diff --git a/modules/blocks/nginx.nix b/modules/blocks/nginx.nix
index 5d613e5..dea0e09 100644
--- a/modules/blocks/nginx.nix
+++ b/modules/blocks/nginx.nix
@@ -7,7 +7,7 @@ let
fqdn = c: "${c.subdomain}.${c.domain}";
- autheliaConfig = lib.types.submodule {
+ vhostConfig = lib.types.submodule {
options = {
subdomain = lib.mkOption {
type = lib.types.str;
@@ -67,9 +67,9 @@ in
example = true;
};
- autheliaProtect = lib.mkOption {
+ vhosts = lib.mkOption {
description = "Endpoints to be protected by authelia.";
- type = lib.types.listOf autheliaConfig;
+ type = lib.types.listOf vhostConfig;
default = [];
};
};
@@ -135,7 +135,7 @@ in
proxy_pass ${c.upstream};
''
- + lib.optionalString (!(isNull c.authEndpoint)) ''
+ + lib.optionalString (c.authEndpoint != null) ''
auth_request /authelia;
auth_request_set $user $upstream_http_remote_user;
auth_request_set $groups $upstream_http_remote_groups;
@@ -181,13 +181,13 @@ in
};
};
in
- lib.mkMerge (map vhostCfg cfg.autheliaProtect);
+ lib.mkMerge (map vhostCfg cfg.vhosts);
shb.authelia.rules =
let
authConfig = c: map (r: r // { domain = fqdn c; }) c.autheliaRules;
in
- lib.flatten (map authConfig cfg.autheliaProtect);
+ lib.flatten (map authConfig cfg.vhosts);
security.acme.defaults.reloadServices = [
"nginx.service"
diff --git a/modules/services/arr.nix b/modules/services/arr.nix
index 8b0db9d..95a0f41 100644
--- a/modules/services/arr.nix
+++ b/modules/services/arr.nix
@@ -257,7 +257,7 @@ let
};
};
- autheliaProtect = { extraBypassResources ? [] }: c: {
+ vhosts = { extraBypassResources ? [] }: c: {
inherit (c) subdomain domain authEndpoint ssl;
upstream = "http://127.0.0.1:${toString c.settings.Port}";
@@ -369,7 +369,7 @@ in
generator = shblib.replaceSecretsFormatAdapter apps.radarr.settingsFormat;
};
- shb.nginx.autheliaProtect = [ (autheliaProtect {} cfg') ];
+ shb.nginx.vhosts = [ (vhosts {} cfg') ];
shb.backup.instances.radarr = cfg'.backupCfg // {
sourceDirectories = [
@@ -406,7 +406,7 @@ in
generator = apps.sonarr.settingsFormat.generate;
};
- shb.nginx.autheliaProtect = [ (autheliaProtect {} cfg') ];
+ shb.nginx.vhosts = [ (vhosts {} cfg') ];
shb.backup.instances.sonarr = cfg'.backupCfg // {
sourceDirectories = [
@@ -440,7 +440,7 @@ in
generator = apps.bazarr.settingsFormat.generate;
};
- shb.nginx.autheliaProtect = [ (autheliaProtect {} cfg') ];
+ shb.nginx.vhosts = [ (vhosts {} cfg') ];
shb.backup.instances.bazarr = cfg'.backupCfg // {
sourceDirectories = [
@@ -469,7 +469,7 @@ in
generator = apps.readarr.settingsFormat.generate;
};
- shb.nginx.autheliaProtect = [ (autheliaProtect {} cfg') ];
+ shb.nginx.vhosts = [ (vhosts {} cfg') ];
shb.backup.instances.readarr = cfg'.backupCfg // {
sourceDirectories = [
@@ -503,7 +503,7 @@ in
generator = apps.lidarr.settingsFormat.generate;
};
- shb.nginx.autheliaProtect = [ (autheliaProtect {} cfg') ];
+ shb.nginx.vhosts = [ (vhosts {} cfg') ];
shb.backup.instances.lidarr = cfg'.backupCfg // {
