Nico
7537a1e5b6
blocks ips not in tailnet or in local network from accessing services using `important block_non_private_ips` in their caddy config
25 lines
625 B
Nix
25 lines
625 B
Nix
{ config, ... }:
|
|
|
|
{
|
|
virtualisation.oci-containers.containers.pocketid = {
|
|
image = "ghcr.io/pocket-id/pocket-id";
|
|
volumes = [ "/var/lib/pocketid/data:/app/backend/data" ];
|
|
ports = [ "8025:8025" ];
|
|
environment = {
|
|
PUBLIC_APP_URL = "https://auth.${config.homelab.domain}";
|
|
TRUST_PROXY = "true";
|
|
CADDY_PORT = "8025";
|
|
|
|
PUID = "1000";
|
|
GUID = "1000";
|
|
};
|
|
};
|
|
|
|
services.caddy.virtualHosts."auth.${config.homelab.domain}" = {
|
|
useACMEHost = config.homelab.domain;
|
|
extraConfig = ''
|
|
reverse_proxy http://localhost:8025
|
|
import block_non_private_ips
|
|
'';
|
|
};
|
|
}
|