Unverified Commit 7ba29b30 authored by oddlama's avatar oddlama
Browse files

nixos/mealie: add trustedProxies option to fix OIDC redirect uri

parent 55abd984

nixos/modules/services/web-apps/mealie.nix

+20 −1
Original line number Diff line number Diff line
@@ -39,6 +39,15 @@ in 
      };

    };



    extraOptions = lib.mkOption {

      type = lib.types.listOf lib.types.str;

      default = [ ];

      example = [ "--forwarded-allow-ips=10.44.0.11" ];

      description = ''

        Specifies extra command line arguments to pass to mealie (Gunicorn).

      '';

    };



    credentialsFile = lib.mkOption {

      type = with lib.types; nullOr path;

      default = null;
@@ -60,6 +69,12 @@ in 
        '';

      };

    };



    trustedProxies = lib.mkOption {

      type = lib.types.listOf lib.types.str;

      default = [ ];

      description = "A list of trusted proxies. You must set this when you are using OIDC behind https, otherwise the generated redirect url will have the wrong url scheme.";

    };

  };



  config = lib.mkIf cfg.enable {
@@ -84,7 +99,7 @@ in 
        DynamicUser = true;

        User = "mealie";

        ExecStartPre = "${pkg}/libexec/init_db";

        ExecStart = "${lib.getExe pkg} -b ${cfg.listenAddress}:${builtins.toString cfg.port}";

        ExecStart = "${lib.getExe pkg} -b ${cfg.listenAddress}:${builtins.toString cfg.port} ${lib.escapeShellArgs cfg.extraOptions}";

        EnvironmentFile = lib.mkIf (cfg.credentialsFile != null) cfg.credentialsFile;

        StateDirectory = "mealie";

        StandardOutput = "journal";
@@ -96,6 +111,10 @@ in 
      POSTGRES_URL_OVERRIDE = "postgresql://mealie:@/mealie?host=/run/postgresql";

    };



    services.mealie.extraOptions = lib.mkIf (cfg.trustedProxies != [ ]) [

      "--forwarded-allow-ips=${lib.concatStringsSep "," cfg.trustedProxies}"

    ];



    services.postgresql = lib.mkIf cfg.database.createLocally {

      enable = true;

      ensureDatabases = [ "mealie" ];