diff --git a/hosts/nixos/thinkpad/system.nix b/hosts/nixos/thinkpad/system.nix index b79b7ce..fa170ff 100644 --- a/hosts/nixos/thinkpad/system.nix +++ b/hosts/nixos/thinkpad/system.nix @@ -7,6 +7,7 @@ ../../../modules/hyprland/system.nix ../../../modules/wireguard.nix ../../../modules/login-display.nix + ../../../modules/dufs.nix ]; # Bootloader - standard UEFI setup @@ -253,4 +254,10 @@ showDiskUsage = true; }; + services.dufs = { + sharedPath = "/home/yanlin/NSFW"; + user = "yanlin"; + group = "users"; + }; + } diff --git a/hosts/nixos/vps/proxy.nix b/hosts/nixos/vps/proxy.nix index 335db53..9d996e1 100644 --- a/hosts/nixos/vps/proxy.nix +++ b/hosts/nixos/vps/proxy.nix @@ -66,6 +66,18 @@ }; }; + # NSFW WebDAV (dufs on thinkpad) + nsfw = { + rule = "Host(`nsfw.yanlincs.com`)"; + service = "nsfw"; + tls = { + certResolver = "cloudflare"; + domains = [{ + main = "*.yanlincs.com"; + }]; + }; + }; + }; services = { @@ -115,6 +127,15 @@ }; }; + # NSFW backend (dufs on thinkpad via WireGuard) + nsfw = { + loadBalancer = { + servers = [{ + url = "http://10.2.2.30:5099"; + }]; + }; + }; + }; }; diff --git a/modules/dufs.nix b/modules/dufs.nix index d246284..d24eb66 100644 --- a/modules/dufs.nix +++ b/modules/dufs.nix @@ -18,6 +18,18 @@ in default = 5099; description = "Port to listen on"; }; + + user = lib.mkOption { + type = lib.types.str; + default = "root"; + description = "User account under which dufs runs"; + }; + + group = lib.mkOption { + type = lib.types.str; + default = "root"; + description = "Group under which dufs runs"; + }; }; config = lib.mkIf (cfg.sharedPath != null) { @@ -35,7 +47,9 @@ in serviceConfig = { Type = "simple"; - User = "root"; # Run as root to access any system path + User = cfg.user; + Group = cfg.group; + UMask = "0022"; ExecStart = ''/bin/sh -c "${pkgs.dufs}/bin/dufs ${cfg.sharedPath} --port ${toString cfg.port} --bind 0.0.0.0 --allow-all --auth $(cat ${authFile})@/:rw"''; Restart = "on-failure"; RestartSec = "10s";