add restrict to vpn on mailserver module

2024-08-05 18:15:50 +02:00 · 2024-08-05 18:15:50 +02:00 · 1bd5b467ae
commit 1bd5b467ae
parent a10568d5ac
2 changed files with 14 additions and 9 deletions
--- a/hosts/vps/mailserver/default.nix
+++ b/hosts/vps/mailserver/default.nix
@ -165,12 +165,6 @@
          add_header 'Referrer-Policy' 'origin-when-cross-origin';
          add_header X-Content-Type-Options nosniff;
        '';
-        restrictToVpn = ''
-          allow 10.0.0.2/32;
-          allow 10.0.0.3/32;
-          allow 10.0.0.4/32;
-          deny all;
-        '';
        extensions = [ "html" "txt" "png" "jpg" "jpeg" ];
        serveStatic = exts: ''
          try_files $uri $uri/ ${pkgs.lib.strings.concatStringsSep " " (builtins.map (x: "$uri." + "${x}") exts)} =404;
@ -202,9 +196,6 @@
            };
            extraConfig = webshiteConfig;
          };
-          "${config.mailserver.fqdn}" = {
-            extraConfig = restrictToVpn;
-          };
          "src.idimitrov.dev" = {
            enableACME = true;
            forceSSL = true;
--- a/nixos/modules/default.nix
+++ b/nixos/modules/default.nix
@ -291,6 +291,20 @@ top@{ inputs, moduleWithSystem, ... }: {
            $config['smtp_pass'] = "%p";
          '';
        };
+        nginx.virtualHosts =
+          let
+            restrictToVpn = ''
+              allow 10.0.0.2/32;
+              allow 10.0.0.3/32;
+              allow 10.0.0.4/32;
+              deny all;
+            '';
+          in
+          {
+            "${config.mailserver.fqdn}" = {
+              extraConfig = restrictToVpn;
+            };
+          };
        postgresql.enable = true;
      };
      security = {