{ hostConfig, povSelf, config, lib, pkgs, ... }: let inherit (lib) types; cfg = lib.getAttrFromPath povSelf config; in { options = { enable = { type = types.bool; default = false; }; subdomain = { type = types.str; default = "music"; }; domain = { type = types.str; default = "zaphyra.dn42"; }; }; config = lib.mkIf cfg.enable { dns.zones = { "${cfg.domain}".subdomains."${cfg.subdomain}".AAAA = [ hostConfig.networking.dn42Address ]; "zaphyra.eu".subdomains."${cfg.subdomain}".AAAA = [ hostConfig.networking.ip6Address ]; }; fileSystems."/mnt/music" = { device = "/home/zaphyra/Music"; fsType = "fuse.bindfs"; options = [ "ro" "perms=0000:a+rX" ]; }; modules.filesystem.impermanence.system.dirs = [ { directory = "/var/lib/navidrome"; mode = "0700"; user = "navidrome"; group = "navidrome"; } ]; services.navidrome = { enable = true; settings = { Address = "[::1]"; MusicFolder = "/mnt/music"; EnableSharing = true; FFmpegPath = lib.getExe pkgs.ffmpeg; }; }; security.acme.certs."${cfg.subdomain}.${cfg.domain}" = { server = "https://acme.burble.dn42/v1/dn42/acme/directory"; validMinDays = 20; keyType = "ec384"; dnsProvider = null; }; services.nginx = { enable = true; virtualHosts = { "${cfg.subdomain}.${cfg.domain}" = { enableACME = true; forceSSL = true; kTLS = true; locations."/".proxyPass = "http://[::1]:${toString config.services.navidrome.settings.Port}/"; }; "${cfg.subdomain}.zaphyra.eu" = { useACMEHost = "${config.networking.fqdn}"; forceSSL = true; kTLS = true; locations."/".proxyPass = "http://[::1]:${toString config.services.navidrome.settings.Port}/"; }; }; }; }; }