = {
+    groups.atticd = { };
+    users.atticd = {
+      group = "atticd";
+      home = config.services.atticd.settings.storage.path;
+      isSystemUser = true;
+    };
+  };
+}

modules/forgejo-runners/default.nix

@@ -23,6 +23,7 @@ let
         nix-fast-build
         curl
         tea
+        attic-client
       ]
     }; do
       for bin in "$dir"/bin/*; do

modules/home-assistant/default.nix

@@ -70,15 +70,6 @@ in
           "::1"
         ];
       };
-      # ffmpeg = {};
-      # camera = [
-      #   {
-      #     name = "EyeToy";
-      #     platform = "ffmpeg";
-      #     input = "/dev/video1";
-      #     extra_arguments = "-vcodec h264";
-      #   }
-      # ];
       homeassistant = {
         unit_system = "metric";
         time_zone = "Europe/Rome";
@@ -87,17 +78,6 @@ in
         internal_url = "http://rock5b.fleet:8123";
       };
       logger.default = "WARNING";
-      # backup = {};
-      # media_player = [{
-      #   platform = "webostv";
-      #   host = "10.1.1.213";
-      #   name = "TV";
-      #   timeout = "5";
-      #   turn_on_action = {
-      #     service = "wake_on_lan.send_magic_packet";
-      #     data.mac = "20:28:bc:74:14:c2";
-      #   };
-      # }];
       wake_on_lan = { };
       switch = [
         {
@@ -109,7 +89,6 @@ in
         }
       ];
       shell_command.turn_off_picard = ''${pkgs.openssh}/bin/ssh -i /var/lib/hass/.ssh/id_ed25519 -o StrictHostKeyChecking=no hass@picard.fleet "exec sudo \$(readlink \$(which systemctl)) poweroff"'';
-      # shell_command.turn_off_picard = ''whoami'';
       prometheus = {
         namespace = "hass";
       };

modules/nix/default.nix

@@ -2,17 +2,23 @@
   config,
   lib,
   fleetFlake,
+  pkgs,
   ...
 }:
 {
   nixpkgs.overlays = [
     (final: _: {
+      nix-fast-build = fleetFlake.inputs.nix-fast-build.packages.${final.system}.nix-fast-build // {
+        nix = final.nix;
+      };
       nix-eval-job = fleetFlake.inputs.lix-eval-jobs.packages.${final.system}.nix-eval-jobs // {
         nix = final.nix;
       };
     })
   ];
 
+  environment.systemPackages = [ pkgs.nix-fast-build ];
+
   nix = {
     optimise.automatic = true;
 

modules/sisko-nfs/default.nix

@@ -1,20 +0,0 @@
-{
-  systemd.tmpfiles.rules = [
-    "d /export 770 nobody nogroup"
-  ];
-
-  fileSystems."/export/hd" = {
-    device = "/mnt/hd";
-    options = [ "bind" ];
-  };
-
-  services.nfs.server = {
-    enable = true;
-    exports = ''
-      /export     10.100.0.1/24(rw,fsid=0,no_subtree_check)
-      /export/hd  10.100.0.1/24(rw,nohide,insecure,no_subtree_check,no_root_squash)
-    '';
-  };
-
-  networking.firewall.allowedTCPPorts = [ 2049 ];
-}

modules/sisko-share/default.nix

@@ -0,0 +1,39 @@
+{
+  systemd.tmpfiles.rules = [
+    "d /export 770 nobody nogroup"
+  ];
+
+  fileSystems."/export/hd" = {
+    device = "/mnt/hd";
+    options = [ "bind" ];
+  };
+
+  services.nfs.server = {
+    enable = true;
+    exports = ''
+      /export     10.100.0.1/24(rw,fsid=0,no_subtree_check)
+      /export/hd  10.100.0.1/24(rw,nohide,insecure,no_subtree_check,no_root_squash)
+    '';
+  };
+
+  services.webdav = {
+    enable = true;
+
+    settings = {
+      address = "10.1.1.2"; # accessible only in LAN, used by Kodi installed on the TV
+      port = 9999;
+      scope = "/mnt/hd/torrent";
+      modify = false;
+      auth = false; # TODO should we enable authentication? It's only reachable in LAN
+      debug = true;
+      users = [ ];
+    };
+  };
+
+  users.users.webdav.extraGroups = [ "transmission" ];
+
+  networking.firewall.allowedTCPPorts = [
+    2049
+    9999
+  ];
+}

secrets/secrets.nix

@@ -161,6 +161,11 @@ with keys.users;
     ccr-gpg
     sisko
   ];
+  "sisko-attic-environment-file.age".publicKeys = [
+    ccr-ssh
+    ccr-gpg
+    sisko
+  ];
 
   # WireGuard
   "picard-wireguard-private-key.age".publicKeys = [