domain = "sourcephile.fr";
nginxRoot = "/var/lib/nginx/${domain}/sftp";
sftpRoot = "/var/lib/sftp";
+ sftpUsers = [
+ "julm"
+ "sevy"
+ ];
in
{
fileSystems.${sftpRoot} = {
};
*/
services.nginx.virtualHosts = let
+ indexConfig = ''
+ autoindex on;
+ fancyindex on;
+ fancyindex_exact_size off;
+ fancyindex_name_length 255;
+ open_file_cache off;
+ #open_file_cache_valid 1s;
+ '';
virtualHost = {
root = nginxRoot;
- locations = lib.listToAttrs (lib.concatMap (user:
- [ (lib.nameValuePair "/${user}/public" {
+ locations = lib.listToAttrs (map (user:
+ lib.nameValuePair "/${user}/" {
extraConfig = ''
- autoindex on;
- fancyindex on;
- fancyindex_exact_size off;
- fancyindex_name_length 255;
- open_file_cache off;
- #open_file_cache_valid 1s;
+ location /${user}/public/ {
+ ${indexConfig}
+ }
+ location /${user}/perso/ {
+ ${indexConfig}
+ auth_basic secured;
+ auth_basic_user_file ${sftpRoot}/${user}/perso.htpasswd;
+ }
'';
- })
- (lib.nameValuePair "/${user}/perso" {
- basicAuthFile = "${sftpRoot}/${user}/perso.htpasswd";
- extraConfig = ''
- autoindex on;
- fancyindex on;
- fancyindex_exact_size off;
- fancyindex_name_length 255;
- open_file_cache off;
- #open_file_cache_valid 1s;
- '';
- })
- ]) [
- "julm"
- "sevy"
- ]) // {
+ }
+ ) sftpUsers) // {
"/".extraConfig = ''
return 403;
'';
"nginx/wg-intra/${hostName}/sftp"
"nginx/${domain}/${hostName}/sftp"
];
- BindReadOnlyPaths = [
- "${sftpRoot}/julm/public:${nginxRoot}/julm/public"
- "${sftpRoot}/sevy/public:${nginxRoot}/sevy/public"
- ];
+ BindReadOnlyPaths = lib.concatMap (user: [
+ "${sftpRoot}/${user}/public:${nginxRoot}/${user}/public"
+ "${sftpRoot}/${user}/perso:${nginxRoot}/${user}/perso"
+ ]) sftpUsers;
};
};
fileSystems."${sftpRoot}/torrents" = {
sourcephile / git / sourcephile-nix.git / blobdiff