{ pkgs, lib, ... }: let user = "pubserve"; path = "/var/lib/pubserve"; in { users.users.${user} = { group = user; home = path; createHome = true; isSystemUser = true; isNormalUser = false; }; users.groups.${user} = { }; systemd.services = let commonArgs = [ "-i '127.0.0.1'" "-H" "-D" "-F" "--hide-theme-selector" "--readme" path ]; in { pubserve = { description = "Miniserve Public File Server"; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; serviceConfig = { ExecStart = "${pkgs.miniserve}/bin/miniserve -t 'PubServe' -p 3454 ${lib.concatStringsSep " " commonArgs}"; Restart = "on-failure"; User = user; Group = user; }; }; privserve = { description = "Miniserve Public File Server (Admin)"; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; serviceConfig = { ExecStart = "${pkgs.miniserve}/bin/miniserve -u -U -o -t 'PrivServe' -p 3455 ${lib.concatStringsSep " " commonArgs}"; Restart = "on-failure"; User = user; Group = user; }; }; }; services.tailproxy = { pubserve = { enable = true; hostname = "pubserve"; funnel = true; port = 3454; authKey = "tskey-auth-kJrnknpMsL11CNTRL-ot1kkasErR2cLZZmfuKYR2b9za7fCzVR"; # One-time key }; privserve = { enable = true; hostname = "privserve"; port = 3455; authKey = "tskey-auth-kKFv865ykk11CNTRL-dfmxUREHP5evuuMsfPy55ehXECXrLF1N7"; # One-time key }; }; }