diff options
| author | Mel <mel@rnrd.eu> | 2025-02-12 22:48:08 +0100 |
|---|---|---|
| committer | Mel <mel@rnrd.eu> | 2025-02-12 22:48:08 +0100 |
| commit | 9c2bb082279a9b68d2df4bd8a5805c27c34a5c5a (patch) | |
| tree | 2337c69553277e65f82173af537599a56df54a3f | |
| parent | e87b976dfb2667a8f4bc55a596a35eda65979014 (diff) | |
| download | network-9c2bb082279a9b68d2df4bd8a5805c27c34a5c5a.tar.zst network-9c2bb082279a9b68d2df4bd8a5805c27c34a5c5a.zip | |
Add default page for internal rnrd.fyi domains
Signed-off-by: Mel <mel@rnrd.eu>
| -rw-r--r-- | modules/www/tailnet.nix | 44 |
1 files changed, 33 insertions, 11 deletions
diff --git a/modules/www/tailnet.nix b/modules/www/tailnet.nix index 8ef50cc..56cfbf4 100644 --- a/modules/www/tailnet.nix +++ b/modules/www/tailnet.nix @@ -1,3 +1,7 @@ +# NOTE: the tailnet virtual host and it's certificate management +# has been mostly superseded by the `rnrd.fyi` domain, allowing +# for both vastly simpler certificate requesting and subdomains, +# which tailscale does not support for their magicdns product. { me, config, @@ -7,6 +11,8 @@ }: let + rnrdInternalUrl = if me.is.renard then "rnrd.fyi" else "${me.name}.rnrd.fyi"; + oneWeekInSeconds = 7 * 24 * 60 * 60; tailscaleRenewScript = pkgs.writeShellScript "tailscale-cert-renew" '' @@ -74,17 +80,33 @@ in }; # tailnet internal vhost - services.nginx.virtualHosts.tailnet = { - forceSSL = true; - enableACME = true; - serverName = me.tailscale.domain; - listenAddresses = [ me.tailscale.ip ]; - # point to the default page, for now! - locations."/" = { - alias = "${config.services.nginx.virtualHosts.base.root}/"; + services.nginx.virtualHosts = { + # mostly superceded + tailnet = { + forceSSL = true; + enableACME = true; + serverName = me.tailscale.domain; + listenAddresses = [ me.tailscale.ip ]; + # point to the default page, for now! + locations."/" = { + alias = "${config.services.nginx.virtualHosts.base.root}/"; + }; + extraConfig = '' + access_log /var/log/nginx/tailnet.access.log json_combined; + ''; + }; + + # default page for the `rnrd.fyi` internal domain + ${rnrdInternalUrl} = { + useACMEHost = "rnrd.fyi"; + forceSSL = true; + listenAddresses = [ me.tailscale.ip ]; + locations."/" = { + alias = "${config.services.nginx.virtualHosts.base.root}/"; + }; + extraConfig = '' + access_log /var/log/nginx/tailnet.access.log json_combined; + ''; }; - extraConfig = '' - access_log /var/log/nginx/tailnet.access.log json_combined; - ''; }; } |