fix(calibre-web): secure /opds

2022-09-04 11:23:15 +02:00 · 2022-09-04 11:23:15 +02:00 · 44d15185db
parent c74cdcb569
commit 44d15185db
3 changed files with 17 additions and 5 deletions
--- a/secrets/calibre-web/htpasswd.age
+++ b/secrets/calibre-web/htpasswd.age
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -25,6 +25,7 @@ in {
  "owntracks/recorder.env.age".publicKeys = [ felschr home-pc home-server ];
  "owntracks/htpasswd.age".publicKeys = [ felschr home-pc home-server ];
  "etebase-server.age".publicKeys = [ felschr home-pc home-server ];
+  "calibre-web/htpasswd.age".publicKeys = [ felschr home-pc home-server ];
  "miniflux.age".publicKeys = [ felschr home-pc home-server ];
  "paperless.age".publicKeys = [ felschr home-pc home-server ];
  "nextcloud/admin.age".publicKeys = [ felschr home-pc home-server ];
--- a/services/calibre-web.nix
+++ b/services/calibre-web.nix
@ -2,6 +2,11 @@

 let port = 8088;
 in {
+  age.secrets.calibre-web-htpasswd = {
+    file = ../secrets/calibre-web/htpasswd.age;
+    owner = config.services.nginx.user;
+  };
+
  services.calibre-web = {
    enable = true;
    group = "media";
@ -16,12 +21,18 @@ in {
    virtualHosts."books.felschr.com" = {
      enableACME = true;
      forceSSL = true;
-      locations."/" = {
+      locations = {
+        "/" = {
          proxyPass = "http://[::1]:${toString port}";
          extraConfig = ''
            client_max_body_size 500M;
          '';
        };
+        "/opds" = {
+          proxyPass = "http://[::1]:${toString port}";
+          basicAuthFile = config.age.secrets.calibre-web-htpasswd.path;
+        };
+      };
    };
  };
 }