ctucx.git: nixfiles

ctucx' nixfiles

path: /machines/briefkasten/websites/music.home.ctu.cx.nix 2.29 KB | plain
1 
2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 
29 
30 
31 
32 
33 
34 
35 
36 
37 
38 
39 
40 
41 
42 
43 
44 
45 
46 
47 
48 
49 
50 
51 
52 
53 
54 
55 
56 
57 
58 
59 
60 
61 
62 
63 
64 
65 
66 
67 
68 
69 
70 
71 
72 
73 
74 
75 
76 
77 
78 
79 
80 
81 
82 
83 
84 
85 
86 
{ config, pkgs, lib, ... }:

let
  webmusic-nginx = pkgs.fetchgit {
    url    = "https://cgit.ctu.cx/webmusic-nginx";
    rev    = "ac42fd4ab6820f5e840b13cbd03f3cdf0ae149ff";
    sha256 = "00griw6qn3qw2g3ga5nn5p7dk0xac9wa2ni35n4a4yasd1y71xx8";
  };

in {

#  dns.zones."ctu.cx".subdomains."music.home".CNAME = [ "${config.networking.fqdn}." ];
  services.dnsmasq.settings.cname                  = [ "music.home.ctu.cx, ${config.networking.fqdn}" ];

  fileSystems."/mnt/music_originals" = {
    device = "/nix/persist/home/katja/syncthing/Music (Originals)";
    options = [ "bind" "ro" ];
  };

  services.nginx = {
    enable = true;
    virtualHosts."music.home.ctu.cx" = {
      enableACME = lib.mkIf config.networking.usePBBUplink true;
      forceSSL   = lib.mkIf config.networking.usePBBUplink true;
      kTLS       = lib.mkIf config.networking.usePBBUplink true;
      root       = "/mnt/music_originals";
      locations  = {

        "~ ^(.*/)$".extraConfig = ''
          autoindex on;
          autoindex_exact_size off;
          autoindex_format xml;

          xslt_string_param path $uri;
          xslt_stylesheet ${webmusic-nginx}/webmusic.xslt;

          auth_basic 'Auth required';
          auth_basic_user_file ${pkgs.writeText "auth-file" "giveme:$apr1$nln71O9Y$j2wSV4BmYBHbqRSwOGQZl."};
        '';

        "~(.*)playlist.m3u$".extraConfig = ''
          set $url http://[::1]:81$1;
          proxy_pass $url;
          proxy_set_header Domain $scheme://$host;
          proxy_hide_header 'Content-Type';
          add_header 'Content-Type' 'text/plain';
        '';

        "/assets/".alias = "${webmusic-nginx}/";
      };

      extraConfig = ''
        satisfy any;
        allow 2a0f:4ac0:acab::/48;
        allow 10.0.0.0/8;
        allow 195.39.246.32/28;
        allow 195.39.247.48/29;
      '';
    };

    appendHttpConfig = ''
      server {
        server_name webmusic.local;
        listen [::1]:81;
        access_log off;

        allow ::1;
        deny all;

        root /mnt/music_originals;

        location / {
          autoindex on;
          autoindex_exact_size off;
          autoindex_format xml;

          xslt_string_param domain $http_domain;
          xslt_string_param path $uri;
          xslt_stylesheet ${webmusic-nginx}/webmusic-playlist.xslt;
        }
      }
    '';
  };

}