From cd3b559fa48e221dc145e8d6527ad17e44bcca38 Mon Sep 17 00:00:00 2001 From: Franck Cuny Date: Thu, 23 Jun 2022 17:58:55 -0700 Subject: fix(modules/grafana): configure nginx to bind to tailscale IP Only serve a response if the request is coming from tailscale. To ensure this is the case, let's configure nginx to only listen on the tailscale IP of the host for that server. Note: the IP for tailscale is hard coded, there has to be a better way. Change-Id: I83952484f60206df215e8c03017cfe7722d32697 Reviewed-on: https://cl.fcuny.net/c/world/+/487 Tested-by: CI Reviewed-by: Franck Cuny --- modules/services/grafana/default.nix | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'modules') diff --git a/modules/services/grafana/default.nix b/modules/services/grafana/default.nix index 063a1c9..b3f2122 100644 --- a/modules/services/grafana/default.nix +++ b/modules/services/grafana/default.nix @@ -37,6 +37,18 @@ in services.nginx.virtualHosts."${cfg.vhostName}" = { forceSSL = true; useACMEHost = cfg.vhostName; + listen = [ + { + addr = "100.85.232.66"; + port = 443; + ssl = true; + } + { + addr = "100.85.232.66"; + port = 80; + ssl = false; + } + ]; locations."/" = { proxyPass = "http://${config.services.grafana.addr}:${ toString config.services.grafana.port -- cgit 1.4.1