{ config, lib, pkgs, ... }:

with lib;

{
  sops.secrets.firmware-htpasswd = {
    owner = "nginx";
    group = "nginx";
  };

  services.nginx.virtualHosts = {
    "firmware.clerie.de" = {
      enableACME = true;
      forceSSL = true;
      locations."/" = {
        alias = "/data/firmware/";
        basicAuthFile = config.sops.secrets.firmware-htpasswd.path;
        extraConfig = ''
          autoindex on;
          autoindex_exact_size off;
        '';
      };
    };
  };

  users.users.data-firmware = {
    group = "data-firmware";
    home = "/data/firmware";
    useDefaultShell = true;
    isSystemUser = true;
  };
  users.groups.data-firmware = {};

  systemd.tmpfiles.rules = [
    "d /data/firmware - data-firmware data-firmware - -"
  ];
}