nixfiles/hosts/hetzner-vm/containers/storage/profiles/rclone-serve.nix

{config, ...}: let
  secrets = config.services.secrets.secrets;
  ports = import ../data/ports.nix {};
in {
  systemd.tmpfiles.rules = [
    "d /caches - storage storage"
    "d /caches/main_webdav_serve - storage storage"
    "d /caches/media_webdav_serve - storage storage"
    "d /caches/backups_misskey_webdav_serve - storage storage"
  ];

  services.rclone-serve = let
    serviceConfig = {
      after = ["auto-secrets.service"];
      partOf = ["auto-secrets.service"];
    };
  in {
    enable = true;
    remotes = [
      {
        user = "storage";
        remote = "StorageBox:";
        type = "webdav";
        extraArgs = [
          "--addr=0.0.0.0:${toString ports.rclone_serve_webdav_main}"
          "--htpasswd=${secrets.webdav_main_htpasswd.path}"
          "--baseurl=/Main/"
          "--cache-dir=/caches/main_webdav_serve"
          "--vfs-cache-mode=full"
        ];
        inherit serviceConfig;
      }
      {
        user = "storage";
        remote = "StorageBox:Backups/Misskey";
        type = "webdav";
        extraArgs = [
          "--addr=0.0.0.0:${toString ports.rclone_serve_webdav_misskey}"
          "--htpasswd=${secrets.webdav_misskey_htpasswd.path}"
          "--baseurl=/Misskey/"
          "--cache-dir=/caches/backups_misskey_webdav_serve"
          "--vfs-cache-max-age=30m"
          "--vfs-cache-max-size=3g"
          "--vfs-cache-mode=full"
        ];
        inherit serviceConfig;
      }
      {
        user = "storage";
        remote = "Media-Combine-Serve:";
        type = "webdav";
        extraArgs = [
          "--addr=0.0.0.0:${toString ports.rclone_serve_webdav_media}"
          "--htpasswd=${secrets.webdav_media_htpasswd.path}"
          "--baseurl=/Media/"
          "--cache-dir=/caches/media_webdav_serve"
          "--vfs-cache-max-age=30m"
          "--vfs-cache-max-size=5g"
          "--vfs-cache-mode=full"
        ];
        inherit serviceConfig;
      }
      {
        user = "storage";
        remote = "StorageBox:Music";
        type = "webdav";
        extraArgs = [
          "--addr=0.0.0.0:${toString ports.rclone_serve_webdav_music_ro}"
          "--read-only"
          "--baseurl=/MusicRO/"
        ];
        inherit serviceConfig;
      }
      {
        user = "storage";
        remote = "StorageBox:Music";
        type = "http";
        extraArgs = [
          "--addr=0.0.0.0:${toString ports.rclone_serve_http_music}"
          "--baseurl=/Music/"
          "--read-only"
        ];
        inherit serviceConfig;
      }
      {
        user = "storage";
        remote = "StorageBox:Public";
        type = "http";
        extraArgs = [
          "--addr=0.0.0.0:${toString ports.rclone_serve_http_public}"
          "--baseurl=/Public/"
          "--read-only"
        ];
        inherit serviceConfig;
      }
      {
        user = "storage";
        remote = "StorageBox:Backups/Restic/HetznerVM";
        type = "restic";
        extraArgs = [
          "--addr=0.0.0.0:${toString ports.rclone_serve_restic_hvm}"
          "--htpasswd=${secrets.restic_hetznervm_htpasswd.path}"
          "--baseurl=/HetznerVM/"
        ];
        inherit serviceConfig;
      }
      {
        user = "storage";
        remote = "StorageBox:Backups/Restic/Music";
        type = "restic";
        extraArgs = [
          "--addr=0.0.0.0:${toString ports.rclone_serve_restic_music}"
          "--htpasswd=${secrets.restic_music_htpasswd.path}"
          "--baseurl=/Music/"
        ];
        inherit serviceConfig;
      }
      {
        user = "storage";
        remote = "StorageBox:Backups/Restic/Vault";
        type = "restic";
