diff options
author | Gregor Kleen <gkleen@yggdrasil.li> | 2022-07-10 11:51:34 +0200 |
---|---|---|
committer | Gregor Kleen <gkleen@yggdrasil.li> | 2022-07-10 11:51:34 +0200 |
commit | ffac1727b92167ca6847b7ae3adc71f091d8048f (patch) | |
tree | 7ff9c375782d347d6ef3da3a3d02b7e39aad3c44 /hosts/surtr/http/webdav | |
parent | 20e7a2a2544afd682f487327aa42d1899784db98 (diff) | |
download | nixos-ffac1727b92167ca6847b7ae3adc71f091d8048f.tar nixos-ffac1727b92167ca6847b7ae3adc71f091d8048f.tar.gz nixos-ffac1727b92167ca6847b7ae3adc71f091d8048f.tar.bz2 nixos-ffac1727b92167ca6847b7ae3adc71f091d8048f.tar.xz nixos-ffac1727b92167ca6847b7ae3adc71f091d8048f.zip |
...
Diffstat (limited to 'hosts/surtr/http/webdav')
-rw-r--r-- | hosts/surtr/http/webdav/default.nix | 96 | ||||
-rw-r--r-- | hosts/surtr/http/webdav/py-webdav/.gitignore | 1 | ||||
-rw-r--r-- | hosts/surtr/http/webdav/py-webdav/VERSION | 1 | ||||
-rw-r--r-- | hosts/surtr/http/webdav/py-webdav/setup.py | 17 | ||||
-rw-r--r-- | hosts/surtr/http/webdav/py-webdav/webdav/__init__.py | 1 | ||||
-rw-r--r-- | hosts/surtr/http/webdav/py-webdav/webdav/webdav.py | 5 |
6 files changed, 121 insertions, 0 deletions
diff --git a/hosts/surtr/http/webdav/default.nix b/hosts/surtr/http/webdav/default.nix new file mode 100644 index 00000000..f0aec1e9 --- /dev/null +++ b/hosts/surtr/http/webdav/default.nix | |||
@@ -0,0 +1,96 @@ | |||
1 | { config, libs, pkgs, flakeInputs, ... }: | ||
2 | let | ||
3 | webdavSocket = config.services.uwsgi.runDir + "/webdav.sock"; | ||
4 | |||
5 | webdavApp = flakeInputs.mach-nix.lib.${config.nixpkgs.system}.buildPythonPackage { | ||
6 | ignoreDataOutdated = true; | ||
7 | pname = "py-webdav"; | ||
8 | version = builtins.readFile ./py-webdav/VERSION; | ||
9 | src = ./py-webdav; | ||
10 | python = "python3"; | ||
11 | requirements = '' | ||
12 | PyNaCl ==1.5.* | ||
13 | psycopg ==3.0.* | ||
14 | WsgiDAV ==4.0.* | ||
15 | ''; | ||
16 | }; | ||
17 | in { | ||
18 | config = { | ||
19 | security.pam.services."webdav".text = '' | ||
20 | auth requisite pam_succeed_if.so user ingroup webdav quiet_success | ||
21 | auth required pam_unix.so likeauth nullok nodelay quiet | ||
22 | account sufficient pam_unix.so quiet | ||
23 | ''; | ||
24 | users.groups."webdav" = {}; | ||
25 | |||
26 | services.nginx = { | ||
27 | upstreams."py-webdav" = { | ||
28 | servers = { | ||
29 | "unix://${webdavSocket}" = {}; | ||
30 | }; | ||
31 | }; | ||
32 | |||
33 | virtualHosts."webdav.141.li" = { | ||
34 | forceSSL = true; | ||
35 | sslCertificate = "/run/credentials/nginx.service/webdav.141.li.pem"; | ||
36 | sslCertificateKey = "/run/credentials/nginx.service/webdav.141.li.key.pem"; | ||
37 | sslTrustedCertificate = "/run/credentials/nginx.service/webdav.141.li.chain.pem"; | ||
38 | locations = { | ||
39 | "/".extraConfig = '' | ||
40 | root /srv/files/$remote_user; | ||
41 | |||
42 | auth_pam "WebDAV"; | ||
43 | auth_pam_service_name "webdav"; | ||
44 | ''; | ||
45 | |||
46 | "/py/".extraConfig = '' | ||
47 | rewrite ^/py(.*) $1 break; | ||
48 | |||
49 | include ${config.services.nginx.package}/conf/uwsgi_params; | ||
50 | uwsgi_param SCRIPT_NAME /py; | ||
51 | uwsgi_pass py-webdav; | ||
52 | ''; | ||
53 | }; | ||
54 | extraConfig = '' | ||
55 | dav_methods PUT DELETE MKCOL COPY MOVE; | ||
56 | dav_ext_methods PROPFIND OPTIONS; | ||
57 | dav_access user:rw; | ||
