{config, ...}: let inherit (config.services.secrets) secrets; ports = { webdav = let base = 4200; in { public = base + 0; uploads = base + 1; }; http = let base = 4300; in { music = base + 0; public = base + 1; uploads_public = base + 2; }; }; clientMaxBodySize = "${toString (1024 * 128)}M"; in { services.rclone-serve = { enable = true; remotes = map (remote: { user = "storage"; } // remote) [ { id = "public"; remote = "Public:"; type = "webdav"; extraArgs = [ "--addr=0.0.0.0:${toString ports.webdav.public}" "--htpasswd=${secrets.webdav_public_htpasswd.path}" "--baseurl=/Public/" ]; } { id = "uploads"; remote = "Uploads:"; type = "webdav"; extraArgs = [ "--addr=0.0.0.0:${toString ports.webdav.uploads}" "--htpasswd=${secrets.webdav_uploads_htpasswd.path}" "--baseurl=/Uploads/" ]; } { id = "music"; remote = "Music:"; type = "http"; extraArgs = [ "--addr=0.0.0.0:${toString ports.http.music}" "--baseurl=/Music/" "--read-only" ]; } { id = "public"; remote = "Public:"; type = "http"; extraArgs = [ "--addr=0.0.0.0:${toString ports.http.public}" "--baseurl=/Public/" "--read-only" ]; } { id = "uploads_public"; remote = "Uploads:Public"; type = "http"; extraArgs = [ "--addr=0.0.0.0:${toString ports.http.uploads_public}" "--baseurl=/Uploads/" "--read-only" ]; } ]; }; services.nginx.virtualHosts."storage-webdav.owo.monster" = { forceSSL = true; enableACME = true; locations = { "/Public/".proxyPass = "http://127.0.0.1:${toString ports.webdav.public}"; "/Uploads/".proxyPass = "http://127.0.0.1:${toString ports.webdav.uploads}"; }; extraConfig = '' client_max_body_size ${clientMaxBodySize}; ''; }; services.nginx.virtualHosts."storage-http.owo.monster" = { forceSSL = true; enableACME = true; locations = { "/Music/".proxyPass = "http://127.0.0.1:${toString ports.http.music}"; "/Public/".proxyPass = "http://127.0.0.1:${toString ports.http.public}"; "/Uploads/".proxyPass = "http://127.0.0.1:${toString ports.http.uploads_public}"; }; extraConfig = '' client_max_body_size ${clientMaxBodySize}; ''; }; }