1
0
Fork 0

rename autheliaProtect to vhosts

This commit is contained in:
ibizaman 2024-05-24 15:01:45 -07:00 committed by Pierre Penninckx
parent 7020786c41
commit 8ebb3af1f0
7 changed files with 22 additions and 22 deletions

View file

@ -7,7 +7,7 @@ let
fqdn = c: "${c.subdomain}.${c.domain}"; fqdn = c: "${c.subdomain}.${c.domain}";
autheliaConfig = lib.types.submodule { vhostConfig = lib.types.submodule {
options = { options = {
subdomain = lib.mkOption { subdomain = lib.mkOption {
type = lib.types.str; type = lib.types.str;
@ -67,9 +67,9 @@ in
example = true; example = true;
}; };
autheliaProtect = lib.mkOption { vhosts = lib.mkOption {
description = "Endpoints to be protected by authelia."; description = "Endpoints to be protected by authelia.";
type = lib.types.listOf autheliaConfig; type = lib.types.listOf vhostConfig;
default = []; default = [];
}; };
}; };
@ -135,7 +135,7 @@ in
proxy_pass ${c.upstream}; proxy_pass ${c.upstream};
'' ''
+ lib.optionalString (!(isNull c.authEndpoint)) '' + lib.optionalString (c.authEndpoint != null) ''
auth_request /authelia; auth_request /authelia;
auth_request_set $user $upstream_http_remote_user; auth_request_set $user $upstream_http_remote_user;
auth_request_set $groups $upstream_http_remote_groups; auth_request_set $groups $upstream_http_remote_groups;
@ -181,13 +181,13 @@ in
}; };
}; };
in in
lib.mkMerge (map vhostCfg cfg.autheliaProtect); lib.mkMerge (map vhostCfg cfg.vhosts);
shb.authelia.rules = shb.authelia.rules =
let let
authConfig = c: map (r: r // { domain = fqdn c; }) c.autheliaRules; authConfig = c: map (r: r // { domain = fqdn c; }) c.autheliaRules;
in in
lib.flatten (map authConfig cfg.autheliaProtect); lib.flatten (map authConfig cfg.vhosts);
security.acme.defaults.reloadServices = [ security.acme.defaults.reloadServices = [
"nginx.service" "nginx.service"

View file

@ -257,7 +257,7 @@ let
}; };
}; };
autheliaProtect = { extraBypassResources ? [] }: c: { vhosts = { extraBypassResources ? [] }: c: {
inherit (c) subdomain domain authEndpoint ssl; inherit (c) subdomain domain authEndpoint ssl;
upstream = "http://127.0.0.1:${toString c.settings.Port}"; upstream = "http://127.0.0.1:${toString c.settings.Port}";
@ -369,7 +369,7 @@ in
generator = shblib.replaceSecretsFormatAdapter apps.radarr.settingsFormat; generator = shblib.replaceSecretsFormatAdapter apps.radarr.settingsFormat;
}; };
shb.nginx.autheliaProtect = [ (autheliaProtect {} cfg') ]; shb.nginx.vhosts = [ (vhosts {} cfg') ];
shb.backup.instances.radarr = cfg'.backupCfg // { shb.backup.instances.radarr = cfg'.backupCfg // {
sourceDirectories = [ sourceDirectories = [
@ -406,7 +406,7 @@ in
generator = apps.sonarr.settingsFormat.generate; generator = apps.sonarr.settingsFormat.generate;
}; };
shb.nginx.autheliaProtect = [ (autheliaProtect {} cfg') ]; shb.nginx.vhosts = [ (vhosts {} cfg') ];
shb.backup.instances.sonarr = cfg'.backupCfg // { shb.backup.instances.sonarr = cfg'.backupCfg // {
sourceDirectories = [ sourceDirectories = [
@ -440,7 +440,7 @@ in
generator = apps.bazarr.settingsFormat.generate; generator = apps.bazarr.settingsFormat.generate;
}; };
shb.nginx.autheliaProtect = [ (autheliaProtect {} cfg') ]; shb.nginx.vhosts = [ (vhosts {} cfg') ];
shb.backup.instances.bazarr = cfg'.backupCfg // { shb.backup.instances.bazarr = cfg'.backupCfg // {
sourceDirectories = [ sourceDirectories = [
@ -469,7 +469,7 @@ in
generator = apps.readarr.settingsFormat.generate; generator = apps.readarr.settingsFormat.generate;
}; };
shb.nginx.autheliaProtect = [ (autheliaProtect {} cfg') ]; shb.nginx.vhosts = [ (vhosts {} cfg') ];
shb.backup.instances.readarr = cfg'.backupCfg // { shb.backup.instances.readarr = cfg'.backupCfg // {
sourceDirectories = [ sourceDirectories = [
@ -503,7 +503,7 @@ in
generator = apps.lidarr.settingsFormat.generate; generator = apps.lidarr.settingsFormat.generate;
}; };
shb.nginx.autheliaProtect = [ (autheliaProtect {} cfg') ]; shb.nginx.vhosts = [ (vhosts {} cfg') ];
shb.backup.instances.lidarr = cfg'.backupCfg // { shb.backup.instances.lidarr = cfg'.backupCfg // {
sourceDirectories = [ sourceDirectories = [
@ -532,7 +532,7 @@ in
generator = apps.jackett.settingsFormat.generate; generator = apps.jackett.settingsFormat.generate;
}; };
shb.nginx.autheliaProtect = [ (autheliaProtect { shb.nginx.vhosts = [ (vhosts {
extraBypassResources = [ "^/dl.*" ]; extraBypassResources = [ "^/dl.*" ];
} cfg') ]; } cfg') ];

