diff --git a/hosts/flora-6/caddy.nix b/hosts/flora-6/caddy.nix
index d8662364..de7e4409 100644
--- a/hosts/flora-6/caddy.nix
+++ b/hosts/flora-6/caddy.nix
@@ -21,30 +21,45 @@
output discard
'';
extraConfig = ''
- # PubSolarOS images
- handle /os/download/* {
- root * /srv/www
- file_server /os/download/* browse
- }
- # serve base domain pub.solar for mastodon.pub.solar
- # https://masto.host/mastodon-usernames-different-from-the-domain-used-for-installation/
- handle /.well-known/host-meta {
- redir https://mastodon.pub.solar{uri}
- }
+ # PubSolarOS images
+ handle /os/download/* {
+ root * /srv/www
+ file_server /os/download/* browse
+ }
+ # serve base domain pub.solar for mastodon.pub.solar
+ # https://masto.host/mastodon-usernames-different-from-the-domain-used-for-installation/
+ handle /.well-known/host-meta {
+ redir https://mastodon.pub.solar{uri}
+ }
- # redirect to statutes
- redir /satzung https://cloud.pub.solar/s/2tRCP9aZFCiWxQy temporary
+ # Tailscale OIDC requirement
+ handle /.well-known/webfinger {
+ respond 200 {
+ body `{
+ "subject": "acct:admins@pub.solar",
+ "links": [
+ {
+ "rel": "http://openid.net/specs/connect/1.0/issuer",
+ "href": "https://auth.pub.solar/realms/pub.solar"
+ }
+ ]
+ }`
+ }
+ }
- # pub.solar website
- handle {
- root * /srv/www/pub.solar
- try_files {path}.html {path}
- file_server
- }
- # minimal error handling, respond with status code and text
- handle_errors {
- respond "{http.error.status_code} {http.error.status_text}"
- }
+ # redirect to statutes
+ redir /satzung https://cloud.pub.solar/s/2tRCP9aZFCiWxQy temporary
+
+ # pub.solar website
+ handle {
+ root * /srv/www/pub.solar
+ try_files {path}.html {path}
+ file_server
+ }
+ # minimal error handling, respond with status code and text
+ handle_errors {
+ respond "{http.error.status_code} {http.error.status_text}"
+ }
'';
};
"www.pub.solar" = {