From 63b1965114c84a43881ed7d59ba96f84ba65babb Mon Sep 17 00:00:00 2001
From: Xe <me@christine.website>
Date: Thu, 17 Mar 2022 15:41:47 -0400
Subject: [PATCH] add README, move run files to run

Signed-off-by: Xe <me@christine.website>
---
 README.md                                     |  7 +++++
 flake.nix                                     | 29 +++++--------------
 .../grafanauth.defaults                       |  0
 grafanauth.service => run/grafanauth.service  |  0
 4 files changed, 15 insertions(+), 21 deletions(-)
 create mode 100644 README.md
 rename grafanauth.defaults => run/grafanauth.defaults (100%)
 rename grafanauth.service => run/grafanauth.service (100%)

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..a2d1e6a
--- /dev/null
+++ b/README.md
@@ -0,0 +1,7 @@
+# grafanauth
+
+This is an example for how to authenticate to Grafana using your Tailscale
+identity. This uses Tailscale as a library to proxy Grafana only over Tailscale
+so that anyone outside your tailnet cannot connect to it.
+
+See TODO(Xe): link here for more information and the theory behind this.
diff --git a/flake.nix b/flake.nix
index 6c0da53..48eece1 100644
--- a/flake.nix
+++ b/flake.nix
@@ -1,5 +1,5 @@
 {
-  description = "A basic Go web server setup";
+  description = "Grafana Auth proxy using Tailscale Auth";
 
   inputs = {
     nixpkgs.url = "nixpkgs/nixos-unstable";
@@ -20,7 +20,12 @@
         defaultPackage = pkgs.buildGoModule {
           pname = "grafanauth";
           inherit version;
-          src = builtins.path { path = ./.; name = "grafanauth"; };
+          src = builtins.path {
+            path = ./.;
+            name = "grafanauth";
+          };
+
+          CGO_ENABLED = "0";
 
           # This hash locks the dependencies of this package. It is
           # necessary because of how Go requires network access to resolve
@@ -34,25 +39,7 @@
           vendorSha256 = "sha256-nPtSpqIXB75PYsMoULIxFRPbRxxfn2CqzVE3Mb7/1Jg=";
         };
 
-        packages = {
-          docker = let grafanauth = self.defaultPackage.${system};
-          in pkgs.dockerTools.buildLayeredImage {
-            name = grafanauth.pname;
-            tag = grafanauth.version;
-            contents = [ grafanauth ];
-
-            config = {
-              Entrypoint = [ "/bin/grafanauth" ];
-              WorkingDir = [ "/" ];
-              Volumes = { "/data" = { }; };
-              Env = [ "XDG_CONFIG_HOME=/data" ];
-            };
-          };
-        };
-
-        defaultApp = utils.lib.mkApp {
-          drv = self.defaultPackage.${system};
-        };
+        defaultApp = utils.lib.mkApp { drv = self.defaultPackage.${system}; };
 
         devShell = pkgs.mkShell {
           buildInputs = with pkgs; [ go gopls go-tools gotools ];
diff --git a/grafanauth.defaults b/run/grafanauth.defaults
similarity index 100%
rename from grafanauth.defaults
rename to run/grafanauth.defaults
diff --git a/grafanauth.service b/run/grafanauth.service
similarity index 100%
rename from grafanauth.service
rename to run/grafanauth.service