rename autheliaProtect to vhosts
This commit is contained in:
parent
7020786c41
commit
8ebb3af1f0
7 changed files with 22 additions and 22 deletions
|
@ -7,7 +7,7 @@ let
|
|||
|
||||
fqdn = c: "${c.subdomain}.${c.domain}";
|
||||
|
||||
autheliaConfig = lib.types.submodule {
|
||||
vhostConfig = lib.types.submodule {
|
||||
options = {
|
||||
subdomain = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
|
@ -67,9 +67,9 @@ in
|
|||
example = true;
|
||||
};
|
||||
|
||||
autheliaProtect = lib.mkOption {
|
||||
vhosts = lib.mkOption {
|
||||
description = "Endpoints to be protected by authelia.";
|
||||
type = lib.types.listOf autheliaConfig;
|
||||
type = lib.types.listOf vhostConfig;
|
||||
default = [];
|
||||
};
|
||||
};
|
||||
|
@ -135,7 +135,7 @@ in
|
|||
|
||||
proxy_pass ${c.upstream};
|
||||
''
|
||||
+ lib.optionalString (!(isNull c.authEndpoint)) ''
|
||||
+ lib.optionalString (c.authEndpoint != null) ''
|
||||
auth_request /authelia;
|
||||
auth_request_set $user $upstream_http_remote_user;
|
||||
auth_request_set $groups $upstream_http_remote_groups;
|
||||
|
@ -181,13 +181,13 @@ in
|
|||
};
|
||||
};
|
||||
in
|
||||
lib.mkMerge (map vhostCfg cfg.autheliaProtect);
|
||||
lib.mkMerge (map vhostCfg cfg.vhosts);
|
||||
|
||||
shb.authelia.rules =
|
||||
let
|
||||
authConfig = c: map (r: r // { domain = fqdn c; }) c.autheliaRules;
|
||||
in
|
||||
lib.flatten (map authConfig cfg.autheliaProtect);
|
||||
lib.flatten (map authConfig cfg.vhosts);
|
||||
|
||||
security.acme.defaults.reloadServices = [
|
||||
"nginx.service"
|
||||
|
|
|
@ -257,7 +257,7 @@ let
|
|||
};
|
||||
};
|
||||
|
||||
autheliaProtect = { extraBypassResources ? [] }: c: {
|
||||
vhosts = { extraBypassResources ? [] }: c: {
|
||||
inherit (c) subdomain domain authEndpoint ssl;
|
||||
|
||||
upstream = "http://127.0.0.1:${toString c.settings.Port}";
|
||||
|
@ -369,7 +369,7 @@ in
|
|||
generator = shblib.replaceSecretsFormatAdapter apps.radarr.settingsFormat;
|
||||
};
|
||||
|
||||
shb.nginx.autheliaProtect = [ (autheliaProtect {} cfg') ];
|
||||
shb.nginx.vhosts = [ (vhosts {} cfg') ];
|
||||
|
||||
shb.backup.instances.radarr = cfg'.backupCfg // {
|
||||
sourceDirectories = [
|
||||
|
@ -406,7 +406,7 @@ in
|
|||
generator = apps.sonarr.settingsFormat.generate;
|
||||
};
|
||||
|
||||
shb.nginx.autheliaProtect = [ (autheliaProtect {} cfg') ];
|
||||
shb.nginx.vhosts = [ (vhosts {} cfg') ];
|
||||
|
||||
shb.backup.instances.sonarr = cfg'.backupCfg // {
|
||||
sourceDirectories = [
|
||||
|
@ -440,7 +440,7 @@ in
|
|||
generator = apps.bazarr.settingsFormat.generate;
|
||||
};
|
||||
|
||||
shb.nginx.autheliaProtect = [ (autheliaProtect {} cfg') ];
|
||||
shb.nginx.vhosts = [ (vhosts {} cfg') ];
|
||||
|
||||
shb.backup.instances.bazarr = cfg'.backupCfg // {
|
||||
sourceDirectories = [
|
||||
|
@ -469,7 +469,7 @@ in
|
|||
generator = apps.readarr.settingsFormat.generate;
|
||||
};
|
||||
|
||||
shb.nginx.autheliaProtect = [ (autheliaProtect {} cfg') ];
|
||||
shb.nginx.vhosts = [ (vhosts {} cfg') ];
|
||||
|
||||
