| Skyler Grey | d7e1acd | 2024-06-22 14:42:11 +0000 | [diff] [blame] | 1 | # SPDX-FileCopyrightText: 2024 Clicks Codes |
| 2 | # |
| 3 | # SPDX-License-Identifier: GPL-3.0-only |
| 4 | |
| 5 | { lib, config, ... }: |
| 6 | let |
| 7 | cfg = config.clicks.services.tailscaleAuth; |
| 8 | in |
| 9 | { |
| 10 | options.clicks.services.tailscaleAuth = { |
| 11 | enable = lib.mkEnableOption "Enable tailscaleAuth for Nginx"; |
| 12 | expectedTailnet = lib.mkOption { |
| 13 | type = lib.types.nullOr lib.types.str; |
| 14 | description = "The tailnet to expect when authenticating"; |
| 15 | default = null; |
| 16 | }; |
| 17 | hosts = lib.mkOption { |
| 18 | type = lib.types.listOf lib.types.str; |
| 19 | description = "A list of hosts to put behind tailscale auth"; |
| 20 | default = []; |
| 21 | }; |
| 22 | }; |
| 23 | config = lib.mkIf cfg.enable { |
| 24 | assertions = [ |
| 25 | { |
| 26 | assertion = cfg.expectedTailnet == null || lib.clicks.strings.endsWith ".ts.net" cfg.expectedTailnet; |
| 27 | message = "Your expected tailnet must be an official *.ts.net tailnet, headscale is not supported"; |
| 28 | } |
| 29 | ]; |
| 30 | |
| 31 | services.nginx.tailscaleAuth = { |
| 32 | enable = true; |
| 33 | expectedTailnet = lib.modules.mkIf (cfg.expectedTailnet != null) cfg.expectedTailnet; |
| 34 | |
| 35 | virtualHosts = cfg.hosts; |
| 36 | }; |
| 37 | }; |
| 38 | } |