zaphyra's git: nixfiles

config/nixos/modules/websites: add `music.zaphyra.dn42`

diff --git a/config/nixos/modules/websites/music.zaphyra.dn42.nix b/config/nixos/modules/websites/music.zaphyra.dn42.nix
@@ -0,0 +1,80 @@
+{
+  hostConfig,
+  povSelf,
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+let
+  inherit (lib) types;
+  cfg = lib.getAttrFromPath povSelf config;
+
+in
+{
+
+  options = {
+    enable = {
+      type = types.bool;
+      default = false;
+    };
+    subdomain = {
+      type = types.str;
+      default = "music";
+    };
+    domain = {
+      type = types.str;
+      default = "zaphyra.dn42";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    dns.zones."${cfg.domain}".subdomains."${cfg.subdomain}".AAAA = [
+      hostConfig.networking.dn42Address
+    ];
+
+    fileSystems."/mnt/music" = {
+      device = "/home/zaphyra/Music";
+      fsType = "fuse.bindfs";
+      options = [
+        "ro"
+        "perms=0000:a+rX"
+      ];
+    };
+
+    modules.filesystem.impermanence.system.dirs = [
+      {
+        directory = "/var/lib/navidrome";
+        mode = "0700";
+        user = "navidrome";
+        group = "navidrome";
+      }
+    ];
+
+    services.navidrome = {
+      enable = true;
+      settings = {
+        Address = "[::1]";
+        MusicFolder = "/mnt/music";
+        EnableSharing = true;
+        FFmpegPath = lib.getExe pkgs.ffmpeg;
+      };
+    };
+
+    security.acme.certs."${cfg.subdomain}.${cfg.domain}" = {
+      server = "https://acme.burble.dn42/v1/dn42/acme/directory";
+      validMinDays = 20;
+      keyType = "ec384";
+      dnsProvider = null;
+    };
+
+    services.nginx.virtualHosts."${cfg.subdomain}.${cfg.domain}" = {
+      enableACME = true;
+      forceSSL = true;
+      kTLS = true;
+      locations."/".proxyPass = "http://[::1]:${toString config.services.navidrome.settings.Port}/";
+    };
+  };
+
+}