fix: allow incoming traffic to web server to bypass tailscale

This commit is contained in:
Felix Schröter 2024-01-25 02:15:35 +01:00
parent 41a222bc8f
commit 7bb4b02d52
Signed by: felschr
GPG key ID: 671E39E6744C807D
2 changed files with 21 additions and 2 deletions
system

View file

@ -36,10 +36,11 @@ in {
${cfg.package}/bin/tailscale up ${lib.escapeShellArgs cfg.extraUpFlags}
${cfg.package}/bin/tailscale cert ${tailnetHost}
chown nginx:nginx /var/lib/tailscale/certs/${tailnetHost}.{key,crt}
'';
services.nginx.virtualHosts.${tailnetHost} = {
sslCertificate = "/var/lib/tailscale/certs/${tailnetHost}.key";
sslCertificateKey = "/var/lib/tailscale/certs/${tailnetHost}.crt";
sslCertificate = "/var/lib/tailscale/certs/${tailnetHost}.crt";
sslCertificateKey = "/var/lib/tailscale/certs/${tailnetHost}.key";
};
}