{ config, lib, ... }:

{

  dns.zones."ctu.cx".subdomains."storage.home".CNAME = lib.mkIf config.networking.usePBBUplink [ "${config.networking.fqdn}." ];

  services.nginx.virtualHosts = {
    "storage.home.ctu.cx" = {
      enableACME = lib.mkIf config.networking.usePBBUplink true;
      forceSSL   = lib.mkIf config.networking.usePBBUplink true;
      kTLS       = lib.mkIf config.networking.usePBBUplink true;

      basicAuthFile = "/var/src/secrets/nginx/storage.htpasswd";

      locations."= /" = {
        alias = "${./web-root}/";
        extraConfig = ''
          try_files index.html =404;
        '';
      };

      locations."/_/" = {
        alias = "/data/";
        extraConfig = ''
          autoindex on;
          autoindex_format json;

          client_body_temp_path /data;
          dav_methods PUT DELETE MKCOL COPY MOVE;
          create_full_put_path on;
          dav_access group:rw all:r;
          client_max_body_size 1G;
        '';
      };
    };
  };

  systemd.services.nginx.serviceConfig = {
    ReadWritePaths = [ "/data" ];
  };
}