repomaa/nixos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b4caf86628942c7ecd3dfecd60fe7ec2f8e6c10e
nixos/modules/services/hledger-web.nix
Joakim Repomaa 269bb6ac6a use tailscale auth for hledger
2025-06-10 23:26:27 +03:00

73 lines
1.9 KiB
Nix
Raw Blame History

{ config, lib, ... }:
let
cfg = config.services.hledger-web;
fqdn = "${cfg.subdomain}.${config.networking.domain}";
in
{
options.services.hledger-web = {
subdomain = lib.mkOption {
type = lib.types.str;
};
user = lib.mkOption {
type = lib.types.str;
};
group = lib.mkOption {
type = lib.types.str;
};
};
config = lib.mkIf cfg.enable {
services = {
hledger-web = {
allow = lib.mkDefault "edit";
baseUrl = "https://${fqdn}";
serveApi = true;
extraOptions = [
"--exchange="
];
};
webserver = {
enable = lib.mkDefault true;
vHosts.${fqdn} = {
tailscaleAuth = true;
extraConfig = ''
root /var/www/ledgio;
add_header Access-Control-Allow-Origin $http_origin always;
add_header Access-Control-Allow-Methods 'OPTIONS, GET, PUT' always;
add_header Access-Control-Allow-Headers 'Content-Type' always;
location ~ \.(html|js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
try_files $uri =404;
}
'';
locations = {
"@api" = {
proxyPort = cfg.port;
};
"/".extraConfig = ''
if ($request_method = OPTIONS) {
add_header Content-Type text/plain;
add_header Content-Length 0;
add_header Access-Control-Allow-Origin $http_origin;
add_header Access-Control-Allow-Methods 'OPTIONS, GET, PUT';
add_header Access-Control-Allow-Headers 'Content-Type';
return 204;
}
try_files $uri $uri/ @api;
'';
};
};
};
};
systemd.services.hledger-web.serviceConfig = {
User = lib.mkForce cfg.user;
Group = lib.mkForce cfg.group;
};
};
}
Reference in New Issue View Git Blame Copy Permalink