{ config, ... }: let secrets = config.services.secrets.secrets; ports = (import ../ports.nix { }); in { systemd.tmpfiles.rules = [ "d /caches - storage storage" "d /caches/main_webdav_serve - storage storage" "d /caches/media_webdav_serve - storage storage" ]; services.rclone-serve = let serviceConfig = { after = [ "secrets-init.service" ]; partOf = [ "secrets-init.service" ]; }; in { enable = true; remotes = [ { user = "storage"; remote = "StorageBox:"; type = "webdav"; extraArgs = [ "--addr=:${toString ports.rclone_serve_webdav_main}" "--htpasswd=${secrets.webdav_main_htpasswd.path}" "--baseurl=/main/" "--cache-dir=/caches/main_webdav_serve" "--vfs-cache-mode=full" ]; inherit serviceConfig; } { user = "storage"; remote = "Media-Combine-Serve:"; type = "webdav"; extraArgs = [ "--addr=:${toString ports.rclone_serve_webdav_media}" "--htpasswd=${secrets.webdav_media_htpasswd.path}" "--baseurl=/media/" "--cache-dir=/caches/media_webdav_serve" "--vfs-cache-max-age=30m" "--vfs-cache-max-size=5g" "--vfs-cache-mode=full" ]; inherit serviceConfig; } { user = "storage"; remote = "StorageBox:Music"; type = "webdav"; extraArgs = [ "--addr=:${toString ports.rclone_serve_webdav_music_ro}" "--read-only" "--baseurl=/music_ro/" ]; inherit serviceConfig; } { user = "storage"; remote = "StorageBox:Music"; type = "http"; extraArgs = [ "--addr=:${toString ports.rclone_serve_http_music}" "--baseurl=/Music/" "--read-only" ]; inherit serviceConfig; } { user = "storage"; remote = "StorageBox:Public"; type = "http"; extraArgs = [ "--addr=:${toString ports.rclone_serve_http_public}" "--baseurl=/Public/" "--read-only" ]; inherit serviceConfig; } { user = "storage"; remote = "StorageBox:Backups/Restic/HetznerVM"; type = "restic"; extraArgs = [ "--addr=:${toString ports.rclone_serve_restic_hvm}" "--htpasswd=${secrets.restic_hetznervm_htpasswd.path}" "--baseurl=/HetznerVM/" ]; inherit serviceConfig; } { user = "storage"; remote = "StorageBox:Backups/Restic/Music"; type = "restic"; extraArgs = [ "--addr=:${toString ports.rclone_serve_restic_music}" "--htpasswd=${secrets.restic_music_htpasswd.path}" "--baseurl=/Music/" ]; inherit serviceConfig; } { user = "storage"; remote = "StorageBox:Backups/Restic/Vault"; type = "restic"; extraArgs = [ "--addr=:${toString ports.rclone_serve_restic_vault}" "--htpasswd=${secrets.restic_vault_htpasswd.path}" "--baseurl=/Vault/" ]; inherit serviceConfig; } ]; }; networking.firewall.allowedTCPPorts = [ 80 443 ]; services.nginx.clientMaxBodySize = "${toString (8192 * 4)}m"; services.nginx.virtualHosts."storage-webdav.owo.monster" = { forceSSL = true; enableACME = true; locations = { "/main/".proxyPass = "http://localhost:${toString ports.rclone_serve_webdav_main}"; "/media/".proxyPass = "http://localhost:${toString ports.rclone_serve_webdav_media}"; "/music_ro/".proxyPass = "http://localhost:${toString ports.rclone_serve_webdav_music_ro}"; }; }; services.nginx.virtualHosts."storage-http.owo.monster" = { forceSSL = true; enableACME = true; locations = { "/Music/".proxyPass = "http://localhost:${toString ports.rclone_serve_http_music}"; "/Public/".proxyPass = "http://localhost:${toString ports.rclone_serve_http_public}"; }; }; services.nginx.virtualHosts."storage-restic.owo.monster" = { forceSSL = true; enableACME = true; locations = { "/HetznerVM/".proxyPass = "http://localhost:${toString ports.rclone_serve_restic_hvm}"; "/Music/".proxyPass = "http://localhost:${toString ports.rclone_serve_restic_music}"; "/Vault/".proxyPass = "http://localhost:${toString ports.rclone_serve_restic_vault}"; }; }; }