From 49d5caa8c7b82a8bce9a94fd26a6d21f13a669d7 Mon Sep 17 00:00:00 2001 From: Philip Peterson <1326208+philip-peterson@users.noreply.github.com> Date: Sun, 22 Dec 2024 06:18:59 -0500 Subject: [PATCH 01/11] add webdav creds --- nixos/linux.nix | 7 +++---- nixos/secrets/default.nix | 3 +++ nixos/secrets/webdav.nix | 8 ++++++++ 3 files changed, 14 insertions(+), 4 deletions(-) create mode 100644 nixos/secrets/webdav.nix diff --git a/nixos/linux.nix b/nixos/linux.nix index c027f4b..8f17bb4 100644 --- a/nixos/linux.nix +++ b/nixos/linux.nix @@ -143,15 +143,14 @@ in { "webdav" = { autoStart = true; - image = "dgraziotin/nginx-webdav-nononsense"; + image = "quineglobal/nginx-webdav-nononsense@sha256:86002d386e433c3ed1d265d3aa7f921f96fb678651a913aaa92af8fb78870b1c"; volumes = [ "/mnt/webdav/data:/data" "/mnt/webdav/config:/config" ]; environment = { - "WEBDAV_USERNAME" = "foo"; - # TODO - "WEBDAV_PASSWORD" = "bar"; + "WEBDAV_USERNAME" = "ironmagma"; + "WEBDAV_PASSWORD_FILE" = config.age.secrets."webdav".path; "TZ" = "America/Anchorage"; "PUID" = "60"; # nginx user diff --git a/nixos/secrets/default.nix b/nixos/secrets/default.nix index 819eae3..6c1af5e 100644 --- a/nixos/secrets/default.nix +++ b/nixos/secrets/default.nix @@ -5,4 +5,7 @@ in { # NEARLYFREESPEECH_API_KEY # NEARLYFREESPEECH_LOGIN "./nearlyfreespeech.age".publicKeys = [mainframePublicKey]; + + # WEBDAV_PASSWORD + "./webdav.age".publicKeys = [mainframePublicKey]; } diff --git a/nixos/secrets/webdav.nix b/nixos/secrets/webdav.nix new file mode 100644 index 0000000..edc693a --- /dev/null +++ b/nixos/secrets/webdav.nix @@ -0,0 +1,8 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE5GRC92ZyBHVDRM +NHJMcWV2ejZoUU5LRHF3SHJRdk4zTXlORkpMQzYzbnpoR0tHUEcwCnVoY282RUt0 +NG1GR3NramxoRmIrVUk4ekgrWFJvOGhjRUpUVGJvdmhYb1UKLS0tIHRTVmRtbEgw +ekVmWGxZU3dLL2M0NFB1bG44K0QxRDQxZzROSDNmbGU2bTgKt1pkiwQwDRJTKFrP +aoWZ8aHxfQPrWFOWho/+OzZO/Elx7O5gdmvlvJlUltWYdAhV4sjE6phKlhcmjyEN +CFQ3128ZUbM= +-----END AGE ENCRYPTED FILE----- From 52d2b8356cc2ef01ead707af98e96f6438da40d7 Mon Sep 17 00:00:00 2001 From: philip-peterson <1326208+philip-peterson@users.noreply.github.com> Date: Sun, 22 Dec 2024 02:23:47 -0900 Subject: [PATCH 02/11] fix --- nixos/linux.nix | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/nixos/linux.nix b/nixos/linux.nix index 8f17bb4..dbe1487 100644 --- a/nixos/linux.nix +++ b/nixos/linux.nix @@ -47,8 +47,17 @@ in { time.timeZone = "America/Anchorage"; - age.secrets.nearlyfreespeech.file = ./secrets/nearlyfreespeech.age; - age.secrets.nearlyfreespeech.owner = "root"; + age.secrets = { + nearlyfreespeech = { + file = ./secrets/nearlyfreespeech.age; + owner = "root"; + }; + + webdav = { + file = ./secrets/webdav.age; + owner = "root"; + }; + }; environment.systemPackages = [ ddnsPkg From 3f0e9c123128602621abc344f8fc2a693a32988d Mon Sep 17 00:00:00 2001 From: philip-peterson <1326208+philip-peterson@users.noreply.github.com> Date: Sun, 22 Dec 2024 02:25:27 -0900 Subject: [PATCH 03/11] fix --- nixos/secrets/{webdav.nix => webdav.age} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename nixos/secrets/{webdav.nix => webdav.age} (100%) diff --git a/nixos/secrets/webdav.nix b/nixos/secrets/webdav.age similarity index 100% rename from nixos/secrets/webdav.nix rename to nixos/secrets/webdav.age From f461f4a6caa2da438b8c8a457c0b6b694e3e3449 Mon Sep 17 00:00:00 2001 From: philip-peterson <1326208+philip-peterson@users.noreply.github.com> Date: Sun, 22 Dec 2024 02:26:53 -0900 Subject: [PATCH 04/11] webdav --- nixos/firewall.