Simon Bruder
7a7c90f9f9
This also changes fuuko/media to no longer take the htpasswd file from a file locally stored on fuuko, but rather defines it in sops to be usable by all systems.
27 lines
656 B
Nix
27 lines
656 B
Nix
{ config, ... }:
|
|
|
|
{
|
|
sops.secrets.media-htpasswd.owner = "nginx";
|
|
|
|
services.nginx.virtualHosts."media.sbruder.de" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
|
|
basicAuthFile = config.sops.secrets.media-htpasswd.path;
|
|
|
|
root = "/data/media/";
|
|
};
|
|
|
|
services.nginx-interactive-index.virtualHosts."media.sbruder.de".locations."/".enable = true;
|
|
|
|
users.users.media = {
|
|
home = "/data/media";
|
|
isSystemUser = true;
|
|
group = "media";
|
|
openssh.authorizedKeys.keys = [
|
|
"restrict,command=\"internal-sftp\" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMt91kAEA7ezIdve/64sv1kV4sd50ayzM09f5s5uOD+V"
|
|
];
|
|
};
|
|
users.groups.media = { };
|
|
}
|