feat(koi): local access to webdav share

hosts/koi/configuration.nix

@@ -12,6 +12,7 @@
 
     ./partials/fde.nix
     ./partials/docker.nix
+    ./partials/avahi.nix
 
     ./services/coredns.nix
     ./services/sing-box.nix

hosts/koi/containers/sftpgo/default.nix

@@ -4,6 +4,7 @@ let
   secrets = import (abs "lib/secrets.nix");
 
   UID = 1112;
+  WEBDAV_PORT = 16821;
 in {
   imports = [
     (secrets.declare [{
@@ -45,6 +46,9 @@ in {
     environmentFiles = [
       (secrets.file config "sftpgo-env")
     ];
+    ports = [
+      "${builtins.toString WEBDAV_PORT}:80"
+    ];
   };
 
   systemd.tmpfiles.rules = [
@@ -52,7 +56,8 @@ in {
     "d /srv/sftpgo/config 0700 ${builtins.toString UID} ${builtins.toString UID} -"
   ];
 
-  services.nginx.virtualHosts."puffer.stupid.fish" = {
+  services.nginx.virtualHosts = {
+    "puffer.stupid.fish" = {
       forceSSL = true;
       useACMEHost = "stupid.fish";
 
@@ -65,4 +70,20 @@ in {
         proxyPass = "http://sftpgo.docker:80$request_uri";
       };
     };
+  };
+
+  networking.firewall.allowedTCPPorts = [ WEBDAV_PORT ];
+
+  services.avahi.extraServiceFiles.puffer-lan = ''
+    <?xml version="1.0" standalone='no'?>
+    <!DOCTYPE service-group SYSTEM "avahi-service.dtd">
+    <service-group>
+      <name>puffer-lan</name>
+      <service>
+        <port>${builtins.toString WEBDAV_PORT}</port>
+        <type>_webdav._tcp</type>
+        <txt-record>path=/dav/</txt-record>
+      </service>
+    </service-group>
+  '';
 }

hosts/koi/partials/avahi.nix

@@ -0,0 +1,13 @@
+{
+  services.avahi = {
+    enable = true;
+    nssmdns4 = true;
+    openFirewall = true;
+    publish = {
+      enable = true;
+      userServices = true;
+    };
+
+    allowInterfaces = [ "br0" ];
+  };
+}