3 files changed, 124 insertions, 1 deletions

diff --git a/modules/tlmp/default.nix b/modules/tlmp/default.nix
index 11c21a2..c70cc5c 100644
--- a/modules/tlmp/default.nix
+++ b/modules/tlmp/default.nix
@@ -2,7 +2,7 @@
 
 with self.lib.nginx;
 {
-  imports = [ ./rtorrent.nix ];
+  imports = [ ./rtorrent.nix ./slsk.nix ];
 
   security.acme.certs = {
     "media.cocaine.farm" = {
diff --git a/modules/tlmp/slsk.nix b/modules/tlmp/slsk.nix
new file mode 100644
index 0000000..e72d64b
--- /dev/null
+++ b/modules/tlmp/slsk.nix
@@ -0,0 +1,123 @@
+{
+  self,
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+with self.lib.nginx;
+{
+  services.slskd = {
+    enable = true;
+    environmentFile = "/etc/secrets/slskd.env";
+    domain = null;
+
+    settings = {
+      remote_file_management = true;
+
+      directories = {
+        downloads = "/mnt/media/soulseek/downloads";
+        incomplete = "/mnt/media/soulseek/incomplete";
+      };
+
+      shares = {
+        directories = [ "[Music]/mnt/media/Music" ];
+        cache = {
+          storage_mode = "memory";
+          workers = 4;
+          retention = 10080; # 1 week
+        };
+      };
+
+      global = {
+        upload = {
+          slots = 20;
+          speed_limit = 250000; # kibibytes
+        };
+        download = {
+          slots = 500;
+          speed_limit = 250000;
+        };
+      };
+
+      groups = {
+        user_defined = {
+          buddies = {
+            upload = {
+              priority = 500;
+              strategy = "roundrobin";
+              slots = 100;
+              speed_limit = 750000;
+            };
+            members = [ ];
+          };
+        };
+      };
+
+      web = {
+        authentication = {
+          disabled = true;
+        };
+
+        socket = "/run/slskd/web.sock";
+      };
+
+      filters = {
+        search = {
+          request = [
+            "^.{1,2}$" # discard any requests shorter than 3 characters
+          ];
+        };
+      };
+
+      retention = {
+        search = 2880; # 2 day
+        transfers = {
+          upload = {
+            succeeded = 2880; # 2 day
+            errored = 30;
+            cancelled = 5;
+          };
+          download = {
+            succeeded = 2880; # 2 day
+            errored = 20160; # 2 weeks
+            cancelled = 5;
+          };
+        };
+        logs = 180; # days
+      };
+    };
+  };
+
+  # VPN Setup
+  # SLSKD_SLSK_LISTEN_IP_ADDRESS
+  # SLSKD_SLSK_LISTEN_PORT
+  users.users.slskd.extraGroups = [ "media" ];
+
+  systemd.services.slskd = {
+    bindsTo = [ "wireguard-proton.service" ];
+    after = [ "wireguard-proton.service" ];
+    unitConfig.JoinsNamespaceOf = "netns@torrent.service";
+    serviceConfig = {
+      PrivateNetwork = true;
+      UMask = "ug=rw,o=r";
+
+      ProtectSystem = lib.mkForce "full";
+    };
+  };
+
+  services.nginx = {
+    enable = true;
+    virtualHosts = {
+      "slsk.media.cocaine.farm" = proxyDomainAuth "media.cocaine.farm" "http://unix:/run/slskd/web.sock";
+    };
+  };
+
+  secrets = {
+    slskd = {
+      source = ../../secrets/slskd.env;
+      dest = "/etc/secrets/slskd.env";
+    };
+  };
+}
diff --git a/secrets b/secrets
-Subproject 6e0d80a8d98f8c97f8904b4dc0cd8d19dfe3cf8
+Subproject 6bd4e1f8275697747cc71c4858196129dc7de2b