{ config, ... }:
let
secrets = config.services.secrets.secrets;
ports = (import ../ports.nix { });
in {
systemd.tmpfiles.rules = [
"d /caches - storage storage"
"d /caches/main_webdav_serve - storage storage"
"d /caches/media_webdav_serve - storage storage"
];
services.rclone-serve = let
serviceConfig = {
after = [ "secrets-init.service" ];
partOf = [ "secrets-init.service" ];
};
in {
enable = true;
remotes = [
{
user = "storage";
remote = "StorageBox:";
type = "webdav";
extraArgs = [
"--addr=:${toString ports.rclone_serve_webdav_main}"
"--htpasswd=${secrets.webdav_main_htpasswd.path}"
"--baseurl=/main/"
"--cache-dir=/caches/main_webdav_serve"
"--vfs-cache-mode=full"
];
inherit serviceConfig;
}
{
user = "storage";
remote = "Media-Combine-Serve:";
type = "webdav";
extraArgs = [
"--addr=:${toString ports.rclone_serve_webdav_media}"
"--htpasswd=${secrets.webdav_media_htpasswd.path}"
"--baseurl=/media/"
"--cache-dir=/caches/media_webdav_serve"
"--vfs-cache-max-age=30m"
"--vfs-cache-max-size=5g"
"--vfs-cache-mode=full"
];
inherit serviceConfig;
}
{
user = "storage";
remote = "StorageBox:Music";
type = "webdav";
extraArgs = [
"--addr=:${toString ports.rclone_serve_webdav_music_ro}"
"--read-only"
"--baseurl=/music_ro/"
];
inherit serviceConfig;
}
{
user = "storage";
remote = "StorageBox:Music";
type = "http";
extraArgs = [
"--addr=:${toString ports.rclone_serve_http_music}"
"--baseurl=/Music/"
"--read-only"
];
inherit serviceConfig;
}
{
user = "storage";
remote = "StorageBox:Public";
type = "http";
extraArgs = [
"--addr=:${toString ports.rclone_serve_http_public}"
"--baseurl=/Public/"
"--read-only"
];
inherit serviceConfig;
}
{
user = "storage";
remote = "StorageBox:Backups/Restic/HetznerVM";
type = "restic";
extraArgs = [
"--addr=:${toString ports.rclone_serve_restic_hvm}"
"--htpasswd=${secrets.restic_hetznervm_htpasswd.path}"
"--baseurl=/HetznerVM/"
];
inherit serviceConfig;
}
{
user = "storage";
remote = "StorageBox:Backups/Restic/Music";
type = "restic";
extraArgs = [
"--addr=:${toString ports.rclone_serve_restic_music}"
"--htpasswd=${secrets.restic_music_htpasswd.path}"
"--baseurl=/Music/"
];
inherit serviceConfig;
}
{
user = "storage";
remote = "StorageBox:Backups/Restic/Vault";
type = "restic";
extraArgs = [
"--addr=:${toString ports.rclone_serve_restic_vault}"
"--htpasswd=${secrets.restic_vault_htpasswd.path}"
"--baseurl=/Vault/"
];
inherit serviceConfig;
}
];
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.nginx.clientMaxBodySize = "${toString (8192 * 4)}m";
services.nginx.virtualHosts."storage-webdav.owo.monster" = {
forceSSL = true;
enableACME = true;
locations = {
"/main/".proxyPass =
"http://localhost:${toString ports.rclone_serve_webdav_main}";
"/media/".proxyPass =
"http://localhost:${toString ports.rclone_serve_webdav_media}";
"/music_ro/".proxyPass =
"http://localhost:${toString ports.rclone_serve_webdav_music_ro}";
};
};
services.nginx.virtualHosts."storage-http.owo.monster" = {
forceSSL = true;
enableACME = true;
locations = {
"/Music/".proxyPass =
"http://localhost:${toString ports.rclone_serve_http_music}";
"/Public/".proxyPass =
"http://localhost:${toString ports.rclone_serve_http_public}";
};
};
services.nginx.virtualHosts."storage-restic.owo.monster" = {
forceSSL = true;
enableACME = true;
locations = {
"/HetznerVM/".proxyPass =
"http://localhost:${toString ports.rclone_serve_restic_hvm}";
"/Music/".proxyPass =
"http://localhost:${toString ports.rclone_serve_restic_music}";
"/Vault/".proxyPass =
"http://localhost:${toString ports.rclone_serve_restic_vault}";
};
};
}