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nixos/firewall.nix b/nixos/firewall.nix index c3cad28..3212c7d 100644 --- a/nixos/firewall.nix +++ b/nixos/firewall.nix @@ -10,5 +10,7 @@ 3000 #forgejo 2200 #forgejo + + 8082 #webdav ]; } From 556cd2bdc7b58845eb72255e9941985d7022edca Mon Sep 17 00:00:00 2001 From: Philip Peterson <1326208+philip-peterson@users.noreply.github.com> Date: Sun, 22 Dec 2024 06:29:46 -0500 Subject: [PATCH 05/11] password --- nixos/linux.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/nixos/linux.nix b/nixos/linux.nix index 8f17bb4..150689d 100644 --- a/nixos/linux.nix +++ b/nixos/linux.nix @@ -147,10 +147,11 @@ in { volumes = [ "/mnt/webdav/data:/data" "/mnt/webdav/config:/config" + config.age.secrets."webdav".path + ":/password"; ]; environment = { "WEBDAV_USERNAME" = "ironmagma"; - "WEBDAV_PASSWORD_FILE" = config.age.secrets."webdav".path; + "WEBDAV_PASSWORD_FILE" = "/password"; "TZ" = "America/Anchorage"; "PUID" = "60"; # nginx user From eabb757add868bc9ddc8f2b348dec4e539feebd1 Mon Sep 17 00:00:00 2001 From: Philip Peterson <1326208+philip-peterson@users.noreply.github.com> Date: Sun, 22 Dec 2024 06:34:46 -0500 Subject: [PATCH 06/11] fix --- nixos/secrets/webdav.age | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/nixos/secrets/webdav.age b/nixos/secrets/webdav.age index edc693a..e49dfbb 100644 --- a/nixos/secrets/webdav.age +++ b/nixos/secrets/webdav.age @@ -1,8 +1,7 @@ -----BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE5GRC92ZyBHVDRM -NHJMcWV2ejZoUU5LRHF3SHJRdk4zTXlORkpMQzYzbnpoR0tHUEcwCnVoY282RUt0 -NG1GR3NramxoRmIrVUk4ekgrWFJvOGhjRUpUVGJvdmhYb1UKLS0tIHRTVmRtbEgw -ekVmWGxZU3dLL2M0NFB1bG44K0QxRDQxZzROSDNmbGU2bTgKt1pkiwQwDRJTKFrP -aoWZ8aHxfQPrWFOWho/+OzZO/Elx7O5gdmvlvJlUltWYdAhV4sjE6phKlhcmjyEN -CFQ3128ZUbM= +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE5GRC92ZyA3dVNY +SWE3TVY1aUx5d3QvRXlXMWpHUlUwbkJWMEh1VUx0MUh6NTdJOUZnCnNyTGdHdzlz +WlU1dUtDa3UwQ2FTbGhYbG9YeGhVZStXK2pVVjM4L0pTTDgKLS0tIGt1a3IxOFR6 +YzVPVXFTVDFDQXV6NnpKTnJ4U3VSYm51eElDTFlwUXhMc1UKS4xUGWRtLZU7K8Q0 +vwCwvntjoIxeNbLbzYbRRsOkmlu1T+V70iERWMSSWXVqqlX0FqffTw== -----END AGE ENCRYPTED FILE----- From 3e549515480d75452668c48a9789d1ba55230abb Mon Sep 17 00:00:00 2001 From: Philip Peterson <1326208+philip-peterson@users.noreply.github.com> Date: Sun, 22 Dec 2024 06:44:15 -0500 Subject: [PATCH 07/11] proxy webdav --- nixos/nginx.nix | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/nixos/nginx.nix b/nixos/nginx.nix index f826101..761a049 100644 --- a/nixos/nginx.nix +++ b/nixos/nginx.nix @@ -110,6 +110,17 @@ ''; }; }; + + "webdav.philippeterson.com" = { + serverName = "webdav.philippeterson.com"; + enableACME = true; + onlySSL = true; + + locations."/" = { + proxyPass = "http://127.0.0.1:8082/"; # pass through to webdav + }; + }; + "forge.quinefoundation.com-https" = { serverName = "forge.quinefoundation.com"; enableACME = true; From 23ff02e0a3a6e6345b5a5c2607f38236b032389a Mon Sep 17 00:00:00 2001 From: Philip Peterson <1326208+philip-peterson@users.noreply.github.com> Date: Sun, 22 Dec 2024 06:47:07 -0500 Subject: [PATCH 08/11] add cert --- nixos/linux.