config/profiles/http/services/webdav-zotero.nix

{ config, pkgs, lib, mkDomain, ... }:
{

  # webdav
  # Simple WebDAV server

  # TODO: parametrize which webdav shares i have?

  services.webdav = {
    enable = true;
    # the webdav user uid:gid is fixed
    settings = {
      address = "127.0.0.1";
      port = 9568;
      prefix = "/";
      scope = "/mnt/reidun/pub";
      modify = false;
      auth = true;
      users = [
        {
          username = "zotero";
          password = "{bcrypt}$2y$10$9zzZuwd2AvNZXb8WCG/bM..ibOroNnX0sN94UTAV.Jco9LnZ8Whs2";
          #prefix = "/zotero/";
          scope = "/mnt/reidun/Various/Zotero";
          modify = true;
        }
      ];
      #cors = {
      #  enabled = true;
      #  credentials = true;
      #  allowed_methods = [ "GET" ];
      #  exposed_headers = [
      #    "Content-Length"
      #    "Content-Range"
      #  ];
      #};
    };
  };
  services.nginx.virtualHosts.${mkDomain "webdav"} = lib.mkIf config.services.webdav.enable {
    forceSSL = true; # addSSL = true;
    enableACME = true; #useACMEHost = acmeDomain;
    locations."/" = {
      recommendedProxySettings = false; # lol we disable it and copy it back in, and it works /shrug
      proxyPass = "http://127.0.0.1:${toString config.services.webdav.settings.port}";
      #proxyWebsockets = true;
      extraConfig = ''
        proxy_redirect          off;

        proxy_connect_timeout   ${config.services.nginx.proxyTimeout};
        proxy_send_timeout      ${config.services.nginx.proxyTimeout};
        proxy_read_timeout      ${config.services.nginx.proxyTimeout};
        proxy_http_version      1.1;
        # don't let clients close the keep-alive connection to upstream. See the nginx blog for details:
        # https://www.nginx.com/blog/avoiding-top-10-nginx-configuration-mistakes/#no-keepalives
        proxy_set_header        "Connection" "";

        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;

        proxy_request_buffering off;
        client_max_body_size 2G;
      '';
    };
  };

}