cockpit: now remote access is denied by default. Require wireguard to

access cockpit.
This commit is contained in:
Tigor Hutasuhut 2024-07-28 21:05:39 +07:00
parent a250517712
commit 5dc68117c7

View file

@ -8,7 +8,11 @@ in
environment.systemPackages = mkIf config.profile.podman.enable [ environment.systemPackages = mkIf config.profile.podman.enable [
(pkgs.callPackage ../packages/cockpit-podman.nix { }) (pkgs.callPackage ../packages/cockpit-podman.nix { })
]; ];
services.caddy.virtualHosts."cockpit.tigor.web.id".extraConfig = '' services.caddy.virtualHosts."cockpit.tigor.web.id".extraConfig = /*caddyfile*/ ''
@denied not remote_ip private_ranges
respond @denied "Access denied" 403
reverse_proxy 0.0.0.0:9090 reverse_proxy 0.0.0.0:9090
''; '';
services.udisks2.enable = true; services.udisks2.enable = true;