links.nikolai-linschmann.de

{ config, pkgs, lib, ... }:

let
  domain = "links.nikolai-linschmann.de";
  linksPort = 8765;
in
{
  # =========================================================================
  # links.nikolai-linschmann.de — Simple File Sharing Service
  # =========================================================================

systemd.services.links-file-sharing = {
    description = "links.nikolai-linschmann.de file sharing server";
    after = [ "network.target" ];
    wantedBy = [ "multi-user.target" ];

serviceConfig = {
      ExecStart = "${pkgs.python3}/bin/python3 /etc/nixos/services/links/server.py";
      Restart = "always";
      RestartSec = "5s";
      User = "openclaw";
      Group = "openclaw";
      WorkingDirectory = "/var/lib/links";
      Environment = [
        "LINKS_DATA_DIR=/var/lib/links/data"
        "LINKS_LINKS_FILE=/var/lib/links/links.json"
        "LINKS_HOST=127.0.0.1"
        "LINKS_PORT=${toString linksPort}"
      ];
      # Security hardening
      NoNewPrivileges = true;
      PrivateTmp = true;
      ProtectSystem = "strict";
      ProtectHome = true;
      ReadWritePaths = [ "/var/lib/links" ];
    };
  };

# Ensure directories exist
  systemd.tmpfiles.rules = [
    "d /var/lib/links 0755 openclaw openclaw -"
    "d /var/lib/links/data 0755 openclaw openclaw -"
  ];

# =========================================================================
  # nginx virtual host
  # =========================================================================

services.nginx.virtualHosts.${domain} = {
    forceSSL   = true;
    enableACME = true;

locations."/" = {
      proxyPass = "http://127.0.0.1:${toString linksPort}";
      proxyWebsockets = false;
      recommendedProxySettings = true;
      extraConfig = ''
        client_max_body_size 210m;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_read_timeout 120s;
      '';
    };
  };
}

default.nix