add restrict to vpn on mailserver module
This commit is contained in:
parent
a10568d5ac
commit
1bd5b467ae
@ -165,12 +165,6 @@
|
|||||||
add_header 'Referrer-Policy' 'origin-when-cross-origin';
|
add_header 'Referrer-Policy' 'origin-when-cross-origin';
|
||||||
add_header X-Content-Type-Options nosniff;
|
add_header X-Content-Type-Options nosniff;
|
||||||
'';
|
'';
|
||||||
restrictToVpn = ''
|
|
||||||
allow 10.0.0.2/32;
|
|
||||||
allow 10.0.0.3/32;
|
|
||||||
allow 10.0.0.4/32;
|
|
||||||
deny all;
|
|
||||||
'';
|
|
||||||
extensions = [ "html" "txt" "png" "jpg" "jpeg" ];
|
extensions = [ "html" "txt" "png" "jpg" "jpeg" ];
|
||||||
serveStatic = exts: ''
|
serveStatic = exts: ''
|
||||||
try_files $uri $uri/ ${pkgs.lib.strings.concatStringsSep " " (builtins.map (x: "$uri." + "${x}") exts)} =404;
|
try_files $uri $uri/ ${pkgs.lib.strings.concatStringsSep " " (builtins.map (x: "$uri." + "${x}") exts)} =404;
|
||||||
@ -202,9 +196,6 @@
|
|||||||
};
|
};
|
||||||
extraConfig = webshiteConfig;
|
extraConfig = webshiteConfig;
|
||||||
};
|
};
|
||||||
"${config.mailserver.fqdn}" = {
|
|
||||||
extraConfig = restrictToVpn;
|
|
||||||
};
|
|
||||||
"src.idimitrov.dev" = {
|
"src.idimitrov.dev" = {
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
|
@ -291,6 +291,20 @@ top@{ inputs, moduleWithSystem, ... }: {
|
|||||||
$config['smtp_pass'] = "%p";
|
$config['smtp_pass'] = "%p";
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
nginx.virtualHosts =
|
||||||
|
let
|
||||||
|
restrictToVpn = ''
|
||||||
|
allow 10.0.0.2/32;
|
||||||
|
allow 10.0.0.3/32;
|
||||||
|
allow 10.0.0.4/32;
|
||||||
|
deny all;
|
||||||
|
'';
|
||||||
|
in
|
||||||
|
{
|
||||||
|
"${config.mailserver.fqdn}" = {
|
||||||
|
extraConfig = restrictToVpn;
|
||||||
|
};
|
||||||
|
};
|
||||||
postgresql.enable = true;
|
postgresql.enable = true;
|
||||||
};
|
};
|
||||||
security = {
|
security = {
|
||||||
|
Loading…
Reference in New Issue
Block a user