# this will start `/usr/local/bin/copyparty-sfx.py`
# and share '/mnt' with anonymous read+write
#
# installation:
#   cp -pv copyparty.service /etc/systemd/system
#   restorecon -vr /etc/systemd/system/copyparty.service
#   firewall-cmd --permanent --add-port={80,443,3923}/tcp  # --zone=libvirt
#   firewall-cmd --reload
#   systemctl daemon-reload && systemctl enable --now copyparty
#
# you may want to:
#   change "User=cpp" and "/home/cpp/" to another user
#   remove the nft lines to only listen on port 3923
# and in the ExecStart= line:
#   change '/usr/bin/python3' to another interpreter
#   change '/mnt::rw' to another location or permission-set
#   add '-q' to disable logging on busy servers
#   add '-i 127.0.0.1' to only allow local connections
#   add '-e2dsa' to enable filesystem scanning + indexing
#   add '-e2ts' to enable metadata indexing
#
# with `Type=notify`, copyparty will signal systemd when it is ready to
#   accept connections; correctly delaying units depending on copyparty.
#   But note that journalctl will get the timestamps wrong due to
#   python disabling line-buffering, so messages are out-of-order:
#   https://user-images.githubusercontent.com/241032/126040249-cb535cc7-c599-4931-a796-a5d9af691bad.png
#
# unless you add -q to disable logging, you may want to remove the
#   following line to allow buffering (slightly better performance):
#   Environment=PYTHONUNBUFFERED=x
#
# keep ExecStartPre before ExecStart, at least on rhel8

[Unit]
Description=copyparty file server

[Service]
Type=notify
SyslogIdentifier=copyparty
Environment=PYTHONUNBUFFERED=x
ExecReload=/bin/kill -s USR1 $MAINPID

# user to run as + where the TLS certificate is (if any)
User=cpp
Environment=XDG_CONFIG_HOME=/home/cpp/.config

# setup forwarding from ports 80 and 443 to port 3923
ExecStartPre=+/bin/bash -c 'nft -n -a list table nat | awk "/ to :3923 /{print\$NF}" | xargs -rL1 nft delete rule nat prerouting handle; true'
ExecStartPre=+nft add table ip nat
ExecStartPre=+nft -- add chain ip nat prerouting { type nat hook prerouting priority -100 \; }
ExecStartPre=+nft add rule ip nat prerouting tcp dport 80 redirect to :3923
ExecStartPre=+nft add rule ip nat prerouting tcp dport 443 redirect to :3923

# stop systemd-tmpfiles-clean.timer from deleting copyparty while it's running
ExecStartPre=+/bin/bash -c 'mkdir -p /run/tmpfiles.d/ && echo "x /tmp/pe-copyparty*" > /run/tmpfiles.d/copyparty.conf'

# copyparty settings
ExecStart=/usr/bin/python3 /usr/local/bin/copyparty-sfx.py -e2d -v /mnt::rw

[Install]
WantedBy=multi-user.target