about summary refs log tree commit diff
path: root/modules/services
diff options
context:
space:
mode:
authorFranck Cuny <franck@fcuny.net>2022-06-23 17:57:55 -0700
committerFranck Cuny <franck@fcuny.net>2022-06-23 18:02:27 -0700
commite1f33a6bf73050ceed5081b0f774d91501dee133 (patch)
tree698fa58cb72cf180cf8fe3982f9583a735581f0f /modules/services
parentfix(modules/unifi): configure nginx to bind to tailscale IP (diff)
downloadworld-e1f33a6bf73050ceed5081b0f774d91501dee133.tar.gz
fix(modules/sourcegraph): configure nginx to bind to tailscale IP
Only serve a response if the request is coming from tailscale. To ensure
this is the case, let's configure nginx to only listen on the tailscale
IP of the host for that server.

Note: the IP for tailscale is hard coded, there has to be a better way.
Change-Id: I684f2da60a128652fac2f7004bec22ce4bf959d0
Reviewed-on: https://cl.fcuny.net/c/world/+/486
Tested-by: CI
Reviewed-by: Franck Cuny <franck@fcuny.net>
Diffstat (limited to 'modules/services')
-rw-r--r--modules/services/sourcegraph/default.nix12
1 files changed, 12 insertions, 0 deletions
diff --git a/modules/services/sourcegraph/default.nix b/modules/services/sourcegraph/default.nix
index 92653c1..0845c55 100644
--- a/modules/services/sourcegraph/default.nix
+++ b/modules/services/sourcegraph/default.nix
@@ -32,6 +32,18 @@ in
     services.nginx.virtualHosts."${cfg.vhostName}" = {
       forceSSL = true;
       useACMEHost = cfg.vhostName;
+      listen = [
+        {
+          addr = "100.85.232.66";
+          port = 443;
+          ssl = true;
+        }
+        {
+          addr = "100.85.232.66";
+          port = 80;
+          ssl = false;
+        }
+      ];
       locations."/" = { proxyPass = "http://127.0.0.1:7080"; };
     };