{ domain, ... }: { lib, config, inputs, hostName, ... }: let inherit (config.services) nginx; srv = "www"; root = "/var/lib/nginx/${domain}"; in { systemd.services.nginx.serviceConfig = { LogsDirectory = lib.mkForce [ "nginx/${domain}/${srv}" ]; LoadCredentialEncrypted = [ "${domain}.${srv}.julm.PC.htpasswd:${./. + "/${srv}/julm/PC/htpasswd.cred"}" "${domain}.${srv}.julm.perso.camera.htpasswd:${./. + "/${srv}/julm/perso/camera.htpasswd.cred"}" ]; }; services.nginx = { virtualHosts.${domain} = { serverAliases = [ "${srv}.${domain}" ]; forceSSL = true; useACMEHost = domain; root = "${root}/${srv}"; extraConfig = '' access_log /var/log/nginx/${domain}/${srv}/access.log json buffer=32k; error_log /var/log/nginx/${domain}/${srv}/error.log warn; ''; locations."/".extraConfig = '' #autoindex on; fancyindex on; fancyindex_name_length 255; fancyindex_exact_size off; ''; locations."/julm/" = { alias = "${root}/julm/"; extraConfig = '' autoindex off; ''; }; locations."/julm/PC/" = { alias = "${root}/julm/PC/"; basicAuthFile = "/run/credentials/nginx.service/${domain}.${srv}.julm.PC.htpasswd"; extraConfig = '' fancyindex on; fancyindex_name_length 255; fancyindex_exact_size off; ''; }; locations."/julm/perso/camera/" = { alias = "${root}/julm/perso/camera/"; basicAuthFile = "/run/credentials/nginx.service/${domain}.${srv}.julm.perso.camera.htpasswd"; extraConfig = '' fancyindex on; fancyindex_name_length 255; fancyindex_exact_size off; ''; }; # Disable basicAuthFile for by-uuid locations."~ ^/julm/perso/camera/([0-9]+/[0-9][0-9]/by-uuid/[0-9a-f-]+/.+)$" = { alias = "${root}/julm/perso/camera/$1"; extraConfig = '' autoindex off; ''; }; }; }; }