summaryrefslogtreecommitdiff
path: root/hosts/surtr/http.nix
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2022-01-31 16:44:57 +0100
committerGregor Kleen <gkleen@yggdrasil.li>2022-01-31 16:44:57 +0100
commit0f4bd1da4ce2990e95ff77ff872c98b06b039323 (patch)
tree5dd546b88beee7b8f6444ffa897afb737578b70b /hosts/surtr/http.nix
parentedff17958565f4f1d9367a36ff3211787e91af42 (diff)
downloadnixos-0f4bd1da4ce2990e95ff77ff872c98b06b039323.tar
nixos-0f4bd1da4ce2990e95ff77ff872c98b06b039323.tar.gz
nixos-0f4bd1da4ce2990e95ff77ff872c98b06b039323.tar.bz2
nixos-0f4bd1da4ce2990e95ff77ff872c98b06b039323.tar.xz
nixos-0f4bd1da4ce2990e95ff77ff872c98b06b039323.zip
surtr: webdav
Diffstat (limited to 'hosts/surtr/http.nix')
-rw-r--r--hosts/surtr/http.nix64
1 files changed, 64 insertions, 0 deletions
diff --git a/hosts/surtr/http.nix b/hosts/surtr/http.nix
new file mode 100644
index 00000000..fae1e690
--- /dev/null
+++ b/hosts/surtr/http.nix
@@ -0,0 +1,64 @@
1{ config, ... }:
2{
3 config = {
4 services.webdav-server-rs = {
5 enable = true;
6 settings = {
7 server.listen = [ "/run/webdav-server-rs/webdav-server-rs.sock" ];
8 accounts = {
9 auth-type = "pam";
10 acct-type = "unix";
11 };
12 pam = {
13 service = "webdav-server-rs";
14 };
15 location = [
16 {
17 route = [ "/*path" ];
18 methods = [ "all" ];
19 auth = "true";
20 handler = "virtroot";
21 setuid = true;
22 directory = "/srv/files";
23 }
24 ];
25 };
26 };
27 systemd.services.webdav-server-rs = {
28 serviceConfig = {
29 RuntimeDirectory = "webdav-server-rs";
30 RuntimeDirectoryMode = "0755";
31 };
32 };
33 security.pam.services."webdav-server-rs".text = ''
34 auth requisite pam_succeed_if.so user ingroup webdav
35 auth required pam_unix.so audit likeauth nullok nodelay
36 account sufficient pam_unix.so
37 '';
38 users.groups."webdav" = {};
39
40 services.nginx = {
41 enable = true;
42 recommendedGzipSettings = true;
43 recommendedProxySettings = true;
44 recommendedTlsSettings = true;
45 commonHttpConfig = ''
46 ssl_ecdh_curve X25519:prime256v1:secp521r1:secp384r1;
47 '';
48 upstreams.webdav = {
49 servers = { "unix:/run/webdav-server-rs/webdav-server-rs.sock" = {}; };
50 };
51 virtualHosts = {
52 "webdav.141.li" = {
53 forceSSL = true;
54 sslCertificate = "${config.security.acme.certs."webdav.141.li".directory}/fullchain.pem";
55 sslCertificateKey = "${config.security.acme.certs."webdav.141.li".directory}/key.pem";
56 locations."/" = {
57 proxyPass = "http://webdav/";
58 };
59 };
60 };
61 };
62 security.acme.domains."webdav.141.li" = {};
63 };
64}