sourceDirectories = [
@@ -532,7 +532,7 @@ in
generator = apps.jackett.settingsFormat.generate;
};
- shb.nginx.autheliaProtect = [ (autheliaProtect {
+ shb.nginx.vhosts = [ (vhosts {
extraBypassResources = [ "^/dl.*" ];
} cfg') ];
diff --git a/modules/services/deluge.nix b/modules/services/deluge.nix
index e13b3c2..565c950 100644
--- a/modules/services/deluge.nix
+++ b/modules/services/deluge.nix
@@ -149,7 +149,7 @@ in
};
authEndpoint = lib.mkOption {
- type = lib.types.str;
+ type = lib.types.nullOr lib.types.str;
description = "OIDC endpoint for SSO";
example = "https://authelia.example.com";
};
@@ -253,11 +253,11 @@ in
"L+ ${config.services.deluge.dataDir}/.config/deluge/plugins - - - - ${plugins}"
];
- shb.nginx.autheliaProtect = lib.mkIf config.shb.authelia.enable [
+ shb.nginx.vhosts = [
{
inherit (cfg) subdomain domain authEndpoint ssl;
upstream = "http://127.0.0.1:${toString config.services.deluge.web.port}";
- autheliaRules = [{
+ autheliaRules = lib.mkIf (cfg.authEndpoint != null) [{
domain = fqdn;
policy = "two_factor";
subject = ["group:deluge_user"];
diff --git a/modules/services/hledger.nix b/modules/services/hledger.nix
index 5b63bc5..b4bb9da 100644
--- a/modules/services/hledger.nix
+++ b/modules/services/hledger.nix
@@ -78,7 +78,7 @@ in
serviceConfig.StateDirectory = "hledger";
};
- shb.nginx.autheliaProtect = [
+ shb.nginx.vhosts = [
{
inherit (cfg) subdomain domain authEndpoint ssl;
upstream = "http://${toString config.services.hledger-web.host}:${toString config.services.hledger-web.port}";
diff --git a/modules/services/vaultwarden.nix b/modules/services/vaultwarden.nix
index dde963a..8d0fab2 100644
--- a/modules/services/vaultwarden.nix
+++ b/modules/services/vaultwarden.nix
@@ -158,11 +158,11 @@ in
generator = name: v: lib.generators.toINIWithGlobalSection {} { globalSection = v; };
};
- shb.nginx.autheliaProtect = [
+ shb.nginx.vhosts = [
{
inherit (cfg) subdomain domain authEndpoint ssl;
upstream = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}";
- autheliaRules = [
+ autheliaRules = lib.mkIf (cfg.authEndpoint != null) [
{
domain = "${fqdn}";
policy = "two_factor";
diff --git a/test/modules/arr.nix b/test/modules/arr.nix
index 2ca7d39..2de9ef0 100644
--- a/test/modules/arr.nix
+++ b/test/modules/arr.nix
@@ -150,7 +150,7 @@ in
excludePatterns = [ ".db-shm" ".db-wal" ".mono" ];
};
};
- shb.nginx.autheliaProtect = [
+ shb.nginx.vhosts = [
{
autheliaRules = [
{
diff --git a/test/modules/nginx.nix b/test/modules/nginx.nix
index 242b13c..fab349f 100644
--- a/test/modules/nginx.nix
+++ b/test/modules/nginx.nix
@@ -38,7 +38,7 @@ in
shb.backup = {};
shb.nginx = {
accessLog = false;
- autheliaProtect = [];
+ vhosts = [];
debugLog = false;
};
services.nginx.enable = true;
@@ -66,7 +66,7 @@ in
domain = "example.com";
};
- shb.nginx.autheliaProtect = [{
+ shb.nginx.vhosts = [{
subdomain = "my";
domain = "example.com";
ssl = config.shb.certs.certs.selfsigned."example.com";