cockpit: now remote access is denied by default. Require wireguard to
access cockpit.
This commit is contained in:
parent
a250517712
commit
5dc68117c7
|
@ -8,7 +8,11 @@ in
|
|||
environment.systemPackages = mkIf config.profile.podman.enable [
|
||||
(pkgs.callPackage ../packages/cockpit-podman.nix { })
|
||||
];
|
||||
services.caddy.virtualHosts."cockpit.tigor.web.id".extraConfig = ''
|
||||
services.caddy.virtualHosts."cockpit.tigor.web.id".extraConfig = /*caddyfile*/ ''
|
||||
@denied not remote_ip private_ranges
|
||||
|
||||
respond @denied "Access denied" 403
|
||||
|
||||
reverse_proxy 0.0.0.0:9090
|
||||
'';
|
||||
services.udisks2.enable = true;
|
||||
|
|
Loading…
Reference in a new issue