summary refs log tree commit diff
path: root/modules
diff options
context:
space:
mode:
Diffstat (limited to 'modules')
-rw-r--r--modules/www/tailnet.nix44
1 files changed, 33 insertions, 11 deletions
diff --git a/modules/www/tailnet.nix b/modules/www/tailnet.nix
index 8ef50cc..56cfbf4 100644
--- a/modules/www/tailnet.nix
+++ b/modules/www/tailnet.nix
@@ -1,3 +1,7 @@
+# NOTE: the tailnet virtual host and it's certificate management
+# has been mostly superseded by the `rnrd.fyi` domain, allowing
+# for both vastly simpler certificate requesting and subdomains,
+# which tailscale does not support for their magicdns product.
 {
   me,
   config,
@@ -7,6 +11,8 @@
 }:
 
 let
+  rnrdInternalUrl = if me.is.renard then "rnrd.fyi" else "${me.name}.rnrd.fyi";
+
   oneWeekInSeconds = 7 * 24 * 60 * 60;
 
   tailscaleRenewScript = pkgs.writeShellScript "tailscale-cert-renew" ''
@@ -74,17 +80,33 @@ in
   };
 
   # tailnet internal vhost
-  services.nginx.virtualHosts.tailnet = {
-    forceSSL = true;
-    enableACME = true;
-    serverName = me.tailscale.domain;
-    listenAddresses = [ me.tailscale.ip ];
-    # point to the default page, for now!
-    locations."/" = {
-      alias = "${config.services.nginx.virtualHosts.base.root}/";
+  services.nginx.virtualHosts = {
+    # mostly superceded
+    tailnet = {
+      forceSSL = true;
+      enableACME = true;
+      serverName = me.tailscale.domain;
+      listenAddresses = [ me.tailscale.ip ];
+      # point to the default page, for now!
+      locations."/" = {
+        alias = "${config.services.nginx.virtualHosts.base.root}/";
+      };
+      extraConfig = ''
+        access_log /var/log/nginx/tailnet.access.log json_combined;
+      '';
+    };
+
+    # default page for the `rnrd.fyi` internal domain
+    ${rnrdInternalUrl} = {
+      useACMEHost = "rnrd.fyi";
+      forceSSL = true;
+      listenAddresses = [ me.tailscale.ip ];
+      locations."/" = {
+        alias = "${config.services.nginx.virtualHosts.base.root}/";
+      };
+      extraConfig = ''
+        access_log /var/log/nginx/tailnet.access.log json_combined;
+      '';
     };
-    extraConfig = ''
-      access_log /var/log/nginx/tailnet.access.log json_combined;
-    '';
   };
 }
generated by cgit-pink 1.4.1 (git 2.36.1) at 2026-04-25 16:33:39 +0000