cgit: client cert auth

author: Caroline Larimore <caroline@larimo.re> 2026-03-03 00:33:11 -0800
committer: Caroline Larimore <caroline@larimo.re> 2026-03-03 01:04:11 -0800
commit: 5d01cdd0e98d0efbff5fa09f3b83a2aa6fa510dd (patch)
tree: 523b6bf2b4b795cbd04736a0a42982c50cc83822 /modules/nixos/services/web/cgit/default.nix
parent: 7fb44f82a327e8fc9cae787f0cb9ad039cc21de8 (diff)
1 files changed, 10 insertions, 7 deletions
diff --git a/modules/nixos/services/web/cgit/default.nix b/modules/nixos/services/web/cgit/default.nix
index 2c8139c..e33971e 100644
--- a/modules/nixos/services/web/cgit/default.nix
+++ b/modules/nixos/services/web/cgit/default.nix
@@ -52,8 +52,7 @@ in {
       "private" = {
         enable = true;
         scanPath = cfg.path;
-        nginx.virtualHost = cfg.virtualHost;
-        nginx.location = "/private/";
+        nginx.virtualHost = "private.${cfg.virtualHost}";
 
         user = "git";
         group = "git";
@@ -72,11 +71,15 @@ in {
         "${cfg.virtualHost}" = {
           addSSL = true;
           enableACME = true;
-          locations."/private/" = {
-            basicAuth = {
-              c = "password";
-            };
-          };
+        };
+        "private.${cfg.virtualHost}" = {
+          addSSL = true;
+          enableACME = true;
+
+          extraConfig = ''
+            ssl_client_certificate ${./ca.crt};
+            ssl_verify_client on;
+          '';
         };
       };
     };
author	Caroline Larimore <caroline@larimo.re>	2026-03-03 00:33:11 -0800
committer	Caroline Larimore <caroline@larimo.re>	2026-03-03 01:04:11 -0800
commit	5d01cdd0e98d0efbff5fa09f3b83a2aa6fa510dd (patch)
tree	523b6bf2b4b795cbd04736a0a42982c50cc83822 /modules/nixos/services/web/cgit/default.nix
parent	7fb44f82a327e8fc9cae787f0cb9ad039cc21de8 (diff)