sail: make firewall rules more specific
This commit is contained in:
parent
c3cb43184c
commit
d86187e2ee
SSH key fingerprint:
SHA256:Ks/MyhQYcPRQiwMKLAKquWCdCPe3JXlb1WttgnAoSeM
4 changed files with 3 additions and 8 deletions
|
|
@ -3,9 +3,9 @@
|
||||||
{
|
{
|
||||||
security.acme = {
|
security.acme = {
|
||||||
acceptTerms = true;
|
acceptTerms = true;
|
||||||
email = "acme@kempkens.io";
|
|
||||||
|
|
||||||
defaults = {
|
defaults = {
|
||||||
|
email = "acme@kempkens.io";
|
||||||
dnsProvider = "cloudflare";
|
dnsProvider = "cloudflare";
|
||||||
credentialsFile = config.age.secrets.acme-credentials.path;
|
credentialsFile = config.age.secrets.acme-credentials.path;
|
||||||
dnsResolver = "1.1.1.1:53";
|
dnsResolver = "1.1.1.1:53";
|
||||||
|
|
|
||||||
|
|
@ -26,5 +26,5 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [ 8015 ];
|
networking.firewall.interfaces."tailscale0".allowedTCPPorts = [ 8015 ];
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -9,11 +9,6 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
enable = true;
|
|
||||||
recommendedOptimisation = true;
|
|
||||||
recommendedGzipSettings = true;
|
|
||||||
recommendedBrotliSettings = true;
|
|
||||||
|
|
||||||
virtualHosts."libreddit.only.internal" = {
|
virtualHosts."libreddit.only.internal" = {
|
||||||
listen = [
|
listen = [
|
||||||
{
|
{
|
||||||
|
|
|
||||||
|
|
@ -87,5 +87,5 @@
|
||||||
extraConfigFiles = [ config.age.secrets.synapse-extra-config.path ];
|
extraConfigFiles = [ config.age.secrets.synapse-extra-config.path ];
|
||||||
};
|
};
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [ 8008 ];
|
networking.firewall.interfaces."enp7s0".allowedTCPPorts = [ 8008 ];
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue