xin/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

weilite/webdav: init

Browse source
This commit is contained in:
xinyangli 2025-04-06 22:21:16 +08:00
parent ea3e518de3
commit a7b3579f55
No known key found for this signature in database
5 changed files with 65 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
machines/weilite/default.nix
View file

@ -102,6 +102,13 @@
type = "virtiofs"; type = "virtiofs";
options = "rw,nodev,nosuid"; options = "rw,nodev,nosuid";
} }
{
what = "originals";
where = "/mnt/photos/xin/originals";
type = "virtiofs";
options = "rw,nodev,nosuid";
wantedBy = [ "immich-server.service" ];
}
{ {
what = "/mnt/nixos/ocis"; what = "/mnt/nixos/ocis";
where = "/var/lib/ocis"; where = "/var/lib/ocis";

7
machines/weilite/secrets.yaml
View file

@ -12,6 +12,9 @@ sonarr:
api-key: ENC[AES256_GCM,data:/CkApTCLQy8TLHGKSM1saacNi9uQDswAjshRSLJk1hg=,iv:PNX4BZLx7krs12lxgORMSarnt0c/ga8yPtoLSzbQ+sY=,tag:V1pp9OCtX5/5fbwLBMGlOQ==,type:str] api-key: ENC[AES256_GCM,data:/CkApTCLQy8TLHGKSM1saacNi9uQDswAjshRSLJk1hg=,iv:PNX4BZLx7krs12lxgORMSarnt0c/ga8yPtoLSzbQ+sY=,tag:V1pp9OCtX5/5fbwLBMGlOQ==,type:str]
radarr: radarr:
api-key: ENC[AES256_GCM,data:AeJArngvgmqnxk2g13QjMa6XS893B+3ZdX2K8OqXRQg=,iv:NrQf3yyqRpHMeWQ3bpPH4fUDdo/x2uB6pQCq0ZrFP5c=,tag:Yj2PSy6zRfe8anW0RGuZAQ==,type:str] api-key: ENC[AES256_GCM,data:AeJArngvgmqnxk2g13QjMa6XS893B+3ZdX2K8OqXRQg=,iv:NrQf3yyqRpHMeWQ3bpPH4fUDdo/x2uB6pQCq0ZrFP5c=,tag:Yj2PSy6zRfe8anW0RGuZAQ==,type:str]
webdav:
photosync:
password: ENC[AES256_GCM,data:s+omleBtVALG5bpbTnlzbwBj0oCZX8Dm8IbcUV6COnI=,iv:vwCs3ujmCcE87rl91ZtOEAgSQF1/0t17/7/0UM4x8fE=,tag:ylw76CX9SCylWoJt86rmjg==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -36,8 +39,8 @@ sops:
V0thRjU4WGpQRGFpcnoxSjZTZHhTTkUKzNMHh9p7GUY3hL5XZ9S4x20CwaItsXFV V0thRjU4WGpQRGFpcnoxSjZTZHhTTkUKzNMHh9p7GUY3hL5XZ9S4x20CwaItsXFV
RKujsFVVBd8Kuq/jyOCBTRCscuHI4LW/wYeZYHFEZFSTK2liAqspgw== RKujsFVVBd8Kuq/jyOCBTRCscuHI4LW/wYeZYHFEZFSTK2liAqspgw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-03-30T06:50:46Z" lastmodified: "2025-04-06T14:28:44Z"
mac: ENC[AES256_GCM,data:o9mucckntBoKzO3+S1lWcvKeyolqlzYcRRWkosjLnJ7kY3S2ssYxdEz9PPBihpIU4z8ogy/TIuRjLV/XOiPyNUZy0a++2erfQjpr4YIc8KvivG9erE4S4YkNFCVOXv6XjQ7gypaYScX8pdhh0idkyuxJPb0N5HcB1Ngtx/bhrBY=,iv:YfFXYt0GGZsssyoImWKep0in0STGqgUgQ87v2g7E0MU=,tag:aMb/SDiboeRyCW9AItnhzw==,type:str] mac: ENC[AES256_GCM,data:tYAhkwRs2CFOUCw3Iuq6T5C+QkbpSz80fI6CP65VyFrNiej9hshmjngPnf8bFElF+bHI64a/zpo2y4CqV213011tOX2YYvLD5zrAQb18rBFUdJblY5wQyx/DXiPaIf5jK6WGHIRaOmqZJuqXKrQKnf99N12JydXjt6usBGGZr8M=,iv:wySf7lctw14iUbKo5fDu+p6TMY5QXGYYmBukh2qb19I=,tag:pZrnFiNZEK01pnDN0+1Rcw==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.4 version: 3.9.4

1
machines/weilite/services/default.nix
View file

@ -7,5 +7,6 @@
./immich.nix ./immich.nix
./jellyfin.nix ./jellyfin.nix
./transmission.nix ./transmission.nix
./webdav.nix
]; ];
} }

17
machines/weilite/services/immich.nix
View file

@ -86,16 +86,6 @@ in
''; '';
}; };
systemd.mounts = [
{
what = "originals";
where = "/mnt/immich/external-library/xin";
type = "virtiofs";
options = "ro,nodev,nosuid";
wantedBy = [ "immich-server.service" ];
}
];
systemd.timers.immich-auto-stack = { systemd.timers.immich-auto-stack = {
enable = true; enable = true;
wantedBy = [ "immich-server.service" ]; wantedBy = [ "immich-server.service" ];
@ -135,8 +125,8 @@ in
systemd.services.immich-server = { systemd.services.immich-server = {
serviceConfig = { serviceConfig = {
ReadWritePaths = [ BindReadOnlyPaths = [
"/mnt/immich/external-library/xin" "/mnt/photos/xin/originals:/mnt/immich/external-library/xin"
]; ];
Environment = "IMMICH_CONFIG_FILE=${config.sops.templates."immich/config.json".path}"; Environment = "IMMICH_CONFIG_FILE=${config.sops.templates."immich/config.json".path}";
}; };
@ -161,8 +151,11 @@ in
users.users.immich.extraGroups = [ users.users.immich.extraGroups = [
"video" "video"
"render" "render"
"privimg"
]; ];
users.groups.privimg = { };
users.groups.immich_auto_stack = { }; users.groups.immich_auto_stack = { };
users.users.immich_auto_stack = { users.users.immich_auto_stack = {
isSystemUser = true; isSystemUser = true;

47
machines/weilite/services/webdav.nix Normal file
View file

@ -0,0 +1,47 @@
{ config, ... }:
{
sops.secrets = {
"webdav/photosync/password" = { };
};
sops.templates."webdav.env" = {
content = ''
PHOTOSYNC_PASSWORD=${config.sops.placeholder."webdav/photosync/password"}
'';
};
services.webdav = {
enable = true;
settings = {
address = "127.0.0.1";
port = "16065";
permissions = "CRUD";
behindProxy = true;
users = [
{
username = "photosync";
password = "{env}PHOTOSYNC_PASSWORD";
}
];
};
group = "privimg";
environmentFile = config.sops.templates."webdav.env".path;
};
systemd.services.webdav.serviceConfig = {
BindPaths = [
"/mnt/photos/xin/originals:%t/webdav/photosync"
];
RuntimeDirectory = "webdav";
WorkingDirectory = "%t/webdav";
};
users.users."${config.services.webdav.user}".extraGroups = [
"privimg"
];
services.caddy.virtualHosts."https://weilite.coho-tet.ts.net:6065".extraConfig = ''
reverse_proxy 127.0.0.1:16065
'';
}