feat: Add nginx module
Change-Id: I34fbb926c4b7eab344c1c14de4e4b5f82c6c30eb
Reviewed-on: https://git.clicks.codes/c/Infra/NixFiles/+/785
Reviewed-by: Samuel Shuert <coded@clicks.codes>
Tested-by: Skyler Grey <minion@clicks.codes>
diff --git a/overlays/tailscale-nginx-auth/default.nix b/overlays/tailscale-nginx-auth/default.nix
new file mode 100644
index 0000000..320c936
--- /dev/null
+++ b/overlays/tailscale-nginx-auth/default.nix
@@ -0,0 +1,11 @@
+# SPDX-FileCopyrightText: 2024 Clicks Codes
+#
+# SPDX-License-Identifier: GPL-3.0-only
+
+{...}: final: prev: {
+ tailscale-nginx-auth = prev.tailscale-nginx-auth.overrideAttrs (prevAttrs: {
+ patches = (prevAttrs.patches or []) ++ [
+ ./fix-headscale-computedname.patch
+ ];
+ });
+}
diff --git a/overlays/tailscale-nginx-auth/fix-headscale-computedname.patch b/overlays/tailscale-nginx-auth/fix-headscale-computedname.patch
new file mode 100644
index 0000000..5fa3c44
--- /dev/null
+++ b/overlays/tailscale-nginx-auth/fix-headscale-computedname.patch
@@ -0,0 +1,30 @@
+From 74a12f91542ee1323b69675b0480168a22ad5b17 Mon Sep 17 00:00:00 2001
+From: Skyler Grey <minion@clicks.codes>
+Date: Sat, 29 Jun 2024 14:16:46 +0000
+Subject: [PATCH] fix(nginx): Continue if node Name is ComputedName
+
+In the headscale case, the node Name ends up the same as the
+ComputedName. This causes tailscale-nginx-auth to fail extracting the
+tailnet name and 403 all devices.
+
+This patch skips tailnet extraction in this case.
+
+Signed-off-by: Skyler Grey <minion@clicks.codes>
+---
+ cmd/nginx-auth/nginx-auth.go | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/cmd/nginx-auth/nginx-auth.go b/cmd/nginx-auth/nginx-auth.go
+index d2e9468e558ea..c6a8ff30fbb8a 100644
+--- a/cmd/nginx-auth/nginx-auth.go
++++ b/cmd/nginx-auth/nginx-auth.go
+@@ -66,7 +66,7 @@ func main() {
+ // will be empty because the tailnet of the sharee is not exposed.
+ var tailnet string
+
+- if !info.Node.Hostinfo.ShareeNode() {
++ if !info.Node.Hostinfo.ShareeNode() && info.Node.Name != info.Node.ComputedName {
+ var ok bool
+ _, tailnet, ok = strings.Cut(info.Node.Name, info.Node.ComputedName+".")
+ if !ok {
+
diff --git a/overlays/tailscale-nginx-auth/fix-headscale-computedname.patch.license b/overlays/tailscale-nginx-auth/fix-headscale-computedname.patch.license
new file mode 100644
index 0000000..5ca0412
--- /dev/null
+++ b/overlays/tailscale-nginx-auth/fix-headscale-computedname.patch.license
@@ -0,0 +1,3 @@
+SPDX-FileCopyrightText: 2024 Clicks Codes
+
+SPDX-License-Identifier: BSD-3-Clause