SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-01-21 12:51:34 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

vps-public: Only allow access to radicale's login page over vpn

Browse source
This commit is contained in:
SebastianStork 2026-01-15 22:20:48 +01:00
parent 2f246153d4
commit d73e3744a8
Signed by: SebastianStork
SSH key fingerprint: SHA256:tRrGdjYOwgHxpSc/wTOZQZEjxcb15P0tyXRsbAfd+2Q
1 changed files with 81 additions and 68 deletions
Download patch file Download diff file Expand all files Collapse all files

21
hosts/vps-public/default.nix
View file

@ -13,7 +13,11 @@
ports.validate = true; ports.validate = true;
}; };
custom = { custom =
let
sproutedDomain = "sprouted.cloud";
in
{
persistence.enable = true; persistence.enable = true;
sops.enable = true; sops.enable = true;
@ -38,12 +42,21 @@
nebula.enable = true; nebula.enable = true;
sshd.enable = true; sshd.enable = true;
caddy.virtualHosts."dav.${sproutedDomain}" = {
inherit (config.custom.web-services.radicale) port;
extraConfig = ''
respond /.web/ "Access denied" 403 {
close
}
'';
};
}; };
web-services = web-services =
let let
privateDomain = config.custom.networking.overlay.domain;
sstorkDomain = "sstork.dev"; sstorkDomain = "sstork.dev";
sproutedDomain = "sprouted.cloud";
in in
{ {
personal-blog = { personal-blog = {
@ -76,13 +89,13 @@
radicale = { radicale = {
enable = true; enable = true;
domain = "dav.${sproutedDomain}"; domain = "dav.${privateDomain}";
doBackups = true; doBackups = true;
}; };
alloy = { alloy = {
enable = true; enable = true;
domain = "alloy.${config.networking.hostName}.${config.custom.networking.overlay.domain}"; domain = "alloy.${config.networking.hostName}.${privateDomain}";
}; };
}; };
}; };