msyds/sydnix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: add Git-annex module

Browse Source
This commit is contained in:
Madeleine Sydney
2025-01-23 14:08:56 -07:00
parent f4924eeb59
commit fbd7553bc6
8 changed files with 262 additions and 70 deletions
Download Patch File Download Diff File Expand all files Collapse all files

63
modules/nixos/deertopia/webdav.nix Normal file
View File

@@ -0,0 +1,63 @@
{ config, lib, pkgs, ... }:
with lib;
let cfg = config.sydnix.deertopia.webdav;
in {
options = {
sydnix.deertopia.webdav = {
enable = mkEnableOption "Deertopia's WebDAV server";
port = lib.mkOption {
default = 22016;
type = lib.types.port;
description = ''
The internal WebDAV port. The actual server will be hosted at
https://dav.deertopia.net:80/.
'';
};
};
};
config = mkIf cfg.enable {
systemd.services.deertopia-webdav-server =
let htpasswdFile = "/persist/deertopia.net/htpasswd";
directory = "/persist/deertopia.net/dav";
in {
description = "Deertopia's WebDAV server";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
script = ''
${pkgs.rclone}/bin/rclone serve webdav \
--addr ":${builtins.toString cfg.port}" \
--htpasswd "${htpasswdFile}" "${directory}"
'';
serviceConfig.Restart = "always";
};
# Without this, Nginx will attempt redirections to https://localhost, which
# is not okay, as localhost does not have any associated certs!
# See: https://forum.seafile.com/t/seafdav-move-command-causing-502/11582/26
services.nginx.appendHttpConfig = ''
map $http_destination $http_destination_webdav {
~*https://(.+) http://$1;
default $http_destination;
}
'';
sydnix.deertopia.nginx.vhosts."dav".vhost = {
forceSSL = true;
enableACME = true;
locations."/" = {
extraConfig = ''
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
# See previous note regarding the HTTPS -> HTTP redirection.
proxy_set_header Destination $http_destination_webdav;
proxy_pass "http://localhost:${builtins.toString cfg.port}";
'';
};
};
};
}