modules/cloudflared: enable TLS verify

author: seth <[email protected]> 2023-12-30 08:56:47 -0500
committer: seth <[email protected]> 2023-12-30 08:56:47 -0500
commit: 27f5f8da29e568a4aad520eb24b1224bb73f820d (patch)
tree: 44ea85c54e069d53516307482fa86f439ab36339 /modules/nixos
parent: 581eb6b448584e36c2717239036a650b1568ef8c (diff)
1 files changed, 4 insertions, 7 deletions
diff --git a/modules/nixos/services/cloudflared.nix b/modules/nixos/services/cloudflared.nix
index 39ecef7..42f5908 100644
--- a/modules/nixos/services/cloudflared.nix
+++ b/modules/nixos/services/cloudflared.nix
@@ -6,6 +6,7 @@
 }: let
   cfg = config.server.services.cloudflared;
   inherit (lib) mkEnableOption mkIf;
+  inherit (config.services) nginx;
 in {
   options.server.services.cloudflared = {
     enable = mkEnableOption "cloudflared";
@@ -25,14 +26,10 @@ in {
         "${config.networking.hostName}-nginx" = {
           default = "http_status:404";
 
-          ingress = let
-            inherit (config.services) nginx;
-          in
-            lib.genAttrs
-            (builtins.attrNames nginx.virtualHosts)
-            (_: {service = "http://localhost:${builtins.toString nginx.defaultHTTPListenPort}";});
+          ingress = lib.genAttrs (builtins.attrNames nginx.virtualHosts) (
+            _: {service = "http://localhost:${toString nginx.defaultHTTPListenPort}";}
+          );
 
-          originRequest.noTLSVerify = true;
           credentialsFile = config.age.secrets.cloudflaredCreds.path;
         };
       };
author	seth <[email protected]>	2023-12-30 08:56:47 -0500
committer	seth <[email protected]>	2023-12-30 08:56:47 -0500
commit	27f5f8da29e568a4aad520eb24b1224bb73f820d (patch)
tree	44ea85c54e069d53516307482fa86f439ab36339 /modules/nixos
parent	581eb6b448584e36c2717239036a650b1568ef8c (diff)