infra/nixos
2
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
nixos/listmonk.nix

76 lines
2.7 KiB
Nix
Raw Permalink Blame History

{ pkgs, config, ... }:
let
public = {
proxyPass = "http://localhost:9003";
};
admin = public // {
# ref: https://docs.goauthentik.io/docs/add-secure-apps/providers/proxy/server_nginx
extraConfig = ''
auth_request /outpost.goauthentik.io/auth/nginx;
error_page 401 = @goauthentik_proxy_signin;
auth_request_set $auth_cookie $upstream_http_set_cookie;
add_header Set-Cookie $auth_cookie;
# translate headers from the outposts back to the actual upstream
auth_request_set $authentik_username $upstream_http_x_authentik_username;
auth_request_set $authentik_groups $upstream_http_x_authentik_groups;
auth_request_set $authentik_entitlements $upstream_http_x_authentik_entitlements;
auth_request_set $authentik_email $upstream_http_x_authentik_email;
auth_request_set $authentik_name $upstream_http_x_authentik_name;
auth_request_set $authentik_uid $upstream_http_x_authentik_uid;
proxy_set_header X-authentik-username $authentik_username;
proxy_set_header X-authentik-groups $authentik_groups;
proxy_set_header X-authentik-entitlements $authentik_entitlements;
proxy_set_header X-authentik-email $authentik_email;
proxy_set_header X-authentik-name $authentik_name;
proxy_set_header X-authentik-uid $authentik_uid;
'';
};
in {
services.listmonk = {
enable = true;
database.createLocally = true;
settings.app.address = "127.0.0.1:9003";
};
services.nginx.virtualHosts."news.cebula.camp" = {
forceSSL = true;
enableACME = true;
# ref: https://listmonk.app/docs/configuration/#http-routes
locations."/subscription/" = public;
locations."/link/" = public;
locations."/campaign/" = public;
locations."/public/" = public;
locations."/webhooks/service/" = public;
locations."/uploads/" = public;
locations."/api/" = admin;
locations."/admin/" = admin;
locations."/webhooks/bounce" = admin;
# ref: https://docs.goauthentik.io/docs/add-secure-apps/providers/proxy/server_nginx
locations."/outpost.goauthentik.io" = {
extraConfig = ''
proxy_pass http://10.88.0.1:9002;
proxy_set_header Host $host;
proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
add_header Set-Cookie $auth_cookie;
auth_request_set $auth_cookie $upstream_http_set_cookie;
proxy_pass_request_body off;
proxy_set_header Content-Length "";
'';
};
locations."@goauthentik_proxy_signin" = {
extraConfig = ''
internal;
add_header Set-Cookie $auth_cookie;
return 302 /outpost.goauthentik.io/start?rd=$request_uri;
'';
};
};
}
Reference in a new issue View git blame Copy permalink