From d0bb3554dbb7bb56bc19c1c4ba4c34c36509e654 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Motiejus=20Jak=C5=A1tys?= <motiejus@jakstys.lt>
Date: Sun, 26 Jan 2025 22:57:29 +0200
Subject: [PATCH] frigate: basic auth only from non-localhost

---
 hosts/fwminex/configuration.nix | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/hosts/fwminex/configuration.nix b/hosts/fwminex/configuration.nix
index 29ae9ad..fb9b99c 100644
--- a/hosts/fwminex/configuration.nix
+++ b/hosts/fwminex/configuration.nix
@@ -356,7 +356,14 @@ in
       defaultSSLListenPort = 8443;
       recommendedTlsSettings = true;
       virtualHosts."r1.jakstys.lt" = {
-        basicAuthFile = config.age.secrets.r1-htpasswd.path;
+        extraConfig = ''
+          satisfy any;
+          allow 127.0.0.1;
+          allow ::1;
+          deny all;
+          auth_basic secured;
+          auth_basic_user_file ${config.age.secrets.r1-htpasswd.path};
+        '';
 
         addSSL = true;
         sslCertificate = "/run/credentials/nginx.service/r1.jakstys.lt-cert.pem";