From 9706e7f2b3921906ca90c30736a9a1dee948f6a8 Mon Sep 17 00:00:00 2001
From: Tigor Hutasuhut <tigor.hutasuhut@gmail.com>
Date: Sat, 7 Sep 2024 09:55:03 +0700
Subject: [PATCH] tempo: require basic auth for all requests except from
 private ranges

---
 system/services/telemetry/tempo.nix | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/system/services/telemetry/tempo.nix b/system/services/telemetry/tempo.nix
index a202183..a2ef2ed 100644
--- a/system/services/telemetry/tempo.nix
+++ b/system/services/telemetry/tempo.nix
@@ -34,11 +34,13 @@ in
     };
 
     services.caddy.virtualHosts.${domain}.extraConfig = ''
-      basicauth {
+      @require_auth not remote_ip private_ranges 
+
+      basicauth @require_auth {
           {$TEMPO_USERNAME} {$TEMPO_PASSWORD}
       }
 
-      reverse_proxy ${server.http_listen_address}:${toString server.http_listen_port}
+      reverse_proxy ${server.http_listen_address}:3200
     '';
 
     services.tempo = {