54 lines
1.4 KiB
Nix
54 lines
1.4 KiB
Nix
{ config, lib, ... }:
|
|
|
|
let
|
|
cfg = config.services.ftp-webserver;
|
|
inherit (config.networking) domain;
|
|
fqdn = if (cfg.subdomain != "") then "${cfg.subdomain}.${domain}" else domain;
|
|
inherit (config.services) nginx;
|
|
|
|
inherit (lib)
|
|
mkEnableOption
|
|
mkIf
|
|
mkOption
|
|
types
|
|
;
|
|
in
|
|
{
|
|
options.services.ftp-webserver = {
|
|
enable = mkEnableOption "FTP webserver.";
|
|
subdomain = mkOption {
|
|
type = types.str;
|
|
default = "ftp";
|
|
description = "Subdomain for Nginx virtual host. Leave empty for root domain.";
|
|
};
|
|
forceSSL = mkOption {
|
|
type = types.bool;
|
|
default = true;
|
|
description = "Force SSL for Nginx virtual host.";
|
|
};
|
|
root = mkOption {
|
|
type = types.str;
|
|
default = "/srv/www";
|
|
description = "Root directory for the FTP webserver.";
|
|
};
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
services.nginx.virtualHosts."${fqdn}" = {
|
|
inherit (cfg) root;
|
|
locations."/" = {
|
|
extraConfig = ''
|
|
autoindex on;
|
|
autoindex_exact_size off;
|
|
autoindex_localtime on;
|
|
'';
|
|
};
|
|
inherit (cfg) forceSSL;
|
|
enableACME = cfg.forceSSL;
|
|
sslCertificate = mkIf cfg.forceSSL "${config.security.acme.certs."${fqdn}".directory}/cert.pem";
|
|
sslCertificateKey = mkIf cfg.forceSSL "${config.security.acme.certs."${fqdn}".directory}/key.pem";
|
|
};
|
|
|
|
systemd.tmpfiles.rules = [ "d ${cfg.root} 0755 ${nginx.user} ${nginx.group}" ];
|
|
};
|
|
}
|