        extraArgs = [
          "--addr=0.0.0.0:${toString ports.rclone_serve_restic_vault}"
          "--htpasswd=${secrets.restic_vault_htpasswd.path}"
          "--baseurl=/Vault/"
        ];
        inherit serviceConfig;
      }
      {
        user = "storage";
        remote = "StorageBox:Backups/Restic/Matrix";
        type = "restic";
        extraArgs = [
          "--addr=0.0.0.0:${toString ports.rclone_serve_restic_matrix}"
          "--htpasswd=${secrets.restic_matrix_htpasswd.path}"
          "--baseurl=/Matrix/"
        ];
        inherit serviceConfig;
      }
    ];
  };
}
tidy files, switch to alejandra for formatting, add private aliases to mailserver 2022-12-04 13:45:43 +00:00			`{config, ...}: let`
move storage to using secrets module 2022-11-15 14:52:49 +00:00			`secrets = config.services.secrets.secrets;`
moved storage host to a container inside hetzner-vm 2022-12-15 14:33:39 +00:00			`ports = import ../data/ports.nix {};`
move storage to using secrets module 2022-11-15 14:52:49 +00:00			`in {`
storage server for media & updates 2022-11-20 10:34:55 +00:00			`systemd.tmpfiles.rules = [`
			`"d /caches - storage storage"`
			`"d /caches/main_webdav_serve - storage storage"`
			`"d /caches/media_webdav_serve - storage storage"`
fix rclone sync on b2, add extraArgs, fixed misskey media sync 2023-03-25 09:33:20 +00:00			`"d /caches/backups_misskey_webdav_serve - storage storage"`
storage server for media & updates 2022-11-20 10:34:55 +00:00			`];`

move storage to using secrets module 2022-11-15 14:52:49 +00:00			`services.rclone-serve = let`
			`serviceConfig = {`
moved storage host to a container inside hetzner-vm 2022-12-15 14:33:39 +00:00			`after = ["auto-secrets.service"];`
			`partOf = ["auto-secrets.service"];`
move storage to using secrets module 2022-11-15 14:52:49 +00:00			`};`
			`in {`
			`enable = true;`
			`remotes = [`
			`{`
			`user = "storage";`
			`remote = "StorageBox:";`
			`type = "webdav";`
			`extraArgs = [`
moved storage host to a container inside hetzner-vm 2022-12-15 14:33:39 +00:00			`"--addr=0.0.0.0:${toString ports.rclone_serve_webdav_main}"`
move storage to using secrets module 2022-11-15 14:52:49 +00:00			`"--htpasswd=${secrets.webdav_main_htpasswd.path}"`
change capitalization of storage endpoints & backup misskey media 2023-01-07 11:59:13 +00:00			`"--baseurl=/Main/"`
move storage to using secrets module 2022-11-15 14:52:49 +00:00			`"--cache-dir=/caches/main_webdav_serve"`
			`"--vfs-cache-mode=full"`
			`];`
			`inherit serviceConfig;`
			`}`
change capitalization of storage endpoints & backup misskey media 2023-01-07 11:59:13 +00:00			`{`
			`user = "storage";`
			`remote = "StorageBox:Backups/Misskey";`
			`type = "webdav";`
			`extraArgs = [`
			`"--addr=0.0.0.0:${toString ports.rclone_serve_webdav_misskey}"`
			`"--htpasswd=${secrets.webdav_misskey_htpasswd.path}"`
			`"--baseurl=/Misskey/"`
fix rclone sync on b2, add extraArgs, fixed misskey media sync 2023-03-25 09:33:20 +00:00			`"--cache-dir=/caches/backups_misskey_webdav_serve"`
			`"--vfs-cache-max-age=30m"`
			`"--vfs-cache-max-size=3g"`
			`"--vfs-cache-mode=full"`
change capitalization of storage endpoints & backup misskey media 2023-01-07 11:59:13 +00:00			`];`
			`inherit serviceConfig;`
			`}`
storage server for media & updates 2022-11-20 10:34:55 +00:00			`{`
			`user = "storage";`
			`remote = "Media-Combine-Serve:";`
			`type = "webdav";`
			`extraArgs = [`
moved storage host to a container inside hetzner-vm 2022-12-15 14:33:39 +00:00			`"--addr=0.0.0.0:${toString ports.rclone_serve_webdav_media}"`
storage server for media & updates 2022-11-20 10:34:55 +00:00			`"--htpasswd=${secrets.webdav_media_htpasswd.path}"`
