jasmine/dotfiles.nix
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

update whitelists

Browse source
This commit is contained in:
♥ Minnie ♥ 2023-11-19 22:41:07 +00:00
parent 646c3c0efb
commit 42b6c3bcfc
2 changed files with 20 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
nixos/viridian/services/traefik/middleware.nix
View file

@ -3,10 +3,17 @@
{ {
# Attached to the routers, pieces of middleware are a means of tweaking the requests before they are sent to your service # Attached to the routers, pieces of middleware are a means of tweaking the requests before they are sent to your service
services.traefik.dynamicConfigOptions.http.middlewares = { services.traefik.dynamicConfigOptions.http.middlewares = {
# Restrict access to admin devices only
admin.ipwhitelist.sourcerange = [
"127.0.0.1/32" # localhost
"192.168.1.101" # fuchsia
"10.100.0.2" # Pixel 6 Pro
];
# Restrict access to internal networks # Restrict access to internal networks
internal.ipwhitelist.sourcerange = [ internal.ipwhitelist.sourcerange = [
"127.0.0.1/32" # localhost "127.0.0.1/32" # localhost
"192.168.1.1/24" # lan "192.168.1.1/24" # lan
"10.100.0.0/24" # wireguard clients
]; ];
# Restrict access based on geo-location # Restrict access based on geo-location
geoblock.plugin.geoblock = { geoblock.plugin.geoblock = {

26
nixos/viridian/services/traefik/routers.nix
View file

@ -14,12 +14,12 @@
}; };
microbin = { microbin = {
rule = "Host(`bin.sajenim.dev`)"; rule = "Host(`bin.kanto.dev`)";
entryPoints = [ entryPoints = [
"websecure" "websecure"
]; ];
middlewares = [ middlewares = [
"geoblock" "internal"
]; ];
service = "microbin"; service = "microbin";
}; };
@ -30,7 +30,7 @@
"websecure" "websecure"
]; ];
middlewares = [ middlewares = [
"internal" "admin"
]; ];
service = "homarr"; service = "homarr";
}; };
@ -41,7 +41,7 @@
"websecure" "websecure"
]; ];
middlewares = [ middlewares = [
"internal" "admin"
]; ];
service = "api@internal"; service = "api@internal";
}; };
@ -52,7 +52,7 @@
"websecure" "websecure"
]; ];
middlewares = [ middlewares = [
"internal" "admin"
]; ];
service = "adguard-home"; service = "adguard-home";
}; };
@ -63,7 +63,7 @@
"websecure" "websecure"
]; ];
middlewares = [ middlewares = [
"internal" "admin"
]; ];
service = "home-assistant"; service = "home-assistant";
}; };
@ -85,7 +85,7 @@
"websecure" "websecure"
]; ];
middlewares = [ middlewares = [
"geoblock" "internal"
]; ];
service = "jellyfin"; service = "jellyfin";
}; };
@ -96,7 +96,7 @@
"websecure" "websecure"
]; ];
middlewares = [ middlewares = [
"internal" "admin"
]; ];
service = "sonarr"; service = "sonarr";
}; };
@ -107,7 +107,7 @@
"websecure" "websecure"
]; ];
middlewares = [ middlewares = [
"internal" "admin"
]; ];
service = "radarr"; service = "radarr";
}; };
@ -118,7 +118,7 @@
"websecure" "websecure"
]; ];
middlewares = [ middlewares = [
"internal" "admin"
]; ];
service = "lidarr"; service = "lidarr";
}; };
@ -129,7 +129,7 @@
"websecure" "websecure"
]; ];
middlewares = [ middlewares = [
"internal" "admin"
]; ];
service = "prowlarr"; service = "prowlarr";
}; };
@ -140,13 +140,13 @@
"websecure" "websecure"
]; ];
middlewares = [ middlewares = [
"internal" "admin"
]; ];
service = "qbittorrent"; service = "qbittorrent";
}; };
jellyseerr = { jellyseerr = {
rule ="Host(`jellyseerr.kanto.dev`)"; rule ="Host(`js.kanto.dev`)";
entryPoints = [ entryPoints = [
"websecure" "websecure"
]; ];