Unverified Commit a7f40a26 authored by oddlama's avatar oddlama
Browse files

nixos/mealie: add extraOptions to allow setting trusted proxies for OIDC redirect uri

parent 7ba29b30

nixos/modules/services/web-apps/mealie.nix

+4 −11
Original line number Diff line number Diff line
@@ -42,7 +42,10 @@ in 
    extraOptions = lib.mkOption {

      type = lib.types.listOf lib.types.str;

      default = [ ];

      example = [ "--forwarded-allow-ips=10.44.0.11" ];

      example = [

        "--log-level"

        "debug"

      ];

      description = ''

        Specifies extra command line arguments to pass to mealie (Gunicorn).

      '';
@@ -69,12 +72,6 @@ in 
        '';

      };

    };



    trustedProxies = lib.mkOption {

      type = lib.types.listOf lib.types.str;

      default = [ ];

      description = "A list of trusted proxies. You must set this when you are using OIDC behind https, otherwise the generated redirect url will have the wrong url scheme.";

    };

  };



  config = lib.mkIf cfg.enable {
@@ -111,10 +108,6 @@ in 
      POSTGRES_URL_OVERRIDE = "postgresql://mealie:@/mealie?host=/run/postgresql";

    };



    services.mealie.extraOptions = lib.mkIf (cfg.trustedProxies != [ ]) [

      "--forwarded-allow-ips=${lib.concatStringsSep "," cfg.trustedProxies}"

    ];



    services.postgresql = lib.mkIf cfg.database.createLocally {

      enable = true;

      ensureDatabases = [ "mealie" ];