From 8940ca006ef2ab98862060a9b0c71f8a0d6d4919 Mon Sep 17 00:00:00 2001
From: Alan Pearce
Date: Tue, 3 Dec 2024 14:50:54 +0100
Subject: linde: restrict access to paperless by tailnet

---
 system/linde.nix | 1 +
 1 file changed, 1 insertion(+)

(limited to 'system/linde.nix')

diff --git a/system/linde.nix b/system/linde.nix
index bf89c30d..4e93ca33 100644
--- a/system/linde.nix
+++ b/system/linde.nix
@@ -880,6 +880,7 @@ in
                 }
                 forward_auth unix//run/tailscale-nginx-auth/tailscale-nginx-auth.sock {
                   uri /auth
+                  header_up Expected-Tailnet "${ts-domain}."
                   header_up Remote-Addr {remote_host}
                   header_up Remote-Port {remote_port}
                   header_up Original-URI {uri}
-- 
cgit 1.4.1