1
0
Fork 0

rename autheliaProtect to vhosts

This commit is contained in:
ibizaman 2024-05-24 15:01:45 -07:00 committed by Pierre Penninckx
parent 7020786c41
commit 8ebb3af1f0
7 changed files with 22 additions and 22 deletions

View file

@ -7,7 +7,7 @@ let
fqdn = c: "${c.subdomain}.${c.domain}";
autheliaConfig = lib.types.submodule {
vhostConfig = lib.types.submodule {
options = {
subdomain = lib.mkOption {
type = lib.types.str;
@ -67,9 +67,9 @@ in
example = true;
};
autheliaProtect = lib.mkOption {
vhosts = lib.mkOption {
description = "Endpoints to be protected by authelia.";
type = lib.types.listOf autheliaConfig;
type = lib.types.listOf vhostConfig;
default = [];
};
};
@ -135,7 +135,7 @@ in
proxy_pass ${c.upstream};
''
+ lib.optionalString (!(isNull c.authEndpoint)) ''
+ lib.optionalString (c.authEndpoint != null) ''
auth_request /authelia;
auth_request_set $user $upstream_http_remote_user;
auth_request_set $groups $upstream_http_remote_groups;
@ -181,13 +181,13 @@ in
};
};
in
lib.mkMerge (map vhostCfg cfg.autheliaProtect);
lib.mkMerge (map vhostCfg cfg.vhosts);
shb.authelia.rules =
let
authConfig = c: map (r: r // { domain = fqdn c; }) c.autheliaRules;
in
lib.flatten (map authConfig cfg.autheliaProtect);
lib.flatten (map authConfig cfg.vhosts);
security.acme.defaults.reloadServices = [
"nginx.service"

View file

@ -257,7 +257,7 @@ let
};
};
autheliaProtect = { extraBypassResources ? [] }: c: {
vhosts = { extraBypassResources ? [] }: c: {
inherit (c) subdomain domain authEndpoint ssl;
upstream = "http://127.0.0.1:${toString c.settings.Port}";
@ -369,7 +369,7 @@ in
generator = shblib.replaceSecretsFormatAdapter apps.radarr.settingsFormat;
};
shb.nginx.autheliaProtect = [ (autheliaProtect {} cfg') ];
shb.nginx.vhosts = [ (vhosts {} cfg') ];
shb.backup.instances.radarr = cfg'.backupCfg // {
sourceDirectories = [
@ -406,7 +406,7 @@ in
generator = apps.sonarr.settingsFormat.generate;
};
shb.nginx.autheliaProtect = [ (autheliaProtect {} cfg') ];
shb.nginx.vhosts = [ (vhosts {} cfg') ];
shb.backup.instances.sonarr = cfg'.backupCfg // {
sourceDirectories = [
@ -440,7 +440,7 @@ in
generator = apps.bazarr.settingsFormat.generate;
};
shb.nginx.autheliaProtect = [ (autheliaProtect {} cfg') ];
shb.nginx.vhosts = [ (vhosts {} cfg') ];
shb.backup.instances.bazarr = cfg'.backupCfg // {
sourceDirectories = [
@ -469,7 +469,7 @@ in
generator = apps.readarr.settingsFormat.generate;
};
shb.nginx.autheliaProtect = [ (autheliaProtect {} cfg') ];
shb.nginx.vhosts = [ (vhosts {} cfg') ];
shb.backup.instances.readarr = cfg'.backupCfg // {
sourceDirectories = [
@ -503,7 +503,7 @@ in
generator = apps.lidarr.settingsFormat.generate;
};
shb.nginx.autheliaProtect = [ (autheliaProtect {} cfg') ];
shb.nginx.vhosts = [ (vhosts {} cfg') ];
shb.backup.instances.lidarr = cfg'.backupCfg // {
sourceDirectories = [
@ -532,7 +532,7 @@ in
generator = apps.jackett.settingsFormat.generate;
};
shb.nginx.autheliaProtect = [ (autheliaProtect {
shb.nginx.vhosts = [ (vhosts {
extraBypassResources = [ "^/dl.*" ];
} cfg') ];

View file

@ -149,7 +149,7 @@ in
};
authEndpoint = lib.mkOption {
type = lib.types.str;
type = lib.types.nullOr lib.types.str;
description = "OIDC endpoint for SSO";
example = "https://authelia.example.com";
};
@ -253,11 +253,11 @@ in
"L+ ${config.services.deluge.dataDir}/.config/deluge/plugins - - - - ${plugins}"
];
shb.nginx.autheliaProtect = lib.mkIf config.shb.authelia.enable [
shb.nginx.vhosts = [
{
inherit (cfg) subdomain domain authEndpoint ssl;
upstream = "http://127.0.0.1:${toString config.services.deluge.web.port}";
autheliaRules = [{
autheliaRules = lib.mkIf (cfg.authEndpoint != null) [{
domain = fqdn;
policy = "two_factor";
subject = ["group:deluge_user"];

View file

@ -78,7 +78,7 @@ in
serviceConfig.StateDirectory = "hledger";
};
shb.nginx.autheliaProtect = [
shb.nginx.vhosts = [
{
inherit (cfg) subdomain domain authEndpoint ssl;
upstream = "http://${toString config.services.hledger-web.host}:${toString config.services.hledger-web.port}";

View file

@ -158,11 +158,11 @@ in
generator = name: v: lib.generators.toINIWithGlobalSection {} { globalSection = v; };
};
shb.nginx.autheliaProtect = [
shb.nginx.vhosts = [
{
inherit (cfg) subdomain domain authEndpoint ssl;
upstream = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}";
autheliaRules = [
autheliaRules = lib.mkIf (cfg.authEndpoint != null) [
{
domain = "${fqdn}";
policy = "two_factor";

View file

@ -150,7 +150,7 @@ in
excludePatterns = [ ".db-shm" ".db-wal" ".mono" ];
};
};
shb.nginx.autheliaProtect = [
shb.nginx.vhosts = [
{
autheliaRules = [
{

View file

@ -38,7 +38,7 @@ in
shb.backup = {};
shb.nginx = {
accessLog = false;
autheliaProtect = [];
vhosts = [];
debugLog = false;
};
services.nginx.enable = true;
@ -66,7 +66,7 @@ in
domain = "example.com";
};
shb.nginx.autheliaProtect = [{
shb.nginx.vhosts = [{
subdomain = "my";
domain = "example.com";
ssl = config.shb.certs.certs.selfsigned."example.com";