From 9c2bb082279a9b68d2df4bd8a5805c27c34a5c5a Mon Sep 17 00:00:00 2001
From: Mel <mel@rnrd.eu>
Date: Wed, 12 Feb 2025 22:48:08 +0100
Subject: Add default page for internal rnrd.fyi domains

Signed-off-by: Mel <mel@rnrd.eu>
---
 modules/www/tailnet.nix | 44 +++++++++++++++++++++++++++++++++-----------
 1 file changed, 33 insertions(+), 11 deletions(-)

diff --git a/modules/www/tailnet.nix b/modules/www/tailnet.nix
index 8ef50cc..56cfbf4 100644
--- a/modules/www/tailnet.nix
+++ b/modules/www/tailnet.nix
@@ -1,3 +1,7 @@
+# NOTE: the tailnet virtual host and it's certificate management
+# has been mostly superseded by the `rnrd.fyi` domain, allowing
+# for both vastly simpler certificate requesting and subdomains,
+# which tailscale does not support for their magicdns product.
 {
   me,
   config,
@@ -7,6 +11,8 @@
 }:
 
 let
+  rnrdInternalUrl = if me.is.renard then "rnrd.fyi" else "${me.name}.rnrd.fyi";
+
   oneWeekInSeconds = 7 * 24 * 60 * 60;
 
   tailscaleRenewScript = pkgs.writeShellScript "tailscale-cert-renew" ''
@@ -74,17 +80,33 @@ in
   };
 
   # tailnet internal vhost
-  services.nginx.virtualHosts.tailnet = {
-    forceSSL = true;
-    enableACME = true;
-    serverName = me.tailscale.domain;
-    listenAddresses = [ me.tailscale.ip ];
-    # point to the default page, for now!
-    locations."/" = {
-      alias = "${config.services.nginx.virtualHosts.base.root}/";
+  services.nginx.virtualHosts = {
+    # mostly superceded
+    tailnet = {
+      forceSSL = true;
+      enableACME = true;
+      serverName = me.tailscale.domain;
+      listenAddresses = [ me.tailscale.ip ];
+      # point to the default page, for now!
+      locations."/" = {
+        alias = "${config.services.nginx.virtualHosts.base.root}/";
+      };
+      extraConfig = ''
+        access_log /var/log/nginx/tailnet.access.log json_combined;
+      '';
+    };
+
+    # default page for the `rnrd.fyi` internal domain
+    ${rnrdInternalUrl} = {
+      useACMEHost = "rnrd.fyi";
+      forceSSL = true;
+      listenAddresses = [ me.tailscale.ip ];
+      locations."/" = {
+        alias = "${config.services.nginx.virtualHosts.base.root}/";
+      };
+      extraConfig = ''
+        access_log /var/log/nginx/tailnet.access.log json_combined;
+      '';
     };
-    extraConfig = ''
-      access_log /var/log/nginx/tailnet.access.log json_combined;
-    '';
   };
 }
-- 
cgit 1.4.1