will-holdsworth/dots
1
1
Fork 0
Code Issues 22 Pull requests Projects 1 Releases Packages Wiki Activity Actions 1

feat(tailscale-nginx-auth): protect reverse proxied services behind tailscale authentication

Browse source
This commit is contained in:
wi11-holdsworth 2026-01-17 16:59:26 +11:00
parent dcbee4635b
commit 63c2583d21
24 changed files with 311 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

13
modules/nixos/features/readarr.nix
View file

@ -21,6 +21,19 @@ in
];
caddy.virtualHosts."readarr.fi33.buzz".extraConfig = ''
forward_auth unix//run/tailscale-nginx-auth/tailscale-nginx-auth.sock {
uri /auth
header_up Remote-Addr {remote_host}
header_up Remote-Port {remote_port}
header_up Original-URI {uri}
copy_headers {
Tailscale-User>X-Webauth-User
Tailscale-Name>X-Webauth-Name
Tailscale-Login>X-Webauth-Login
Tailscale-Tailnet>X-Webauth-Tailnet
Tailscale-Profile-Picture>X-Webauth-Profile-Picture
}
}
reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3