about summary refs log tree commit diff
path: root/modules/services
diff options
context:
space:
mode:
authorFranck Cuny <franck@fcuny.net>2022-06-23 17:48:48 -0700
committerFranck Cuny <franck@fcuny.net>2022-06-23 18:02:27 -0700
commitf9759de8cc2b189e8b0464778245df5c20d79e43 (patch)
tree8a8cf0022038c58f4c6b5dcf60868d7ba1b2d54d /modules/services
parentfix(modules/cgit): make cgit the default server for nginx (diff)
downloadworld-f9759de8cc2b189e8b0464778245df5c20d79e43.tar.gz
fix(modules/transmission): configure nginx to bind on tailscale IP
Only serve a response if the request is coming from tailscale. To ensure
this is the case, let's configure nginx to only listen on the tailscale
IP of the host for that server.

Note: the IP is currently hard coded, there has to be a better way.
Change-Id: I21b6db5e94070024c1ff8d6cea852aafd6952b55
Reviewed-on: https://cl.fcuny.net/c/world/+/483
Tested-by: CI
Reviewed-by: Franck Cuny <franck@fcuny.net>
Diffstat (limited to 'modules/services')
-rw-r--r--modules/services/transmission/default.nix12
1 files changed, 12 insertions, 0 deletions
diff --git a/modules/services/transmission/default.nix b/modules/services/transmission/default.nix
index c44034b..824f7a5 100644
--- a/modules/services/transmission/default.nix
+++ b/modules/services/transmission/default.nix
@@ -36,6 +36,18 @@ in
     services.nginx.virtualHosts."${cfg.vhostName}" = {
       forceSSL = true;
       useACMEHost = cfg.vhostName;
+      listen = [
+        {
+          addr = "100.85.232.66";
+          port = 443;
+          ssl = true;
+        }
+        {
+          addr = "100.85.232.66";
+          port = 80;
+          ssl = false;
+        }
+      ];
       locations."/" = {
         proxyPass = "http://127.0.0.1:9091";
         proxyWebsockets = true;