Add Tailscale custom OIDC webfinger

See: https://tailscale.com/kb/1240/sso-custom-oidc/#webfinger-setup
2023-03-04 02:24:52 +01:00 · 2023-03-04 02:24:52 +01:00 · d1175e82b4
parent eaea884351
commit d1175e82b4
1 changed files with 37 additions and 22 deletions
--- a/hosts/flora-6/caddy.nix
+++ b/hosts/flora-6/caddy.nix
@ -21,30 +21,45 @@
          output discard
        '';
        extraConfig = ''
-          # PubSolarOS images
-          handle /os/download/* {
-            root * /srv/www
-            file_server /os/download/* browse
-          }
-          # serve base domain pub.solar for mastodon.pub.solar
-          # https://masto.host/mastodon-usernames-different-from-the-domain-used-for-installation/
-          handle /.well-known/host-meta {
-            redir https://mastodon.pub.solar{uri}
-          }
+                    # PubSolarOS images
+                    handle /os/download/* {
+                      root * /srv/www
+                      file_server /os/download/* browse
+                    }
+                    # serve base domain pub.solar for mastodon.pub.solar
+                    # https://masto.host/mastodon-usernames-different-from-the-domain-used-for-installation/
+                    handle /.well-known/host-meta {
+                      redir https://mastodon.pub.solar{uri}
+                    }

-          # redirect to statutes
-          redir /satzung https://cloud.pub.solar/s/2tRCP9aZFCiWxQy temporary
+                    # Tailscale OIDC requirement
+                    handle /.well-known/webfinger {
+                      respond 200 {
+                        body `{
+            "subject": "acct:admins@pub.solar",
+            "links": [
+              {
+                "rel": "http://openid.net/specs/connect/1.0/issuer",
+                "href": "https://auth.pub.solar/realms/pub.solar"
+              }
+            ]
+          }`
+                      }
+                    }

-          # pub.solar website
-          handle {
-            root * /srv/www/pub.solar
-            try_files {path}.html {path}
-            file_server
-          }
-          # minimal error handling, respond with status code and text
-          handle_errors {
-            respond "{http.error.status_code} {http.error.status_text}"
-          }
+                    # redirect to statutes
+                    redir /satzung https://cloud.pub.solar/s/2tRCP9aZFCiWxQy temporary
+
+                    # pub.solar website
+                    handle {
+                      root * /srv/www/pub.solar
+                      try_files {path}.html {path}
+                      file_server
+                    }
+                    # minimal error handling, respond with status code and text
+                    handle_errors {
+                      respond "{http.error.status_code} {http.error.status_text}"
+                    }
        '';
      };
      "www.pub.solar" = {