gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(hass): vouch auth

Browse source 
disabled for now, nginx config needs more tweaking
This commit is contained in:
arcnmx 2024-05-23 13:37:19 -07:00
parent da991ef980
commit fab441b438
9 changed files with 185 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

10
modules/nixos/nginx/vouch.nix
View file

@ -18,7 +18,9 @@
virtualHost,
xvars,
...
}: {
}: let
cfg = config.vouch;
in {
options.vouch = with lib.types; {
requireAuth = mkEnableOption "require auth to access this location";
setProxyHeader = mkOption {
@ -32,7 +34,7 @@
enableVouchTail = enableVouchLocal && tailscale.enable && false;
allowOrigin = url: "add_header Access-Control-Allow-Origin ${url};";
in
mkIf config.vouch.requireAuth {
mkIf cfg.requireAuth {
lua = mkIf virtualHost.vouch.auth.lua.enable {
access.block = mkMerge [
(mkBefore virtualHost.vouch.auth.lua.accessRequest)
@ -41,7 +43,9 @@
];
};
xvars.enable = mkIf (enableVouchTail || virtualHost.vouch.auth.lua.enable) true;
proxy.headers.set.X-Vouch-User = mkOptionDefault "$auth_resp_x_vouch_user";
proxy.headers.set = mkIf cfg.setProxyHeader {
X-Vouch-User = mkOptionDefault "$auth_resp_x_vouch_user";
};
extraConfig = assert virtualHost.vouch.enable;
mkMerge [
(mkIf (!virtualHost.vouch.requireAuth) virtualHost.vouch.auth.requestDirective)