diff --git a/secrets/OVHCloud.yaml b/secrets/OVHCloud.yaml index 4972697..2694e1d 100644 --- a/secrets/OVHCloud.yaml +++ b/secrets/OVHCloud.yaml @@ -47,6 +47,8 @@ penpot: STORAGE_ASSETS_S3_BUCKET: ENC[AES256_GCM,data:nfcjtCQVWhdT1UUYPw==,iv:mF2Esw1GvWAjkabvDde63bAq4V5pXNhbhqsK1dkg5sg=,tag:uE6qKxKSJzYtHWxPMiK3Lw==,type:str] shadowsocks: password: ENC[AES256_GCM,data:IdAvKXKckwvZUetkYSFTIPxd8nrwm13Ngc3KVDSmiW3AE4Rhmjk2VHjdUyQ=,iv:LVeQcL7XIEQyMTsXpXIROGte2+Z9+7FpemfiwhA0Pw0=,tag:qt+8jgN5UqwMeCV+D3stEQ==,type:str] +webdav: + USER_PASSWORD: ENC[AES256_GCM,data:aULehVsCkGpsryQ=,iv:OD6ADWh62tvykGXP9Lmy4f9Iz9QuzyKMnGXGAvOv55s=,tag:ff47alP5Og7XaADzvZEMGA==,type:str] wireguard: private_key: ENC[AES256_GCM,data:fjaBcBplx4IOrbnT8PZwUl6m4j4sdiObJYJXSrzCOqXcL3Qyymj4HUPSBuM=,iv:4XVH1d0/PTfVHKtDoziOD3b+TGXafNEGNgqAUtQsoD8=,tag:c/9AQO5TmLPGvIRN59KMZg==,type:str] public_key: ENC[AES256_GCM,data:zHQkA3wu7Kn9wnODn65zHKGX3qBvhRa0H/cSlg/8TjyTNtaMgY3Y0RiQEr4=,iv:kaWxt11DR4jZzgfoA7PDg/wPc6VqSoyuFU4KllOzZjY=,tag:acA0M4Eq0AR4FjFJZ4l13w==,type:str] @@ -74,8 +76,8 @@ sops: MFpMemF4MGg1bmVUeWV5N25LTUtyczQKss0x4zT1kyeRu+qenhrdbcPlU/p+yjVN y3j4eGpnwgc2rxSL9vkrrkzx/atUqUkgGU/YstszUrP6XKbJ+9ydpQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-11-03T19:39:34Z" - mac: ENC[AES256_GCM,data:/LhtjIGX+a2q4gOZ8KpcNX1UFaLCUG1xAM4pGVx5c4YwdbC4UUuKSaeu0WWzaHaVw/1GNgODhXTC7HOcIr7Y4WgbDV79dF7kdotn1dRlIV0LwLJ22MrmUeQpxOR25zvAEshP0ekqNAV1gf8/TqNvHy8jGwThq4F/8J0hKbov3VQ=,iv:c5Vagv78n+T3Kym/h6EJnGbtWhDrFKg8GKhpu7FQYZ4=,tag:LGtkD/4SfCaMo/LfZwvlhQ==,type:str] + lastmodified: "2024-11-04T20:13:03Z" + mac: ENC[AES256_GCM,data:5vNhuKUNMXjBPdGU/ptNE68JqNpFdPxTMbAFZ7OW/tr4WPxSBNnOTuo5qXm36h0sMDbXOJCKe7ofdvbjECtTtcPbP4zRE7Sw+B0vwQ75ruLTD3fG01ONZ08GclomfSe5i2Uv1QEhrKfs3IWf657yRRE3mvIw+rhcpFEwFC+qOyE=,iv:SkwLNKK6K0F55eahv5U4IRjl1zCNRgMvbQWd1EIyeeI=,tag:6aU2GRc0T1YarztNQPoLtQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.1 diff --git a/services/default.nix b/services/default.nix index d4c2b74..a30d68d 100644 --- a/services/default.nix +++ b/services/default.nix @@ -6,6 +6,7 @@ ./penpot ./shadowsocks ./uptime-kuma + ./webdav ./wireguard ]; } diff --git a/services/webdav/default.nix b/services/webdav/default.nix new file mode 100644 index 0000000..9e2d416 --- /dev/null +++ b/services/webdav/default.nix @@ -0,0 +1,35 @@ +{config, ...}: { + sops.secrets."webdav/USER_PASSWORD".owner = "${config.services.webdav.user}"; + sops.templates."webdav.env" = { + content = '' + USER_PASSWORD=${config.sops.placeholder."webdav/USER_PASSWORD"} + ''; + owner = "${config.services.webdav.user}"; + }; + + services.caddy.virtualHosts."webdav.gasdev.fr".extraConfig = '' + reverse_proxy http://127.0.0.1:6065 + ''; + + services.webdav = { + enable = true; + environmentFile = config.sops.templates."webdav.env".path; + settings = { + address = "0.0.0.0"; + port = 6065; + tls = false; + behindProxy = true; + directory = "/var/lib/webdav"; + debug = true; + users = [ + { + username = "gaspard"; + password = "{env}USER_PASSWORD"; + permissions = "CRUD"; + } + ]; + }; + }; + systemd.services.webdav.serviceConfig.StateDirectory = "webdav"; + systemd.services.webdav.serviceConfig.StateDirectoryMode = "0740"; +}