sid.ovh/hosts/rx4/services/webdav.nix

{ constants, config, ... }:

# FIXME: floccus throws error: NetworkError when attempting to fetch resource.

let
  cfg = config.services.webdav;

  inherit (constants.services.webdav) fqdn port;
in
{
  services.webdav = {
    enable = true;
    environmentFile = config.sops.templates."webdav/env-file".path;

    settings = {
      inherit port;
      address = "127.0.0.1";
      prefix = "/";
      directory = "/srv/webdav";
      users = [
        {
          username = "{env}WEBDAV_USER";
          password = "{env}WEBDAV_PASS";
          permissions = "CRUD";
        }
      ];
    };
  };

  systemd.tmpfiles.rules = [
    "d ${cfg.settings.directory} 0750 ${cfg.user} ${cfg.group} -"
  ];

  networking.firewall.allowedTCPPorts = [ port ];

  services.nginx = {
    enable = true;
    virtualHosts."${fqdn}" = {
      listen = [
        {
          addr = "0.0.0.0";
          inherit port;
        }
      ];
      locations."/" = {
        proxyPass = "http://127.0.0.1:${toString port}";
        extraConfig = ''
          add_header 'Access-Control-Allow-Origin' '*' always;
          add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, PROPFIND, OPTIONS' always;
          add_header 'Access-Control-Allow-Headers' 'Authorization,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Depth' always;

          if ($request_method = 'OPTIONS') {
              add_header 'Access-Control-Allow-Origin' '*';
              add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, DELETE, PROPFIND, OPTIONS';
              add_header 'Access-Control-Allow-Headers' 'Authorization,DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Depth';
              return 204;
          }
        '';
      };
    };
  };

  sops =
    let
      owner = cfg.user;
      group = cfg.group;
      mode = "0400";
    in
    {
      secrets = {
        "webdav/user" = {
          inherit owner group mode;
        };
        "webdav/pass" = {
          inherit owner group mode;
        };
      };
      templates."webdav/env-file" = {
        inherit owner group mode;
        content = ''
          WEBDAV_USER=${config.sops.placeholder."webdav/user"}
          WEBDAV_PASS=${config.sops.placeholder."webdav/pass"}
        '';
      };
    };
}