cockpit: now remote access is denied by default. Require wireguard to
access cockpit.
This commit is contained in:
parent
a250517712
commit
5dc68117c7
|
@ -8,7 +8,11 @@ in
|
||||||
environment.systemPackages = mkIf config.profile.podman.enable [
|
environment.systemPackages = mkIf config.profile.podman.enable [
|
||||||
(pkgs.callPackage ../packages/cockpit-podman.nix { })
|
(pkgs.callPackage ../packages/cockpit-podman.nix { })
|
||||||
];
|
];
|
||||||
services.caddy.virtualHosts."cockpit.tigor.web.id".extraConfig = ''
|
services.caddy.virtualHosts."cockpit.tigor.web.id".extraConfig = /*caddyfile*/ ''
|
||||||
|
@denied not remote_ip private_ranges
|
||||||
|
|
||||||
|
respond @denied "Access denied" 403
|
||||||
|
|
||||||
reverse_proxy 0.0.0.0:9090
|
reverse_proxy 0.0.0.0:9090
|
||||||
'';
|
'';
|
||||||
services.udisks2.enable = true;
|
services.udisks2.enable = true;
|
||||||
|
|
Loading…
Reference in a new issue