64 lines
1.9 KiB
Nix
64 lines
1.9 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
with lib;
|
|
|
|
let cfg = config.sydnix.deertopia.webdav;
|
|
in {
|
|
options = {
|
|
sydnix.deertopia.webdav = {
|
|
enable = mkEnableOption "Deertopia's WebDAV server";
|
|
|
|
port = lib.mkOption {
|
|
default = 22016;
|
|
type = lib.types.port;
|
|
description = ''
|
|
The internal WebDAV port. The actual server will be hosted at
|
|
https://dav.deertopia.net:80/.
|
|
'';
|
|
};
|
|
};
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
systemd.services.deertopia-webdav-server =
|
|
let htpasswdFile = "/persist/deertopia.net/htpasswd";
|
|
directory = "/persist/deertopia.net/dav";
|
|
in {
|
|
description = "Deertopia's WebDAV server";
|
|
after = [ "network.target" ];
|
|
wantedBy = [ "multi-user.target" ];
|
|
script = ''
|
|
${pkgs.rclone}/bin/rclone serve webdav \
|
|
--addr ":${builtins.toString cfg.port}" \
|
|
--htpasswd "${htpasswdFile}" "${directory}"
|
|
'';
|
|
serviceConfig.Restart = "always";
|
|
};
|
|
|
|
# Without this, Nginx will attempt redirections to https://localhost, which
|
|
# is not okay, as localhost does not have any associated certs!
|
|
# See: https://forum.seafile.com/t/seafdav-move-command-causing-502/11582/26
|
|
services.nginx.appendHttpConfig = ''
|
|
map $http_destination $http_destination_webdav {
|
|
~*https://(.+) http://$1;
|
|
default $http_destination;
|
|
}
|
|
'';
|
|
|
|
sydnix.deertopia.nginx.vhosts."dav".vhost = {
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
locations."/" = {
|
|
extraConfig = ''
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Forwarded-For $remote_addr;
|
|
# See previous note regarding the HTTPS -> HTTP redirection.
|
|
proxy_set_header Destination $http_destination_webdav;
|
|
|
|
proxy_pass "http://localhost:${builtins.toString cfg.port}";
|
|
'';
|
|
};
|
|
};
|
|
};
|
|
}
|