nixfiles/hosts/storage/profiles/rclone-serve.nix

{ config, ... }:
let
  secrets = config.services.secrets.secrets;
  ports = (import ../ports.nix { });
in {
  services.rclone-serve = let
    serviceConfig = {
      after = [ "secrets-init.service" ];
      partOf = [ "secrets-init.service" ];
    };
  in {
    enable = true;
    remotes = [
      {
        user = "storage";
        remote = "StorageBox:";
        type = "webdav";
        extraArgs = [
          "--addr=:${toString ports.rclone_serve_webdav_main}"
          "--htpasswd=${secrets.webdav_main_htpasswd.path}"
          "--baseurl=/main/"
          "--cache-dir=/caches/main_webdav_serve"
          "--vfs-cache-mode=full"
        ];
        inherit serviceConfig;
      }
      {
        user = "storage";
        remote = "StorageBox:Music";
        type = "webdav";
        extraArgs = [
          "--addr=:${toString ports.rclone_serve_webdav_music_ro}"
          "--read-only"
          "--baseurl=/music_ro/"
        ];
        inherit serviceConfig;
      }
      {
        user = "storage";
        remote = "StorageBox:Music";
        type = "http";
        extraArgs = [
          "--addr=:${toString ports.rclone_serve_http_music}"
          "--baseurl=/Music/"
          "--read-only"
        ];
        inherit serviceConfig;
      }
      {
        user = "storage";
        remote = "StorageBox:Public";
        type = "http";
        extraArgs = [
          "--addr=:${toString ports.rclone_serve_http_public}"
          "--baseurl=/Public/"
          "--read-only"
        ];
        inherit serviceConfig;
      }
      {
        user = "storage";
        remote = "StorageBox:Backups/Restic/HetznerVM";
        type = "restic";
        extraArgs = [
          "--addr=:${toString ports.rclone_serve_restic_hvm}"
          "--htpasswd=${secrets.restic_hetznervm_htpasswd.path}"
          "--baseurl=/HetznerVM/"
        ];
        inherit serviceConfig;
      }
      {
        user = "storage";
        remote = "StorageBox:Backups/Restic/Music";
        type = "restic";
        extraArgs = [
          "--addr=:${toString ports.rclone_serve_restic_music}"
          "--htpasswd=${secrets.restic_music_htpasswd.path}"
          "--baseurl=/Music/"
        ];
        inherit serviceConfig;
      }
      {
        user = "storage";
        remote = "StorageBox:Backups/Restic/Vault";
        type = "restic";
        extraArgs = [
          "--addr=:${toString ports.rclone_serve_restic_vault}"
          "--htpasswd=${secrets.restic_vault_htpasswd.path}"
          "--baseurl=/Vault/"
        ];
        inherit serviceConfig;
      }
    ];
  };

  networking.firewall.allowedTCPPorts = [ 80 443 ];

  services.nginx.virtualHosts."storage-webdav.owo.monster" = {
    forceSSL = true;
    enableACME = true;
    locations = {
      "/main/".proxyPass =
        "http://localhost:${toString ports.rclone_serve_webdav_main}";
      "/music_ro/".proxyPass =
        "http://localhost:${toString ports.rclone_serve_webdav_music_ro}";
    };
  };

  services.nginx.virtualHosts."storage-http.owo.monster" = {
    forceSSL = true;
    enableACME = true;
    locations = {
      "/Music/".proxyPass =
        "http://localhost:${toString ports.rclone_serve_http_music}";
      "/Public/".proxyPass =
        "http://localhost:${toString ports.rclone_serve_http_public}";
    };
  };

