From e701f016d9f035c63a74e4afb436fb9353261821 Mon Sep 17 00:00:00 2001 From: Franck Cuny Date: Thu, 23 Jun 2022 17:55:13 -0700 Subject: fix(modules/navidrome): configure nginx to bind to tailscale IP Only serve a response if the request is coming from tailscale. To ensure this is the case, let's configure nginx to only listen on the tailscale IP of the host for that server. Note: the IP for tailscale is hard coded, there has to be a better way. Change-Id: I8b497507b2c8548d824c2e2bb693b38768b355b9 Reviewed-on: https://cl.fcuny.net/c/world/+/484 Tested-by: CI Reviewed-by: Franck Cuny --- modules/services/navidrome/default.nix | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/modules/services/navidrome/default.nix b/modules/services/navidrome/default.nix index 280da90..1e3b6e7 100644 --- a/modules/services/navidrome/default.nix +++ b/modules/services/navidrome/default.nix @@ -27,6 +27,18 @@ in services.nginx.virtualHosts."${cfg.vhostName}" = { forceSSL = true; useACMEHost = cfg.vhostName; + listen = [ + { + addr = "100.85.232.66"; + port = 443; + ssl = true; + } + { + addr = "100.85.232.66"; + port = 80; + ssl = false; + } + ]; locations."/" = { proxyPass = "http://127.0.0.1:4533"; proxyWebsockets = true; -- cgit 1.4.1