58 | autoindex on; | ||
59 | |||
60 | client_max_body_size 0; | ||
61 | create_full_put_path on; | ||
62 | |||
63 | add_header Strict-Transport-Security "max-age=63072000" always; | ||
64 | ''; | ||
65 | }; | ||
66 | }; | ||
67 | security.acme.domains."webdav.141.li" = { | ||
68 | certCfg = { | ||
69 | postRun = '' | ||
70 | ${pkgs.systemd}/bin/systemctl try-restart nginx.service | ||
71 | ''; | ||
72 | }; | ||
73 | }; | ||
74 | |||
75 | systemd.services.nginx.serviceConfig.LoadCredential = [ | ||
76 | "webdav.141.li.key.pem:${config.security.acme.certs."webdav.141.li".directory}/key.pem" | ||
77 | "webdav.141.li.pem:${config.security.acme.certs."webdav.141.li".directory}/fullchain.pem" | ||
78 | "webdav.141.li.chain.pem:${config.security.acme.certs."webdav.141.li".directory}/chain.pem" | ||
79 | ]; | ||
80 | |||
81 | |||
82 | services.uwsgi.instance.vassals.webdav = { | ||
83 | type = "normal"; | ||
84 | socket = webdavSocket; | ||
85 | listen = 1024; | ||
86 | master = true; | ||
87 | vacuum = true; | ||
88 | chown-socket = "${config.services.nginx.user}:${config.services.uwsgi.group}"; | ||
89 | |||
90 | plugins = ["python3"]; | ||
91 | pythonPackages = self: [webdavApp]; | ||
92 | module = "webdav"; | ||
93 | callable = "app"; | ||
94 | }; | ||
95 | }; | ||
96 | } | ||
diff --git a/hosts/surtr/http/webdav/py-webdav/.gitignore b/hosts/surtr/http/webdav/py-webdav/.gitignore new file mode 100644 index 00000000..ed8ebf58 --- /dev/null +++ b/hosts/surtr/http/webdav/py-webdav/.gitignore | |||
@@ -0,0 +1 @@ | |||
__pycache__ \ No newline at end of file | |||
diff --git a/hosts/surtr/http/webdav/py-webdav/VERSION b/hosts/surtr/http/webdav/py-webdav/VERSION new file mode 100644 index 00000000..6e8bf73a --- /dev/null +++ b/hosts/surtr/http/webdav/py-webdav/VERSION | |||
@@ -0,0 +1 @@ | |||
0.1.0 | |||
diff --git a/hosts/surtr/http/webdav/py-webdav/setup.py b/hosts/surtr/http/webdav/py-webdav/setup.py new file mode 100644 index 00000000..dbe345c1 --- /dev/null +++ b/hosts/surtr/http/webdav/py-webdav/setup.py | |||
@@ -0,0 +1,17 @@ | |||
1 | import setuptools | ||
2 | |||
3 | with open('VERSION', 'r', encoding='utf-8') as version_file: | ||
4 | version = version_file.read().strip() | ||
5 | |||
6 | setuptools.setup( | ||
7 | name="py-webdav", | ||
8 | version=version, | ||
9 | package_dir={"": "."}, | ||
10 | packages=setuptools.find_packages(), | ||
11 | python_requires=">=3.8", | ||
12 | install_requires=[ | ||
13 | "PyNaCl ==1.5.*", | ||
14 | "psycopg ==3.0.*", | ||
15 | "WsgiDAV ==4.0.*", | ||
16 | ], | ||
17 | ) | ||
diff --git a/hosts/surtr/http/webdav/py-webdav/webdav/__init__.py b/hosts/surtr/http/webdav/py-webdav/webdav/__init__.py new file mode 100644 index 00000000..398378e2 --- /dev/null +++ b/hosts/surtr/http/webdav/py-webdav/webdav/__init__.py | |||
@@ -0,0 +1 @@ | |||
from .webdav import app | |||
diff --git a/hosts/surtr/http/webdav/py-webdav/webdav/webdav.py b/hosts/surtr/http/webdav/py-webdav/webdav/webdav.py new file mode 100644 index 00000000..783f5d82 --- /dev/null +++ b/hosts/surtr/http/webdav/py-webdav/webdav/webdav.py | |||
@@ -0,0 +1,5 @@ | |||
1 | def app(env, start_response): | ||
2 | start_response('200 Success', [('Content-Type', 'text/plain; charset=utf-8')]) | ||
3 | return [ bytes(f'{key}: {value}\n', 'utf8') | ||
4 | for key, value in env.items() | ||
5 | ] | ||