{ inputs, pkgs, lib, config, hostName, ... }: let domain = "sourcephile.fr"; nginxRoot = "/var/lib/nginx/${domain}/sftp"; sftpRoot = "/var/lib/sftp"; in { fileSystems.${sftpRoot} = { device = "${hostName}/var/sftp"; fsType = "zfs"; }; services.sanoid.datasets."${hostName}/var/sftp" = { use_template = [ "snap" ]; daily = 31; }; services.nginx.virtualHosts = let virtualHost = { root = nginxRoot; locations."/".extraConfig = '' #autoindex on; return 444; ''; locations."/sevy".extraConfig = '' autoindex on; fancyindex on; fancyindex_exact_size off; fancyindex_name_length 255; open_file_cache off; #open_file_cache_valid 1s; ''; }; in { "sftp.${hostName}.wg" = lib.mkMerge [ virtualHost { listenAddresses = [ "${hostName}.wg" ]; extraConfig = '' access_log /var/log/nginx/wg-intra/${hostName}/sftp/access.json json buffer=32k; error_log /var/log/nginx/wg-intra/${hostName}/sftp/error.log warn; ''; } ]; "sftp.${domain}" = lib.mkMerge [ virtualHost { forceSSL = true; useACMEHost = domain; extraConfig = '' access_log /var/log/nginx/${domain}/${hostName}/sftp/access.json json buffer=32k; error_log /var/log/nginx/${domain}/${hostName}/sftp/error.log warn; ''; } ]; }; systemd.services.nginx = { serviceConfig = { LogsDirectory = lib.mkForce [ "nginx/wg-intra/${hostName}/sftp" "nginx/${domain}/${hostName}/sftp" ]; BindReadOnlyPaths = [ "${sftpRoot}/sevy/public:${nginxRoot}/sevy" ]; }; }; /* services.syncoid.commands = { "${hostName}/var/sftp" = { sendOptions = "raw"; target = "backup@mermet.${networking.domain}:rpool/backup/${hostName}/var/sftp"; }; }; */ fileSystems."${sftpRoot}/torrents" = { device = "/var/lib/transmission/downloaded"; options = [ "bind" "ro" ]; }; fileSystems."${sftpRoot}/podcasts" = { device = "/home/julm/dl"; options = [ "bind" "ro" ]; }; services.openssh.extraConfig = '' Match User sevy AllowAgentForwarding no AllowTcpForwarding no ChrootDirectory ${sftpRoot} ForceCommand internal-sftp X11Forwarding no ''; }