From 1635e6123ffcc0191664f4832c7d2457705a9640 Mon Sep 17 00:00:00 2001
From: Jaculabilis <jaculabilis@git.alogoulogoi.com>
Date: Sun, 6 Apr 2025 22:31:51 +0000
Subject: [PATCH] empyrean: add mTLS access for icecast

---
 machine/empyrean/default.nix | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/machine/empyrean/default.nix b/machine/empyrean/default.nix
index 8f0da52..1369a23 100644
--- a/machine/empyrean/default.nix
+++ b/machine/empyrean/default.nix
@@ -136,6 +136,16 @@
           ssl_client_certificate /etc/nginx/client-ca.crt;
         '';
       };
+      "icecast.secure.ktvb.site" = {
+        enableACME = true;
+        forceSSL = true;
+        locations."/".proxyPass = "http://10.22.20.1:8688";
+        extraConfig = ''
+          # enable mTLS
+          ssl_verify_client on;
+          ssl_client_certificate /etc/nginx/client-ca.crt;
+        '';
+      };
       # mirror revproxy
       "mirror.alogoulogoi.com" = {
         enableACME = true;