fix(access): login.local

2026-02-09 12:29:19 -08:00 · 2024-05-17 19:43:32 -07:00 · 2024-05-17 19:43:32 -07:00 · 5a5844cc08
commit 5a5844cc08
parent 3099654a97
2 changed files with 34 additions and 16 deletions
--- a/nixos/access/vouch.nix
+++ b/nixos/access/vouch.nix
@ -41,26 +41,29 @@ in {
      name.shortServer = mkDefault "login";
    in {
      vouch = {xvars, ...}: {
+        enable = mkDefault false;
        inherit name locations;
-        serverAliases = [nginx.vouch.doubleProxy.serverName];
-        proxied.enable = true;
        proxy = {
          upstream = mkDefault "vouch'access";
+        };
+      };
+      vouch'access = {xvars, ...}: {
+        enable = mkDefault nginx.vouch.doubleProxy.enable;
+        serverName = nginx.vouch.doubleProxy.serverName;
+        proxied.enable = true;
+        #listen'.proxied.ssl = true;
+        proxy = {
+          copyFromVhost = "vouch";
          host = mkDefault xvars.get.host;
        };
-        local.denyGlobal = true;
+        ssl.cert.copyFromVhost = "vouch";
      };
      vouch'local = {xvars, ...}: {
        name = {
          inherit (name) shortServer;
          includeTailscale = mkDefault false;
        };
-        serverAliases = mkIf cfg.enable [nginx.vouch.doubleProxy.localServerName];
-        proxied.enable = true;
-        proxy = {
-          upstream = mkDefault "vouch'access'local";
-          host = mkDefault xvars.get.host;
-        };
+        proxy.upstream = mkDefault "vouch'access'local";
        local.enable = true;
        ssl = {
          force = true;
@ -68,6 +71,18 @@ in {
        };
        inherit locations;
      };
+      vouch'local'access = {xvars, ...}: {
+        enable = mkDefault nginx.vouch.doubleProxy.enable;
+        serverName = nginx.vouch.doubleProxy.localServerName;
+        proxied.enable = true;
+        #listen'.proxied.ssl = true;
+        proxy = {
+          copyFromVhost = "vouch'local";
+          host = mkDefault xvars.get.host;
+        };
+        ssl.cert.copyFromVhost = "vouch'local";
+        inherit locations;
+      };
      vouch'tail = {xvars, ...}: {
        enable = mkDefault (tailscale.enable && !nginx.virtualHosts.vouch'local.name.includeTailscale);
        ssl.cert.copyFromVhost = "vouch'local";
--- a/systems/hakurei/nixos.nix
+++ b/systems/hakurei/nixos.nix
@ -144,14 +144,17 @@ in {
        virtualHosts.barcodebuddy'local.allServerNames
      ];
    };
-    login = {
+    login = let
+      inherit (lib.lists) head tail optional optionals;
+      domains =
+        optional virtualHosts.vouch.enable virtualHosts.vouch.serverName
+        ++ virtualHosts.vouch'local.allServerNames
+        ++ optionals virtualHosts.vouch.enable virtualHosts.vouch.otherServerNames
+        ++ optionals virtualHosts.vouch'tail.enable virtualHosts.vouch'tail.allServerNames;
+    in {
      inherit (nginx) group;
-      domain = virtualHosts.vouch.serverName;
-      extraDomainNames = mkMerge [
-        virtualHosts.vouch.otherServerNames
-        virtualHosts.vouch'local.allServerNames
-        (mkIf virtualHosts.vouch'tail.enable virtualHosts.vouch'tail.allServerNames)
-      ];
+      domain = head domains;
+      extraDomainNames = tail domains;
    };
    unifi = {
      inherit (nginx) group;