repomaa/nixos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

use tailscale auth for hledger

Browse Source
This commit is contained in:
Joakim Repomaa
2025-06-10 23:26:27 +03:00
parent 4d91990ea1
commit 269bb6ac6a
6 changed files with 93 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
modules/services/webserver.nix
View File

@@ -37,6 +37,10 @@ let
type = lib.types.bool;
default = false;
};
extraConfig = lib.mkOption {
type = lib.types.lines;
default = "";
};
};
};
};
@@ -59,6 +63,10 @@ in
type = lib.types.attrsOf types.vhost;
default = { };
};
tailscaleAuth.expectedTailnet = lib.mkOption {
type = lib.types.str;
default = "";
};
};
config = lib.mkIf cfg.enable {
@@ -75,11 +83,17 @@ in
tailscaleAuth = {
enable = (lib.length tailscaleAuthVhosts) > 0;
virtualHosts = tailscaleAuthVhosts;
expectedTailnet = cfg.tailscaleAuth.expectedTailnet;
};
virtualHosts = lib.mapAttrs (
_:
{ proxyBuffering, locations, ... }:
{
proxyBuffering,
locations,
extraConfig,
...
}:
{
forceSSL = true;
enableACME = true;
@@ -88,6 +102,7 @@ in
extraConfig = lib.concatLines [
(lib.optionalString (!proxyBuffering) "proxy_buffering off;")
"charset utf-8;"
extraConfig
];
locations = lib.mapAttrs (
_:
@@ -115,12 +130,17 @@ in
};
octodns.records = lib.filterAttrs (name: _: name != config.networking.domain) (
lib.mapAttrs' (fqdn: _: {
name = lib.removeSuffix ".${config.networking.domain}" fqdn;
value = {
CNAME.toRoot = true;
};
}) cfg.vHosts
lib.mapAttrs' (
fqdn:
{ tailscaleAuth, ... }:
{
name = lib.removeSuffix ".${config.networking.domain}" fqdn;
value = {
CNAME =
if tailscaleAuth then { target = "ts.${config.networking.domain}."; } else { toRoot = true; };
};
}
) cfg.vHosts
);
};