nixos-config/machines/fuuko/services/media.nix
Simon Bruder 7a7c90f9f9
vueko/media: Init
This also changes fuuko/media to no longer take the htpasswd file from a
file locally stored on fuuko, but rather defines it in sops to be usable
by all systems.
2022-08-22 16:32:26 +02:00

27 lines
656 B
Nix

{ config, ... }:
{
sops.secrets.media-htpasswd.owner = "nginx";
services.nginx.virtualHosts."media.sbruder.de" = {
enableACME = true;
forceSSL = true;
basicAuthFile = config.sops.secrets.media-htpasswd.path;
root = "/data/media/";
};
services.nginx-interactive-index.virtualHosts."media.sbruder.de".locations."/".enable = true;
users.users.media = {
home = "/data/media";
isSystemUser = true;
group = "media";
openssh.authorizedKeys.keys = [
"restrict,command=\"internal-sftp\" ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMt91kAEA7ezIdve/64sv1kV4sd50ayzM09f5s5uOD+V"
];
};
users.groups.media = { };
}