nixfiles/hosts/hetzner-arm/containers/storage/profiles/rcloneServe.nix

249 lines
7.2 KiB
Nix

{config, ...}: let
inherit (config.services.secrets) secrets;
ports = import ../data/ports.nix;
in {
systemd.tmpfiles.rules = [
"d /caches - storage storage"
"d /caches/main_webdav_serve - storage storage"
"d /caches/media_webdav_serve - storage storage"
"d /caches/gaming_webdav_serve - storage storage"
];
services.rclone-serve = {
enable = true;
remotes = map (remote:
{
user = "storage";
serviceConfig = {
after = ["auto-secrets.service"];
wants = ["auto-secrets.service"];
partOf = ["auto-secrets.service"];
};
}
// remote) [
{
id = "main";
remote = "StorageBox:";
type = "webdav";
extraArgs = [
"--addr=0.0.0.0:${toString ports.webdav_main}"
"--htpasswd=${secrets.webdav_main_htpasswd.path}"
"--baseurl=/Main/"
"--cache-dir=/caches/main_webdav_serve"
"--vfs-cache-mode=full"
];
}
{
# This isn't really being directly used anymore but its nice as a backup
# Jellyfin directly mounts from StorageBox instead
id = "media-combine";
remote = "Media-Combine:";
type = "webdav";
extraArgs = [
"--addr=0.0.0.0:${toString ports.webdav_media}"
"--htpasswd=${secrets.webdav_media_htpasswd.path}"
"--baseurl=/Media/"
"--cache-dir=/caches/media_webdav_serve"
"--vfs-cache-max-age=120m"
"--vfs-cache-max-size=5g"
"--vfs-cache-mode=full"
];
}
{
id = "music-ro";
remote = "StorageBox:Music";
type = "webdav";
extraArgs = [
"--addr=0.0.0.0:${toString ports.webdav_music_ro}"
"--read-only"
"--baseurl=/MusicRO/"
];
}
{
id = "public";
remote = "StorageBox:Public";
type = "webdav";
extraArgs = [
"--addr=0.0.0.0:${toString ports.webdav_public}"
"--htpasswd=${secrets.webdav_media_htpasswd.path}"
"--baseurl=/Public/"
];
}
{
id = "uploads";
remote = "StorageBox:Uploads";
type = "webdav";
extraArgs = [
"--addr=0.0.0.0:${toString ports.webdav_uploads}"
"--htpasswd=${secrets.webdav_uploads_htpasswd.path}"
"--baseurl=/Uploads/"
];
}
{
id = "gaming";
remote = "Gaming:";
type = "webdav";
extraArgs = [
"--addr=0.0.0.0:${toString ports.webdav_gaming}"
"--htpasswd=${secrets.webdav_gaming_htpasswd.path}"
"--baseurl=/Gaming/"
"--cache-dir=/caches/gaming_webdav_serve"
"--vfs-cache-max-age=5m"
"--vfs-cache-max-size=1g"
"--vfs-cache-mode=full"
];
}
{
id = "music-ro";
remote = "StorageBox:Music";
type = "http";
extraArgs = [
"--addr=0.0.0.0:${toString ports.http_music}"
"--baseurl=/Music/"
"--read-only"
];
}
{
id = "public";
remote = "StorageBox:Public";
type = "http";
extraArgs = [
"--addr=0.0.0.0:${toString ports.http_public}"
"--baseurl=/Public/"
"--read-only"
];
}
{
id = "uploads-public";
remote = "StorageBox:Uploads/Public";
type = "http";
extraArgs = [
"--addr=0.0.0.0:${toString ports.http_uploads_public}"
"--baseurl=/Uploads/"
"--read-only"
];
}
{
id = "restic-music";
remote = "StorageBox:Backups/Restic/Music";
type = "restic";
extraArgs = [
"--addr=0.0.0.0:${toString ports.restic_music}"
"--htpasswd=${secrets.restic_music_htpasswd.path}"
"--baseurl=/Music/"
];
}
{
id = "restic-vault";
remote = "StorageBox:Backups/Restic/Vault";
type = "restic";
extraArgs = [
"--addr=0.0.0.0:${toString ports.restic_vault}"
"--htpasswd=${secrets.restic_vault_htpasswd.path}"
"--baseurl=/Vault/"
];
}
{
id = "restic-social";
remote = "StorageBox:Backups/Restic/Social";
type = "restic";
extraArgs = [
"--addr=0.0.0.0:${toString ports.restic_social}"
"--htpasswd=${secrets.restic_social_htpasswd.path}"
"--baseurl=/Social/"
];
}
{
id = "restic-quassel";
remote = "StorageBox:Backups/Restic/Quassel";
type = "restic";
extraArgs = [
"--addr=0.0.0.0:${toString ports.restic_quassel}"
"--htpasswd=${secrets.restic_quassel_htpasswd.path}"
"--baseurl=/Quassel/"
];
}
{
id = "restic-postgresql";
remote = "StorageBox:Backups/Restic/PostgreSQL";
type = "restic";
extraArgs = [
"--addr=0.0.0.0:${toString ports.restic_postgresql}"
"--htpasswd=${secrets.restic_postgresql_htpasswd.path}"
"--baseurl=/PostgreSQL/"
];
}
{
id = "restic-caldav";
remote = "StorageBox:Backups/Restic/CalDAV";
type = "restic";
extraArgs = [
"--addr=0.0.0.0:${toString ports.restic_caldav}"
"--htpasswd=${secrets.restic_caldav_htpasswd.path}"
"--baseurl=/CalDAV/"
];
}
{
id = "restic-mail";
remote = "StorageBox:Backups/Restic/Mail";
type = "restic";
extraArgs = [
"--addr=0.0.0.0:${toString ports.restic_mail}"
"--htpasswd=${secrets.restic_mail_htpasswd.path}"
"--baseurl=/Mail/"
];
}
{
id = "restic-forgejo";
remote = "StorageBox:Backups/Restic/Forgejo";
type = "restic";
extraArgs = [
"--addr=0.0.0.0:${toString ports.restic_forgejo}"
"--htpasswd=${secrets.restic_forgejo_htpasswd.path}"
"--baseurl=/Forgejo/"
];
}
{
id = "restic-owncast";
remote = "StorageBox:Backups/Restic/Owncast";
type = "restic";
extraArgs = [
"--addr=0.0.0.0:${toString ports.restic_owncast}"
"--htpasswd=${secrets.restic_owncast_htpasswd.path}"
"--baseurl=/Owncast/"
];
}
{
id = "restic-jellyfin";
remote = "StorageBox:Backups/Restic/Jellyfin";
type = "restic";
extraArgs = [
"--addr=0.0.0.0:${toString ports.restic_jellyfin}"
"--htpasswd=${secrets.restic_jellyfin_htpasswd.path}"
"--baseurl=/Jellyfin/"
];
}
{
id = "restic-grocy";
remote = "StorageBox:Backups/Restic/Grocy";
type = "restic";
extraArgs = [
"--addr=0.0.0.0:${toString ports.restic_grocy}"
"--htpasswd=${secrets.restic_grocy_htpasswd.path}"
"--baseurl=/Grocy/"
];
}
{
id = "restic-lappy-t495";
remote = "StorageBox:Backups/Restic/Lappy-T495";
type = "restic";
extraArgs = [
"--addr=0.0.0.0:${toString ports.restic_lappy_t495}"
"--htpasswd=${secrets.restic_lappy_t495_htpasswd.path}"
"--baseurl=/Lappy-T495/"
];
}
];
};
}