cockpit: now remote access is denied by default. Require wireguard to

access cockpit.
2024-07-28 21:05:39 +07:00 · 2024-07-28 21:05:39 +07:00 · 5dc68117c7
parent a250517712
commit 5dc68117c7
1 changed files with 5 additions and 1 deletions
--- a/system/services/cockpit.nix
+++ b/system/services/cockpit.nix
@ -8,7 +8,11 @@ in
    environment.systemPackages = mkIf config.profile.podman.enable [
      (pkgs.callPackage ../packages/cockpit-podman.nix { })
    ];
-    services.caddy.virtualHosts."cockpit.tigor.web.id".extraConfig = ''
+    services.caddy.virtualHosts."cockpit.tigor.web.id".extraConfig = /*caddyfile*/ ''
+      @denied not remote_ip private_ranges
+
+      respond @denied "Access denied" 403
+
      reverse_proxy 0.0.0.0:9090
    '';
    services.udisks2.enable = true;