nix-config/hosts/server7/containers/storage/default.nix

name:

(import ../outer-defaults.nix name) // {

  bindMounts."/srv/c3d2" = {
    hostPath = "/srv/ceph/c3d2";
    isReadOnly = false;
  };

  config = { config, pkgs, lib, ... }: {
    imports = [ ../inner-defaults.nix ];

    c3d2 = {
      users.k-ot = true;
      hq.statistics.enable = true;
    };

    services.openssh = {
      enable = true;
      allowSFTP = true;
    };

    services.nginx = {
      enable = true;
      package = pkgs.nginx.override {
        modules = with pkgs.nginxModules; [ fancyindex ];
      };
      virtualHosts = {
        "storage-ng.hq.c3d2.de".extraConfig = ''
          server_name storage-ng.hq.c3d2.de;
          return 301 $scheme://storage.hq.c3d2.de$request_uri;
        '';

        "storage.hq.c3d2.de" = {
          default = true;
          http2 = true;
          # addSSL = true;
          locations = {
            "/" = let authFile = pkgs.writeText "htpasswd" "k-ot:sawCOTsl/fIUY";
            in {
              alias = "/srv/c3d2/files/";
              extraConfig = ''
                		auth_basic "Chaos";
                		auth_basic_user_file ${authFile};
                    fancyindex on;
                    # autoindex on;
                    dav_access all:r;
                '';
            };
          };
        };
      };
    };

    services.samba = {
      enable = true;
      securityType = "user";
      extraConfig = ''
        workgroup = HQ
        server string = storage
        netbios name = storage
        security = share
        hosts allow = 0.0.0.0/0
        guest account = k-ot
        map to guest = bad user
      '';
      shares = {
        files = {
          path = "/srv/c3d2/files";
          browseable = "yes";
          "read only" = "yes";
          "guest ok" = "yes";
          "force user" = "k-ot";
          "force group" = "users";
        };
      };
    };

    networking.firewall.enable = false;
  };

}