feat(jellyfin): adding to tnet

2025-10-05 19:10:43 +02:00
parent 93f227ba7e
commit 3306598f8a
5 changed files with 14 additions and 7 deletions
--- a/modules/server/authentik/default.nix
+++ b/modules/server/authentik/default.nix
@@ -99,7 +99,7 @@ in {
            middlewares = {
              authentik = {
                forwardAuth = {
-                  tls.insecureSkipVerify = true;
+                  # tls.insecureSkipVerify = true;
                  address = "https://localhost:9443/outpost.goauthentik.io/auth/traefik";
                  trustForwardHeader = true;
                  authResponseHeaders = [
@@ -130,7 +130,7 @@ in {
            routers = {
              auth = {
                entryPoints = ["websecure"];
-                rule = "Host(`${cfg.url}`) || HostRegexp(`{subdomain:[a-z0-9]+}.${srv.www.url}`) && PathPrefix(`/outpost.goauthentik.io/`)";
+                rule = "Host(`${cfg.url}`) && PathPrefix(`/outpost.goauthentik.io/`)";
                service = "auth";
                tls.certResolver = "letsencrypt";
              };
--- a/modules/server/jellyfin/default.nix
+++ b/modules/server/jellyfin/default.nix
@@ -18,7 +18,7 @@ in {
    };
    url = lib.mkOption {
      type = lib.types.str;
-      default = "sobotka.taila7448a.ts.net";
+      default = "fin.${srv.tailscale.url}";
    };
    homepage.name = lib.mkOption {
      type = lib.types.str;
@@ -49,13 +49,13 @@ in {
    services.traefik = {
      dynamicConfigOptions = {
        http = {
-          services.${unit}.loadBalancer.servers = [{url = "http://127.0.0.1:8096";}];
+          services.${unit}.loadBalancer.servers = [{url = "http://localhost:8096";}];
          routers = {
            jellyfinRouter = {
              entryPoints = ["websecure"];
              rule = "Host(`${cfg.url}`)";
              service = "${unit}";
-              tls.certResolver = "vpn";
+              tls.certResolver = "letsencrypt";
            };
          };
        };
--- a/modules/server/tailscale/default.nix
+++ b/modules/server/tailscale/default.nix
@@ -9,6 +9,10 @@ with lib; let
 in {
  options.server.tailscale = {
    enable = mkEnableOption "Enable tailscale server configuration";
+    url = lib.mkOption {
+      type = lib.types.str;
+      default = "ts.cnst.dev";
+    };
  };

  config = mkIf cfg.enable {
@@ -21,7 +25,6 @@ in {
      authKeyFile = config.age.secrets.sobotkaTsAuth.path;
      extraSetFlags = [
        "--advertise-exit-node"
-        "--advertise-routes=192.168.88.0/24"
      ];
    };
  };
--- a/modules/server/traefik/default.nix
+++ b/modules/server/traefik/default.nix
@@ -23,7 +23,7 @@ in {
    age.secrets.traefikEnv = {
      file = "${self}/secrets/traefikEnv.age";
      mode = "640";
-      owner = "root";
+      owner = "traefik";
      group = "traefik";
    };

@@ -89,6 +89,10 @@ in {
                    main = "cnix.dev";
                    sans = ["*.cnix.dev"];
                  }
+                  {
+                    main = "ts.cnst.dev";
+                    sans = ["*ts.cnst.dev"];
+                  }
                ];
              };
            };
--- a/secrets/traefikEnv.age
+++ b/secrets/traefikEnv.age