1 { inputs, pkgs, lib, config, hostName, ... }:
3 domain = "sourcephile.fr";
4 nginxRoot = "/var/lib/nginx/${domain}/sftp";
5 sftpRoot = "/var/lib/sftp";
8 fileSystems.${sftpRoot} = {
9 device = "${hostName}/var/sftp";
12 services.sanoid.datasets."${hostName}/var/sftp" = {
13 use_template = [ "snap" ];
16 services.nginx.virtualHosts = let
19 locations."/".extraConfig = ''
23 locations."/sevy".extraConfig = ''
26 fancyindex_exact_size off;
27 fancyindex_name_length 255;
29 #open_file_cache_valid 1s;
33 "sftp.${hostName}.wg" = lib.mkMerge [ virtualHost {
34 listenAddresses = [ "${hostName}.wg" ];
36 access_log /var/log/nginx/wg-intra/${hostName}/sftp/access.json json buffer=32k;
37 error_log /var/log/nginx/wg-intra/${hostName}/sftp/error.log warn;
40 "sftp.${domain}" = lib.mkMerge [ virtualHost {
44 access_log /var/log/nginx/${domain}/${hostName}/sftp/access.json json buffer=32k;
45 error_log /var/log/nginx/${domain}/${hostName}/sftp/error.log warn;
49 systemd.services.nginx = {
51 LogsDirectory = lib.mkForce [
52 "nginx/wg-intra/${hostName}/sftp"
53 "nginx/${domain}/${hostName}/sftp"
56 "${sftpRoot}/sevy/public:${nginxRoot}/sevy"
61 services.syncoid.commands = {
62 "${hostName}/var/sftp" = {
64 target = "backup@mermet.${networking.domain}:rpool/backup/${hostName}/var/sftp";
68 fileSystems."${sftpRoot}/torrents" = {
69 device = "/var/lib/transmission/downloaded";
70 options = [ "bind" "ro" ];
72 fileSystems."${sftpRoot}/podcasts" = {
73 device = "/home/julm/dl";
74 options = [ "bind" "ro" ];
76 services.openssh.extraConfig = ''
78 AllowAgentForwarding no
80 ChrootDirectory ${sftpRoot}
81 ForceCommand internal-sftp
sourcephile / git / sourcephile-nix.git / blob