teidesu/nixfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
nixfiles/hosts/koi/containers/sftpgo/default.nix

93 lines
No EOL
2.7 KiB
Nix
Raw Blame History

{ pkgs, abs, config, ... }@inputs:
let
secrets = import (abs "lib/secrets.nix");
UID = 1112;
WEBDAV_PORT = 16821;
in {
imports = [
(secrets.declare [{
name = "sftpgo-env";
owner = "sftpgo";
}])
./samba.nix
];
users.users.sftpgo = {
isNormalUser = true;
uid = UID;
};
virtualisation.oci-containers.containers.sftpgo = {
image = "drakkan/sftpgo:v2.6.2";
volumes = [
"/srv/sftpgo/data:/srv/sftpgo"
"/srv/sftpgo/config:/var/lib/sftpgo"
"/mnt/puffer:/mnt/puffer"
];
user = builtins.toString UID;
environment = {
SFTPGO_SFTPD__BINDINGS__0__PORT = "22";
SFTPGO_WEBDAVD__BINDINGS__0__PORT = "80";
SFTPGO_WEBDAVD__BINDINGS__0__PROXY_ALLOWED = "172.17.0.1";
SFTPGO_WEBDAVD__BINDINGS__0__CLIENT_IP_PROXY_HEADER = "X-Forwarded-For";
SFTPGO_WEBDAVD__BINDINGS__0__PREFIX = "/dav/";
SFTPGO_HTTPD__BINDINGS__0__PORT = "8080";
SFTPGO_HTTPD__BINDINGS__0__ENABLED_LOGIN_METHODS = "3";
SFTPGO_HTTPD__BINDINGS__0__SECURITY__ENABLED = "true";
SFTPGO_HTTPD__BINDINGS__0__SECURITY__ALLOWED_HOSTS = "puffer.stupid.fish";
SFTPGO_HTTPD__BINDINGS__0__BRANDING__NAME = "puffer";
SFTPGO_HTTPD__BINDINGS__0__BRANDING__SHORT_NAME = "puffer";
SFTPGO_HTTPD__BINDINGS__0__OIDC__REDIRECT_BASE_URL = "https://puffer.stupid.fish/";
SFTPGO_HTTPD__BINDINGS__0__OIDC__USERNAME_FIELD = "preferred_username";
SFTPGO_HTTPD__BINDINGS__0__OIDC__IMPLICIT_ROLES = "true";
};
environmentFiles = [
(secrets.file config "sftpgo-env")
];
ports = [
"${builtins.toString WEBDAV_PORT}:80"
];
};
systemd.tmpfiles.rules = [
"d /srv/sftpgo/data 0700 ${builtins.toString UID} ${builtins.toString UID} -"
"d /srv/sftpgo/config 0700 ${builtins.toString UID} ${builtins.toString UID} -"
];
services.nginx.virtualHosts = {
"puffer.stupid.fish" = {
forceSSL = true;
useACMEHost = "stupid.fish";
extraConfig = ''
client_max_body_size 25G;
'';
locations."/" = {
proxyPass = "http://sftpgo.docker:8080$request_uri";
proxyWebsockets = true;
};
locations."/dav/" = {
proxyPass = "http://sftpgo.docker:80$request_uri";
};
};
};
networking.firewall.allowedTCPPorts = [ WEBDAV_PORT ];
services.avahi.extraServiceFiles.puffer-lan = ''
<?xml version="1.0" standalone='no'?>
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
<service-group>
<name>puffer-lan</name>
<service>
<port>${builtins.toString WEBDAV_PORT}</port>
<type>_webdav._tcp</type>
<txt-record>path=/dav/</txt-record>
</service>
</service-group>
'';
}
Reference in a new issue View git blame Copy permalink