shb.backup.instances.readarr = cfg'.backupCfg // {
|
||||
sourceDirectories = [
|
||||
|
@ -503,7 +503,7 @@ in
|
|||
generator = apps.lidarr.settingsFormat.generate;
|
||||
};
|
||||
|
||||
shb.nginx.autheliaProtect = [ (autheliaProtect {} cfg') ];
|
||||
shb.nginx.vhosts = [ (vhosts {} cfg') ];
|
||||
|
||||
shb.backup.instances.lidarr = cfg'.backupCfg // {
|
||||
sourceDirectories = [
|
||||
|
@ -532,7 +532,7 @@ in
|
|||
generator = apps.jackett.settingsFormat.generate;
|
||||
};
|
||||
|
||||
shb.nginx.autheliaProtect = [ (autheliaProtect {
|
||||
shb.nginx.vhosts = [ (vhosts {
|
||||
extraBypassResources = [ "^/dl.*" ];
|
||||
} cfg') ];
|
||||
|
||||
|
|
|
@ -149,7 +149,7 @@ in
|
|||
};
|
||||
|
||||
authEndpoint = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
type = lib.types.nullOr lib.types.str;
|
||||
description = "OIDC endpoint for SSO";
|
||||
example = "https://authelia.example.com";
|
||||
};
|
||||
|
@ -253,11 +253,11 @@ in
|
|||
"L+ ${config.services.deluge.dataDir}/.config/deluge/plugins - - - - ${plugins}"
|
||||
];
|
||||
|
||||
shb.nginx.autheliaProtect = lib.mkIf config.shb.authelia.enable [
|
||||
shb.nginx.vhosts = [
|
||||
{
|
||||
inherit (cfg) subdomain domain authEndpoint ssl;
|
||||
upstream = "http://127.0.0.1:${toString config.services.deluge.web.port}";
|
||||
autheliaRules = [{
|
||||
autheliaRules = lib.mkIf (cfg.authEndpoint != null) [{
|
||||
domain = fqdn;
|
||||
policy = "two_factor";
|
||||
subject = ["group:deluge_user"];
|
||||
|
|
|
@ -78,7 +78,7 @@ in
|
|||
serviceConfig.StateDirectory = "hledger";
|
||||
};
|
||||
|
||||
shb.nginx.autheliaProtect = [
|
||||
shb.nginx.vhosts = [
|
||||
{
|
||||
inherit (cfg) subdomain domain authEndpoint ssl;
|
||||
upstream = "http://${toString config.services.hledger-web.host}:${toString config.services.hledger-web.port}";
|
||||
|
|
|
@ -158,11 +158,11 @@ in
|
|||
generator = name: v: lib.generators.toINIWithGlobalSection {} { globalSection = v; };
|
||||
};
|
||||
|
||||
shb.nginx.autheliaProtect = [
|
||||
shb.nginx.vhosts = [
|
||||
{
|
||||
inherit (cfg) subdomain domain authEndpoint ssl;
|
||||
upstream = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}";
|
||||
autheliaRules = [
|
||||
autheliaRules = lib.mkIf (cfg.authEndpoint != null) [
|
||||
{
|
||||
domain = "${fqdn}";
|
||||
policy = "two_factor";
|
||||
|
|
|
@ -150,7 +150,7 @@ in
|
|||
excludePatterns = [ ".db-shm" ".db-wal" ".mono" ];
|
||||
};
|
||||
};
|
||||
shb.nginx.autheliaProtect = [
|
||||
shb.nginx.vhosts = [
|
||||
{
|
||||
autheliaRules = [
|
||||
{
|
||||
|
|
|
@ -38,7 +38,7 @@ in
|
|||
shb.backup = {};
|
||||
shb.nginx = {
|
||||
accessLog = false;
|
||||
autheliaProtect = [];
|
||||
vhosts = [];
|
||||
debugLog = false;
|
||||
};
|
||||
services.nginx.enable = true;
|
||||
|
@ -66,7 +66,7 @@ in
|
|||
domain = "example.com";
|
||||
};
|
||||
|
||||
shb.nginx.autheliaProtect = [{
|
||||
shb.nginx.vhosts = [{
|
||||
subdomain = "my";
|
||||
domain = "example.com";
|
||||
ssl = config.shb.certs.certs.selfsigned."example.com";
|
||||
|
|
Loading…
Reference in a new issue