add dufs (webdav) module

2025-11-16 21:21:47 +01:00 · 2025-11-16 21:21:47 +01:00 · bf072e60a6
commit bf072e60a6
parent 71b4968d79
3 changed files with 82 additions and 0 deletions
--- a/hosts/nixos/hs/system.nix
+++ b/hosts/nixos/hs/system.nix
@ -9,6 +9,7 @@
    ../../../modules/traefik.nix
    ../../../modules/borg/client.nix
    ../../../modules/login-display.nix
+    ../../../modules/dufs.nix
  ];

  # GRUB bootloader with ZFS support
@ -263,4 +264,11 @@
    };
  };

+  # Dufs WebDAV file server
+  services.dufs = {
+    sharedPath = "/mnt/storage/Media/nsfw";
+    port = 5099;
+    auth = "yanlin:jbaRRsciNUXTRqswdggKPICG27TNvyTRUfod2RBD";
+  };
+
 }
--- a/hosts/nixos/vps/proxy.nix
+++ b/hosts/nixos/vps/proxy.nix
@ -111,6 +111,19 @@
          };
        };

+        # Dufs file server
+        files = {
+          rule = "Host(`files.yanlincs.com`)";
+          entrypoints = "websecure";
+          service = "files";
+          tls = {
+            certResolver = "cloudflare";
+            domains = [{
+              main = "*.yanlincs.com";
+            }];
+          };
+        };
+
      };
      services = {
        # Redirect service
@ -185,6 +198,15 @@
          };
        };

+        # Dufs backend (via WireGuard)
+        files = {
+          loadBalancer = {
+            servers = [{
+              url = "http://10.2.2.20:5099";
+            }];
+          };
+        };
+
      };
      middlewares = {
        # Redirect middleware
--- a/modules/dufs.nix
+++ b/modules/dufs.nix
@ -0,0 +1,52 @@
+{ config, pkgs, lib, ... }:
+
+let
+  cfg = config.services.dufs;
+in
+{
+  options.services.dufs = {
+    sharedPath = lib.mkOption {
+      type = lib.types.nullOr lib.types.str;
+      default = null;
+      description = "Path to the folder to share via WebDAV. Set to null to disable dufs.";
+      example = "/mnt/storage/shared";
+    };
+
+    port = lib.mkOption {
+      type = lib.types.port;
+      default = 5099;
+      description = "Port to listen on";
+    };
+
+    auth = lib.mkOption {
+      type = lib.types.nullOr lib.types.str;
+      default = null;
+      description = "Basic authentication in format 'username:password'. Will be automatically formatted for dufs.";
+      example = "admin:secret123";
+    };
+  };
+
+  config = lib.mkIf (cfg.sharedPath != null) {
+    # Install dufs package
+    environment.systemPackages = [ pkgs.dufs ];
+
+    # Create systemd service
+    systemd.services.dufs = {
+      description = "Dufs WebDAV File Server";
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" ];
+
+      serviceConfig = {
+        Type = "simple";
+        User = "root";  # Run as root to access any system path
+        ExecStart = "${pkgs.dufs}/bin/dufs ${cfg.sharedPath} --port ${toString cfg.port} --bind 0.0.0.0"
+          + lib.optionalString (cfg.auth != null) " --auth ${cfg.auth}@/:rw";
+        Restart = "on-failure";
+        RestartSec = "10s";
+      };
+    };
+
+    # Open firewall port (optional, since traffic comes through WireGuard)
+    # networking.firewall.allowedTCPPorts = [ cfg.port ];
+  };
+}