change capitalization of storage endpoints & backup misskey media 2023-01-07 11:59:13 +00:00			`"--baseurl=/Media/"`
storage server for media & updates 2022-11-20 10:34:55 +00:00			`"--cache-dir=/caches/media_webdav_serve"`
change cache sizes to not fill up entire fisk 2022-11-20 12:24:57 +00:00			`"--vfs-cache-max-age=30m"`
			`"--vfs-cache-max-size=5g"`
storage server for media & updates 2022-11-20 10:34:55 +00:00			`"--vfs-cache-mode=full"`
			`];`
			`inherit serviceConfig;`
			`}`
move storage to using secrets module 2022-11-15 14:52:49 +00:00			`{`
			`user = "storage";`
			`remote = "StorageBox:Music";`
			`type = "webdav";`
			`extraArgs = [`
moved storage host to a container inside hetzner-vm 2022-12-15 14:33:39 +00:00			`"--addr=0.0.0.0:${toString ports.rclone_serve_webdav_music_ro}"`
move storage to using secrets module 2022-11-15 14:52:49 +00:00			`"--read-only"`
change capitalization of storage endpoints & backup misskey media 2023-01-07 11:59:13 +00:00			`"--baseurl=/MusicRO/"`
move storage to using secrets module 2022-11-15 14:52:49 +00:00			`];`
			`inherit serviceConfig;`
			`}`
			`{`
			`user = "storage";`
			`remote = "StorageBox:Music";`
			`type = "http";`
			`extraArgs = [`
moved storage host to a container inside hetzner-vm 2022-12-15 14:33:39 +00:00			`"--addr=0.0.0.0:${toString ports.rclone_serve_http_music}"`
move storage to using secrets module 2022-11-15 14:52:49 +00:00			`"--baseurl=/Music/"`
			`"--read-only"`
			`];`
			`inherit serviceConfig;`
			`}`
			`{`
			`user = "storage";`
			`remote = "StorageBox:Public";`
			`type = "http";`
			`extraArgs = [`
moved storage host to a container inside hetzner-vm 2022-12-15 14:33:39 +00:00			`"--addr=0.0.0.0:${toString ports.rclone_serve_http_public}"`
move storage to using secrets module 2022-11-15 14:52:49 +00:00			`"--baseurl=/Public/"`
			`"--read-only"`
			`];`
			`inherit serviceConfig;`
			`}`
			`{`
			`user = "storage";`
			`remote = "StorageBox:Backups/Restic/HetznerVM";`
			`type = "restic";`
			`extraArgs = [`
moved storage host to a container inside hetzner-vm 2022-12-15 14:33:39 +00:00			`"--addr=0.0.0.0:${toString ports.rclone_serve_restic_hvm}"`
move storage to using secrets module 2022-11-15 14:52:49 +00:00			`"--htpasswd=${secrets.restic_hetznervm_htpasswd.path}"`
			`"--baseurl=/HetznerVM/"`
			`];`
			`inherit serviceConfig;`
			`}`
			`{`
			`user = "storage";`
			`remote = "StorageBox:Backups/Restic/Music";`
			`type = "restic";`
			`extraArgs = [`
moved storage host to a container inside hetzner-vm 2022-12-15 14:33:39 +00:00			`"--addr=0.0.0.0:${toString ports.rclone_serve_restic_music}"`
move storage to using secrets module 2022-11-15 14:52:49 +00:00			`"--htpasswd=${secrets.restic_music_htpasswd.path}"`
			`"--baseurl=/Music/"`
			`];`
			`inherit serviceConfig;`
			`}`
			`{`
			`user = "storage";`
			`remote = "StorageBox:Backups/Restic/Vault";`
			`type = "restic";`
			`extraArgs = [`
moved storage host to a container inside hetzner-vm 2022-12-15 14:33:39 +00:00			`"--addr=0.0.0.0:${toString ports.rclone_serve_restic_vault}"`
move storage to using secrets module 2022-11-15 14:52:49 +00:00			`"--htpasswd=${secrets.restic_vault_htpasswd.path}"`
			`"--baseurl=/Vault/"`
			`];`
			`inherit serviceConfig;`
			`}`
matrix, more updates 2022-12-20 15:28:31 +00:00			`{`
			`user = "storage";`
			`remote = "StorageBox:Backups/Restic/Matrix";`
			`type = "restic";`
			`extraArgs = [`
			`"--addr=0.0.0.0:${toString ports.rclone_serve_restic_matrix}"`
			`"--htpasswd=${secrets.restic_matrix_htpasswd.path}"`
			`"--baseurl=/Matrix/"`
			`];`
			`inherit serviceConfig;`
			`}`
move storage to using secrets module 2022-11-15 14:52:49 +00:00			`];`
			`};`
			`}`