chaos/nixfiles
1
0
Fork 0
Code Issues 2 Releases Activity
nixfiles/hosts/storage/profiles/rclone-serve.nix
Chaos 5a3628dac0
move storage to using secrets module
2022-11-15 14:52:49 +00:00

133 lines
3.7 KiB
Nix
Raw Blame History

{ config, ... }:
let
secrets = config.services.secrets.secrets;
ports = (import ../ports.nix { });
in {
services.rclone-serve = let
serviceConfig = {
after = [ "secrets-init.service" ];
partOf = [ "secrets-init.service" ];
};
in {
enable = true;
remotes = [
{
user = "storage";
remote = "StorageBox:";
type = "webdav";
extraArgs = [
"--addr=:${toString ports.rclone_serve_webdav_main}"
"--htpasswd=${secrets.webdav_main_htpasswd.path}"
"--baseurl=/main/"
"--cache-dir=/caches/main_webdav_serve"
"--vfs-cache-mode=full"
];
inherit serviceConfig;
}
{
user = "storage";
remote = "StorageBox:Music";
type = "webdav";
extraArgs = [
"--addr=:${toString ports.rclone_serve_webdav_music_ro}"
"--read-only"
"--baseurl=/music_ro/"
];
inherit serviceConfig;
}
{
user = "storage";
remote = "StorageBox:Music";
type = "http";
extraArgs = [
"--addr=:${toString ports.rclone_serve_http_music}"
"--baseurl=/Music/"
"--read-only"
];
inherit serviceConfig;
}
{
user = "storage";
remote = "StorageBox:Public";
type = "http";
extraArgs = [
"--addr=:${toString ports.rclone_serve_http_public}"
"--baseurl=/Public/"
"--read-only"
];
inherit serviceConfig;
}
{
user = "storage";
remote = "StorageBox:Backups/Restic/HetznerVM";
type = "restic";
extraArgs = [
"--addr=:${toString ports.rclone_serve_restic_hvm}"
"--htpasswd=${secrets.restic_hetznervm_htpasswd.path}"
"--baseurl=/HetznerVM/"
];
inherit serviceConfig;
}
{
user = "storage";
remote = "StorageBox:Backups/Restic/Music";
type = "restic";
extraArgs = [
"--addr=:${toString ports.rclone_serve_restic_music}"
"--htpasswd=${secrets.restic_music_htpasswd.path}"
"--baseurl=/Music/"
];
inherit serviceConfig;
}
{
user = "storage";
remote = "StorageBox:Backups/Restic/Vault";
type = "restic";
extraArgs = [
"--addr=:${toString ports.rclone_serve_restic_vault}"
"--htpasswd=${secrets.restic_vault_htpasswd.path}"
"--baseurl=/Vault/"
];
inherit serviceConfig;
}
];
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.nginx.virtualHosts."storage-webdav.owo.monster" = {
forceSSL = true;
enableACME = true;
locations = {
"/main/".proxyPass =
"http://localhost:${toString ports.rclone_serve_webdav_main}";
"/music_ro/".proxyPass =
"http://localhost:${toString ports.rclone_serve_webdav_music_ro}";
};
};
services.nginx.virtualHosts."storage-http.owo.monster" = {
forceSSL = true;
enableACME = true;
locations = {
"/Music/".proxyPass =
"http://localhost:${toString ports.rclone_serve_http_music}";
"/Public/".proxyPass =
"http://localhost:${toString ports.rclone_serve_http_public}";
};
};
services.nginx.virtualHosts."storage-restic.owo.monster" = {
forceSSL = true;
enableACME = true;
locations = {
"/HetznerVM/".proxyPass =
"http://localhost:${toString ports.rclone_serve_restic_hvm}";
"/Music/".proxyPass =
"http://localhost:${toString ports.rclone_serve_restic_music}";
"/Vault/".proxyPass =
"http://localhost:${toString ports.rclone_serve_restic_vault}";
};
};
}
Reference in a new issue View git blame Copy permalink