{ constants, config, ... }: # FIXME: floccus throws error: NetworkError when attempting to fetch resource. let cfg = config.services.webdav; inherit (constants.services.webdav) fqdn port; in { services.webdav = { enable = true; environmentFile = config.sops.templates."webdav/env-file".path; settings = { inherit port; address = "127.0.0.1"; prefix = "/"; directory = "/srv/webdav"; users = [ { username = "{env}WEBDAV_USER"; password = "{env}WEBDAV_PASS"; permissions = "CRUD"; } ]; }; }; systemd.tmpfiles.rules = [ "d ${cfg.settings.directory} 0750 ${cfg.user} ${cfg.group} -" ]; networking.firewall.allowedTCPPorts = [ port ]; services.nginx = { enable = true; virtualHosts."${fqdn}" = { listen = [ { addr = "0.0.0.0"; inherit port; } ]; locations."/" = { proxyPass = "http://127.0.0.1:${toString port}"; extraConfig = '' add_header 'Access-Control-Allow-Origin' '*' always; add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, PROPFIND, OPTIONS' always; add_header 'Access-Control-Allow-Headers' 'Authorization,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Depth' always; if ($request_method = 'OPTIONS') { add_header 'Access-Control-Allow-Origin' '*'; add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, PROPFIND, OPTIONS'; add_header 'Access-Control-Allow-Headers' 'Authorization,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Depth'; return 204; } ''; }; }; }; sops = let owner = cfg.user; group = cfg.group; mode = "0400"; in { secrets = { "webdav/user" = { inherit owner group mode; }; "webdav/pass" = { inherit owner group mode; }; }; templates."webdav/env-file" = { inherit owner group mode; content = '' WEBDAV_USER=${config.sops.placeholder."webdav/user"} WEBDAV_PASS=${config.sops.placeholder."webdav/pass"} ''; }; }; }