nixos-config/machines/fuuko/services/media.nix

{ config, ... }:

{
  sops.secrets.media-htpasswd.owner = "nginx";

  services.nginx.virtualHosts."media.sbruder.de" = {
    basicAuthFile = config.sops.secrets.media-htpasswd.path;

    root = "/data/media/";
  };

  services.nginx-interactive-index.virtualHosts."media.sbruder.de".locations."/".enable = true;

  users.users.media = {
    home = "/data/media";
    isSystemUser = true;
    group = "media";
    openssh.authorizedKeys.keys = [
      "restrict,command=\"internal-sftp\" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMt91kAEA7ezIdve/64sv1kV4sd50ayzM09f5s5uOD+V"
    ];
  };
  users.groups.media = { };
}