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/nixos/linux.nix b/nixos/linux.nix index 9ce73c7..49cb5a5 100644 --- a/nixos/linux.nix +++ b/nixos/linux.nix @@ -229,5 +229,11 @@ in { environmentFile = config.age.secrets."nearlyfreespeech".path; webroot = null; }; + + certs."webdav.philippeterson.com" = { + dnsProvider = "nearlyfreespeech"; + environmentFile = config.age.secrets."nearlyfreespeech".path; + webroot = null; + }; }; } From 5f2990b5aec9cc2bb9f621fb095aad800d0348a6 Mon Sep 17 00:00:00 2001 From: philip-peterson <1326208+philip-peterson@users.noreply.github.com> Date: Sun, 22 Dec 2024 02:47:46 -0900 Subject: [PATCH 09/11] fix --- nixos/linux.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/linux.nix b/nixos/linux.nix index 49cb5a5..49b8c35 100644 --- a/nixos/linux.nix +++ b/nixos/linux.nix @@ -156,7 +156,7 @@ in { volumes = [ "/mnt/webdav/data:/data" "/mnt/webdav/config:/config" - config.age.secrets."webdav".path + ":/password"; + (config.age.secrets."webdav".path + ":/password") ]; environment = { "WEBDAV_USERNAME" = "ironmagma"; From 1effdc13a2b7baeb79c0e4f3f43dc741a0d7e703 Mon Sep 17 00:00:00 2001 From: Philip Peterson <1326208+philip-peterson@users.noreply.github.com> Date: Sun, 22 Dec 2024 06:53:48 -0500 Subject: [PATCH 10/11] wip --- nixos/nginx.nix | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/nixos/nginx.nix b/nixos/nginx.nix index 761a049..507aa78 100644 --- a/nixos/nginx.nix +++ b/nixos/nginx.nix @@ -118,6 +118,29 @@ locations."/" = { proxyPass = "http://127.0.0.1:8082/"; # pass through to webdav + extraConfig = '' + # WebDAV-specific settings + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Authorization $http_authorization; + + # Timeout for large file uploads/downloads + proxy_read_timeout 300; + proxy_connect_timeout 300; + proxy_send_timeout 300; + + # Allow WebDAV methods + proxy_methods GET POST PUT DELETE OPTIONS PROPFIND PROPPATCH MKCOL COPY MOVE LOCK UNLOCK; + + # Client upload size + client_max_body_size 100M; + + # Optional: Disable caching if issues arise + proxy_buffering off; + proxy_cache off; + ''; }; }; From 9d4eb5d048c9b29690ab2d10b307c2ec77e3bad8 Mon Sep 17 00:00:00 2001 From: Philip Peterson <1326208+philip-peterson@users.noreply.github.com> Date: Sun, 22 Dec 2024 06:56:25 -0500 Subject: [PATCH 11/11] wip --- nixos/nginx.nix | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/nixos/nginx.nix b/nixos/nginx.nix index 507aa78..8f6cad1 100644 --- a/nixos/nginx.nix +++ b/nixos/nginx.nix @@ -119,25 +119,24 @@ locations."/" = { proxyPass = "http://127.0.0.1:8082/"; # pass through to webdav extraConfig = '' - # WebDAV-specific settings + # Pass required headers for WebDAV proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; + + # Pass Authorization header if required proxy_set_header Authorization $http_authorization; - - # Timeout for large file uploads/downloads + + # Set timeouts for large file uploads or long WebDAV operations proxy_read_timeout 300; proxy_connect_timeout 300; proxy_send_timeout 300; - - # Allow WebDAV methods - proxy_methods GET POST PUT DELETE OPTIONS PROPFIND PROPPATCH MKCOL COPY MOVE LOCK UNLOCK; - - # Client upload size + + # Increase client body size for large uploads client_max_body_size 100M; - - # Optional: Disable caching if issues arise + + # Optional: Disable caching for WebDAV operations proxy_buffering off; proxy_cache off; '';