From 27f5f8da29e568a4aad520eb24b1224bb73f820d Mon Sep 17 00:00:00 2001
From: seth <getchoo@tuta.io>
Date: Sat, 30 Dec 2023 08:56:47 -0500
Subject: modules/cloudflared: enable TLS verify

---
 modules/nixos/services/cloudflared.nix | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

(limited to 'modules/nixos/services/cloudflared.nix')

diff --git a/modules/nixos/services/cloudflared.nix b/modules/nixos/services/cloudflared.nix
index 39ecef7..42f5908 100644
--- a/modules/nixos/services/cloudflared.nix
+++ b/modules/nixos/services/cloudflared.nix
@@ -6,6 +6,7 @@
 }: let
   cfg = config.server.services.cloudflared;
   inherit (lib) mkEnableOption mkIf;
+  inherit (config.services) nginx;
 in {
   options.server.services.cloudflared = {
     enable = mkEnableOption "cloudflared";
@@ -25,14 +26,10 @@ in {
         "${config.networking.hostName}-nginx" = {
           default = "http_status:404";
 
-          ingress = let
-            inherit (config.services) nginx;
-          in
-            lib.genAttrs
-            (builtins.attrNames nginx.virtualHosts)
-            (_: {service = "http://localhost:${builtins.toString nginx.defaultHTTPListenPort}";});
+          ingress = lib.genAttrs (builtins.attrNames nginx.virtualHosts) (
+            _: {service = "http://localhost:${toString nginx.defaultHTTPListenPort}";}
+          );
 
-          originRequest.noTLSVerify = true;
           credentialsFile = config.age.secrets.cloudflaredCreds.path;
         };
       };
-- 
cgit v1.2.3