  services.nginx.virtualHosts."storage-restic.owo.monster" = {
    forceSSL = true;
    enableACME = true;
    locations = {
      "/HetznerVM/".proxyPass =
        "http://localhost:${toString ports.rclone_serve_restic_hvm}";
      "/Music/".proxyPass =
        "http://localhost:${toString ports.rclone_serve_restic_music}";
      "/Vault/".proxyPass =
        "http://localhost:${toString ports.rclone_serve_restic_vault}";
    };
  };
}
move storage to using secrets module 2022-11-15 14:52:49 +00:00			`{ config, ... }:`
			`let`
			`secrets = config.services.secrets.secrets;`
			`ports = (import ../ports.nix { });`
			`in {`
			`services.rclone-serve = let`
			`serviceConfig = {`
			`after = [ "secrets-init.service" ];`
			`partOf = [ "secrets-init.service" ];`
			`};`
			`in {`
			`enable = true;`
			`remotes = [`
			`{`
			`user = "storage";`
			`remote = "StorageBox:";`
			`type = "webdav";`
			`extraArgs = [`
			`"--addr=:${toString ports.rclone_serve_webdav_main}"`
			`"--htpasswd=${secrets.webdav_main_htpasswd.path}"`
			`"--baseurl=/main/"`
			`"--cache-dir=/caches/main_webdav_serve"`
			`"--vfs-cache-mode=full"`
			`];`
			`inherit serviceConfig;`
			`}`
			`{`
			`user = "storage";`
			`remote = "StorageBox:Music";`
			`type = "webdav";`
			`extraArgs = [`
			`"--addr=:${toString ports.rclone_serve_webdav_music_ro}"`
			`"--read-only"`
			`"--baseurl=/music_ro/"`
			`];`
			`inherit serviceConfig;`
			`}`
			`{`
			`user = "storage";`
			`remote = "StorageBox:Music";`
			`type = "http";`
			`extraArgs = [`
			`"--addr=:${toString ports.rclone_serve_http_music}"`
			`"--baseurl=/Music/"`
			`"--read-only"`
			`];`
			`inherit serviceConfig;`
			`}`
			`{`
			`user = "storage";`
			`remote = "StorageBox:Public";`
			`type = "http";`
			`extraArgs = [`
			`"--addr=:${toString ports.rclone_serve_http_public}"`
			`"--baseurl=/Public/"`
			`"--read-only"`
			`];`
			`inherit serviceConfig;`
			`}`
			`{`
			`user = "storage";`
			`remote = "StorageBox:Backups/Restic/HetznerVM";`
			`type = "restic";`
			`extraArgs = [`
			`"--addr=:${toString ports.rclone_serve_restic_hvm}"`
			`"--htpasswd=${secrets.restic_hetznervm_htpasswd.path}"`
			`"--baseurl=/HetznerVM/"`
			`];`
			`inherit serviceConfig;`
			`}`
			`{`
			`user = "storage";`
			`remote = "StorageBox:Backups/Restic/Music";`
			`type = "restic";`
			`extraArgs = [`
			`"--addr=:${toString ports.rclone_serve_restic_music}"`
			`"--htpasswd=${secrets.restic_music_htpasswd.path}"`
			`"--baseurl=/Music/"`
			`];`
			`inherit serviceConfig;`
			`}`
			`{`
			`user = "storage";`
			`remote = "StorageBox:Backups/Restic/Vault";`
			`type = "restic";`
			`extraArgs = [`
			`"--addr=:${toString ports.rclone_serve_restic_vault}"`
			`"--htpasswd=${secrets.restic_vault_htpasswd.path}"`
			`"--baseurl=/Vault/"`
			`];`
			`inherit serviceConfig;`
			`}`
			`];`
			`};`

			`networking.firewall.allowedTCPPorts = [ 80 443 ];`

			`services.nginx.virtualHosts."storage-webdav.owo.monster" = {`
			`forceSSL = true;`
			`enableACME = true;`
			`locations = {`
			`"/main/".proxyPass =`
			`"http://localhost:${toString ports.rclone_serve_webdav_main}";`
			`"/music_ro/".proxyPass =`
			`"http://localhost:${toString ports.rclone_serve_webdav_music_ro}";`
			`};`
			`};`

			`services.nginx.virtualHosts."storage-http.owo.monster" = {`
			`forceSSL = true;`
			`enableACME = true;`
			`locations = {`
			`"/Music/".proxyPass =`
			`"http://localhost:${toString ports.rclone_serve_http_music}";`
			`"/Public/".proxyPass =`
			`"http://localhost:${toString ports.rclone_serve_http_public}";`
			`};`
			`};`

			`services.nginx.virtualHosts."storage-restic.owo.monster" = {`
			`forceSSL = true;`
			`enableACME = true;`
			`locations = {`
			`"/HetznerVM/".proxyPass =`
			`"http://localhost:${toString ports.rclone_serve_restic_hvm}";`
			`"/Music/".proxyPass =`
			`"http://localhost:${toString ports.rclone_serve_restic_music}";`
			`"/Vault/".proxyPass =`
			`"http://localhost:${toString ports.rclone_serve_restic_vault}";`
			`};`
			`};`
			`}`