View file

@ -149,7 +149,7 @@ in
}; };
authEndpoint = lib.mkOption { authEndpoint = lib.mkOption {
type = lib.types.str; type = lib.types.nullOr lib.types.str;
description = "OIDC endpoint for SSO"; description = "OIDC endpoint for SSO";
example = "https://authelia.example.com"; example = "https://authelia.example.com";
}; };
@ -253,11 +253,11 @@ in
"L+ ${config.services.deluge.dataDir}/.config/deluge/plugins - - - - ${plugins}" "L+ ${config.services.deluge.dataDir}/.config/deluge/plugins - - - - ${plugins}"
]; ];
shb.nginx.autheliaProtect = lib.mkIf config.shb.authelia.enable [ shb.nginx.vhosts = [
{ {
inherit (cfg) subdomain domain authEndpoint ssl; inherit (cfg) subdomain domain authEndpoint ssl;
upstream = "http://127.0.0.1:${toString config.services.deluge.web.port}"; upstream = "http://127.0.0.1:${toString config.services.deluge.web.port}";
autheliaRules = [{ autheliaRules = lib.mkIf (cfg.authEndpoint != null) [{
domain = fqdn; domain = fqdn;
policy = "two_factor"; policy = "two_factor";
subject = ["group:deluge_user"]; subject = ["group:deluge_user"];

View file

@ -78,7 +78,7 @@ in
serviceConfig.StateDirectory = "hledger"; serviceConfig.StateDirectory = "hledger";
}; };
shb.nginx.autheliaProtect = [ shb.nginx.vhosts = [
{ {
inherit (cfg) subdomain domain authEndpoint ssl; inherit (cfg) subdomain domain authEndpoint ssl;
upstream = "http://${toString config.services.hledger-web.host}:${toString config.services.hledger-web.port}"; upstream = "http://${toString config.services.hledger-web.host}:${toString config.services.hledger-web.port}";

View file

@ -158,11 +158,11 @@ in
generator = name: v: lib.generators.toINIWithGlobalSection {} { globalSection = v; }; generator = name: v: lib.generators.toINIWithGlobalSection {} { globalSection = v; };
}; };
shb.nginx.autheliaProtect = [ shb.nginx.vhosts = [
{ {
inherit (cfg) subdomain domain authEndpoint ssl; inherit (cfg) subdomain domain authEndpoint ssl;
upstream = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}"; upstream = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}";
autheliaRules = [ autheliaRules = lib.mkIf (cfg.authEndpoint != null) [
{ {
domain = "${fqdn}"; domain = "${fqdn}";
policy = "two_factor"; policy = "two_factor";

View file

@ -150,7 +150,7 @@ in
excludePatterns = [ ".db-shm" ".db-wal" ".mono" ]; excludePatterns = [ ".db-shm" ".db-wal" ".mono" ];
}; };
}; };
shb.nginx.autheliaProtect = [ shb.nginx.vhosts = [
{ {
autheliaRules = [ autheliaRules = [
{ {

View file

@ -38,7 +38,7 @@ in
shb.backup = {}; shb.backup = {};
shb.nginx = { shb.nginx = {
accessLog = false; accessLog = false;
autheliaProtect = []; vhosts = [];
debugLog = false; debugLog = false;
}; };
services.nginx.enable = true; services.nginx.enable = true;
@ -66,7 +66,7 @@ in
domain = "example.com"; domain = "example.com";
}; };
shb.nginx.autheliaProtect = [{ shb.nginx.vhosts = [{
subdomain = "my"; subdomain = "my";
domain = "example.com"; domain = "example.com";
ssl = config.shb.certs.certs.selfsigned."example.com"; ssl = config.shb.certs.certs.selfsigned."example.com";