ctucx.git: nixfiles

ctucx' nixfiles

path: /machines/briefkasten/websites/storage.home.ctu.cx/default.nix 1.05 KB | plain
1 
2 
3 
4 
5 
6 
7 
8 
9 
10 
11 
12 
13 
14 
15 
16 
17 
18 
19 
20 
21 
22 
23 
24 
25 
26 
27 
28 
29 
30 
31 
32 
33 
34 
35 
36 
37 
38 
39 
40 
41 
42 
{ config, lib, ... }:

{

  dns.zones."ctu.cx".subdomains."storage.home".CNAME = lib.mkIf config.networking.usePBBUplink [ "${config.networking.fqdn}." ];

  services.nginx.virtualHosts = {
    "storage.home.ctu.cx" = {
      enableACME = lib.mkIf config.networking.usePBBUplink true;
      forceSSL   = lib.mkIf config.networking.usePBBUplink true;
      kTLS       = lib.mkIf config.networking.usePBBUplink true;

      basicAuthFile = "/var/src/secrets/nginx/storage.htpasswd";

      locations."= /" = {
        alias = "${./web-root}/";
        extraConfig = ''
          try_files index.html =404;
        '';
      };

      locations."/_/" = {
        alias = "/data/";
        extraConfig = ''
          autoindex on;
          autoindex_format json;

          client_body_temp_path /data;
          dav_methods PUT DELETE MKCOL COPY MOVE;
          create_full_put_path on;
          dav_access group:rw all:r;
          client_max_body_size 1G;
        '';
      };
    };
  };

  systemd.services.nginx.serviceConfig = {
    ReadWritePaths = [ "/data" ];
  };
}