{ config, lib, pkgs, ... }: let mpd_loc = (import ../data/aliases.nix).services.mpd; mpdweb_loc = (import ../data/aliases.nix).services.mpdweb; pjournal_loc = (import ../data/aliases.nix).services.pjournal; in { security.acme.acceptTerms = true; security.acme.defaults.email = "kj@orbekk.com"; networking.firewall.allowedTCPPorts = [ 80 443 ]; systemd.services.nginx.serviceConfig = { # I used to store web files in /home. # ProtectHome = "read-only"; #ReadWritePaths = [ # "/storage/srv/kj.orbekk.com/tmp/hls/" # "/storage/srv/kj.orbekk.com/dav/" #]; UMask = lib.mkForce "0007"; }; services.nginx = { enable = true; package = pkgs.nginxStable.override { modules = with pkgs.nginxModules; [ dav rtmp ]; }; recommendedProxySettings = true; appendHttpConfig = '' # Extra mime types. types { text/plain org; } # This is a workaround to deal with closed connections on # large downloads. proxy_buffering off; charset utf-8; tcp_nopush on; aio on; directio 512; ''; virtualHosts = let template = { enableACME = true; forceSSL = true; }; in { "tommvo.com" = template // { root = "/storage/srv/tommvo.com"; }; "orbekk.no" = template // { root = "/storage/srv/orbekk.com"; }; "orbekk.com" = template // { root = "/storage/srv/orbekk.com"; }; "wifi.orbekk.com" = template // { root = "/storage/srv/wifi.orbekk.com"; }; "wifi.orbekk.no" = template // { root = "/storage/srv/wifi.orbekk.com"; }; "kj.orbekk.com" = template // { root = "/storage/srv/kj.orbekk.com"; extraConfig = '' autoindex on; ''; locations."/dav" = { root = "/storage/srv/kj.orbekk.com"; extraConfig = '' auth_basic webdav; dav_ext_methods PROPFIND OPTIONS; # htpasswd -c /opt/secret/nginx-webdav.htpasswd auth_basic_user_file "/opt/secret/nginx-webdav.htpasswd"; dav_methods put delete mkcol copy move; dav_access user:rw group:rw all:rw; create_full_put_path on; autoindex on; ''; }; }; "git.orbekk.com" = template // { locations."/".proxyPass = "http://localhost:11103"; }; "nextcloud.orbekk.com" = template; }; }; }