{ self, hostPath, tree, lib, inputs, pkgs, ... }: let inherit (lib.attrsets) attrValues; containerAddresses = import "${hostPath}/data/containerAddresses.nix"; hostIP = containerAddresses.host; containerIP = containerAddresses.containers.storage; # 32GB clientMaxBodySize = "${toString (8192 * 4)}M"; ports = import ./data/ports.nix; in { containers.storage = { autoStart = true; privateNetwork = true; hostAddress = hostIP; localAddress = containerIP; bindMounts = { "/dev/fuse" = { hostPath = "/dev/fuse"; isReadOnly = false; }; }; # Allow rclone mount in container allowedDevices = [ { modifier = "rwm"; node = "/dev/fuse"; } { modifier = "rwm"; node = "/dev/mapper/control"; } ]; specialArgs = { inherit inputs; inherit tree; inherit self; inherit hostPath; }; config = {...}: { nixpkgs.pkgs = pkgs; imports = with tree; [ presets.nixos.containerBase ./secrets.nix ] ++ (with hosts.hetzner-arm.containers.storage.profiles; [ rcloneConfigs rcloneServe rcloneSync users ]); environment.systemPackages = with pkgs; [ rclone fuse fuse3 ]; networking.firewall = { enable = true; allowedTCPPorts = attrValues ports; }; home-manager.users.root.home.stateVersion = "23.05"; system.stateVersion = "23.05"; }; }; services.nginx.virtualHosts."storage-webdav.owo.monster" = { forceSSL = true; enableACME = true; locations = { "/Main/".proxyPass = "http://${containerIP}:${toString ports.webdav_main}"; "/Media/".proxyPass = "http://${containerIP}:${toString ports.webdav_media}"; "/MusicRO/".proxyPass = "http://${containerIP}:${toString ports.webdav_music_ro}"; "/Public/".proxyPass = "http://${containerIP}:${toString ports.webdav_public}"; "/Uploads/".proxyPass = "http://${containerIP}:${toString ports.webdav_uploads}"; "/Gaming/".proxyPass = "http://${containerIP}:${toString ports.webdav_gaming}"; "/Notes/".proxyPass = "http://${containerIP}:${toString ports.webdav_notes}"; }; extraConfig = '' client_max_body_size ${clientMaxBodySize}; ''; }; services.nginx.virtualHosts."storage-http.owo.monster" = { forceSSL = true; enableACME = true; locations = { "/Music/".proxyPass = "http://${containerIP}:${toString ports.http_music}"; "/Public/".proxyPass = "http://${containerIP}:${toString ports.http_public}"; "/Uploads/".proxyPass = "http://${containerIP}:${toString ports.http_uploads_public}"; }; extraConfig = '' client_max_body_size ${clientMaxBodySize}; ''; }; services.nginx.virtualHosts."storage-restic.owo.monster" = { forceSSL = true; enableACME = true; locations = { "/Music/".proxyPass = "http://${containerIP}:${toString ports.restic_music}"; "/Vault/".proxyPass = "http://${containerIP}:${toString ports.restic_vault}"; "/Social/".proxyPass = "http://${containerIP}:${toString ports.restic_social}"; "/Quassel/".proxyPass = "http://${containerIP}:${toString ports.restic_quassel}"; "/PostgreSQL/".proxyPass = "http://${containerIP}:${toString ports.restic_postgresql}"; "/Mail/".proxyPass = "http://${containerIP}:${toString ports.restic_mail}"; "/Forgejo/".proxyPass = "http://${containerIP}:${toString ports.restic_forgejo}"; "/CalDAV/".proxyPass = "http://${containerIP}:${toString ports.restic_caldav}"; "/Owncast/".proxyPass = "http://${containerIP}:${toString ports.restic_owncast}"; "/Jellyfin/".proxyPass = "http://${containerIP}:${toString ports.restic_jellyfin}"; "/Grocy/".proxyPass = "http://${containerIP}:${toString ports.restic_grocy}"; "/Lappy-T495/".proxyPass = "http://${containerIP}:${toString ports.restic_lappy_t495}"; }; extraConfig = '' client_max_body_size ${clientMaxBodySize}; ''; }; }