fix(modules/unifi): configure nginx to bind to tailscale IP

Only serve a response if the request is coming from tailscale. To ensure this is the case, let's configure nginx to only listen on the tailscale IP of the host for that server. Note: the IP for tailscale is hard coded, there has to be a better way. Change-Id: I75978866eb978439df76cede5bf993762f7cd5ab Reviewed-on: https://cl.fcuny.net/c/world/+/485 Tested-by: CI Reviewed-by: Franck Cuny <franck@fcuny.net>
author: Franck Cuny <franck@fcuny.net> 2022-06-23 17:56:51 -0700
committer: Franck Cuny <franck@fcuny.net> 2022-06-23 18:02:27 -0700
commit: 6c1154e7c4cf6c648f5ebac30f46141b2d4f6c39 (patch)
tree: 78cc807cf16c6bf0c161097bc24a03bc8be0f73b /modules/services/unifi/default.nix
parent: fix(modules/navidrome): configure nginx to bind to tailscale IP (diff)
download: world-6c1154e7c4cf6c648f5ebac30f46141b2d4f6c39.tar.gz
1 files changed, 12 insertions, 0 deletions
diff --git a/modules/services/unifi/default.nix b/modules/services/unifi/default.nix
index 3ffae15..4f1924e 100644
--- a/modules/services/unifi/default.nix
+++ b/modules/services/unifi/default.nix
@@ -72,6 +72,18 @@ in
     services.nginx.virtualHosts."${cfg.vhostName}" = {
       forceSSL = true;
       useACMEHost = cfg.vhostName;
+      listen = [
+        {
+          addr = "100.85.232.66";
+          port = 443;
+          ssl = true;
+        }
+        {
+          addr = "100.85.232.66";
+          port = 80;
+          ssl = false;
+        }
+      ];
       locations."/" = {
         proxyPass = "http://127.0.0.1:8443";
         proxyWebsockets = true;
author	Franck Cuny <franck@fcuny.net>	2022-06-23 17:56:51 -0700
committer	Franck Cuny <franck@fcuny.net>	2022-06-23 18:02:27 -0700
commit	6c1154e7c4cf6c648f5ebac30f46141b2d4f6c39 (patch)
tree	78cc807cf16c6bf0c161097bc24a03bc8be0f73b /modules/services/unifi/default.nix
parent	fix(modules/navidrome): configure nginx to bind to tailscale IP (diff)
download	world-6c1154e7c4cf6c648f5ebac30f46141b2d4f6c39.tar.gz