cockpit: now remote access is denied by default. Require wireguard to

access cockpit.
This commit is contained in:
Tigor Hutasuhut 2024-07-28 21:05:39 +07:00
parent a250517712
commit 5dc68117c7

View file

@ -8,7 +8,11 @@ in
environment.systemPackages = mkIf config.profile.podman.enable [
(pkgs.callPackage ../packages/cockpit-podman.nix { })
];
services.caddy.virtualHosts."cockpit.tigor.web.id".extraConfig = ''
services.caddy.virtualHosts."cockpit.tigor.web.id".extraConfig = /*caddyfile*/ ''
@denied not remote_ip private_ranges
respond @denied "Access denied" 403
reverse_proxy 0.0.0.0:9090
'';
services.udisks2.enable = true;