ftp: nginx

flake.nix

@@ -451,6 +451,13 @@
           ];
         };
 
+        ftp = nixosSystem' {
+          modules = [
+            self.nixosModules.microvm
+            ./hosts/containers/ftp
+          ];
+        };
+
         gitea = nixosSystem' {
           modules = [
             self.nixosModules.microvm

hosts/containers/ftp/default.nix

@@ -0,0 +1,61 @@
+{ config, pkgs, lib, zentralwerk, ... }:
+
+{
+  c3d2 = {
+    deployment = {
+      server = "server9";
+      mounts = [ "etc" "var"];
+    };
+  };
+
+  microvm.mem = 1024;
+  microvm.shares = [
+    {
+      tag = "ftp";
+      source = "/tank/storage/ftp";
+      mountPoint = "/var/www";
+      proto = "virtiofs";
+      socket = "ftp.socket";
+    }
+  ];
+
+  networking = {
+    hostName = "ftp";
+    firewall.allowedTCPPorts = [ 80 443 ];
+  };
+
+  services.nginx = {
+    enable = true;
+    recommendedOptimisation = true;
+    recommendedTlsSettings = true;
+    recommendedGzipSettings = true;
+    recommendedProxySettings = true;
+    sslDhparam = "${config.security.dhparams.params."nginx".path}";
+    defaultListenAddresses = [ "0.0.0.0" ];
+  };
+
+  services.nginx.virtualHosts."ftp.c3d2.de" = {
+    default = true;
+    enableACME = true;
+    forceSSL = true;
+    locations."/" = {
+      root = "/var/www/ftp.c3d2.de";
+      extraConfig = "autoindex on;";
+    };
+  };
+
+  security.dhparams = {
+    enable = true;
+    stateful = true;
+    params."nginx".bits = 4096;
+  };
+
+  services.openssh.enable = true;
+
+  sops = {
+    age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+    secrets = { };
+  };
+
+  system.stateVersion = "22.05";
+}

hosts/containers/public-access-proxy/default.nix

@@ -66,6 +66,9 @@
     } {
       hostNames = [ "codimd.c3d2.de" ];
       proxyTo.host = config.c3d2.hosts.hedgedoc.ip4;
+    } {
+      hostNames = [ "ftp.c3d2.de" ];
+      proxyTo.host = config.c3d2.hosts.ftp.ip4;
     } {
       hostNames = [ "gitea.c3d2.de" ];
       proxyTo.host = config.c3d2.hosts.gitea.ip4;