vinzenz/nixos-configuration
0
0
Fork 0
mirror of https://github.com/kaesaecracker/nixos-configuration.git synced 2025-01-18 18:40:14 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

wip pam auth

Browse source
This commit is contained in:
Vinzenz Schroeter 2024-03-02 13:18:05 +01:00
parent 2ff6ddc89f
commit 4439c7f9de
1 changed files with 11 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
hetzner-vpn1.nix
View file

@ -24,8 +24,15 @@
defaults.email = "acme@zerforschen.plus";
};
security.pam.services.nginx.setEnvironment = false;
systemd.services.nginx.serviceConfig = {
SupplementaryGroups = ["shadow"];
};
services.nginx = {
enable = true;
additionalModules = [pkgs.nginxModules.pam];
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedGzipSettings = true;
@ -37,9 +44,12 @@
enableACME = true;
locations."/" = {
extraConfig = ''
# bind to tailscale ip
proxy_bind 100.88.118.60;
auth_pam "Password Required";
auth_pam_service_name "nginx";
'';
proxyPass = "http://vinzenz-lpt2:8542/";
proxyPass = "http://vinzenz-lpt2:8542/"; #tailscale magic dns
proxyWebsockets = true;
};
};