Merge pull request #12 from Mic92/nginx
deployment: configure firewall for nginx ingress
This commit is contained in:
commit
caa78d8567
|
@ -4,7 +4,6 @@
|
|||
|
||||
networking.hostName = "beherbergung-warhelp";
|
||||
|
||||
|
||||
## The next part is copied from https://github.com/Mic92/dotfiles/commit/be6b898e8fbd12716cce380d8f3889a926003990
|
||||
|
||||
imports = [
|
||||
|
@ -19,6 +18,11 @@
|
|||
networking.useDHCP = false;
|
||||
networking.useHostResolvConf = false;
|
||||
|
||||
# allow nginx of the host to access frontend and backend
|
||||
networking.firewall.extraCommands = ''
|
||||
ip6tables -I nixos-fw -p tcp -s 2a01:4f8:10b:49f::/64 -m multiport --dports 3000,4000 -j nixos-fw-accept
|
||||
'';
|
||||
|
||||
systemd.network.networks."50-container-host0.network".extraConfig = ''
|
||||
[Match]
|
||||
Virtualization = container
|
||||
|
@ -42,7 +46,6 @@
|
|||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDW+YfsFtRz1h/0ubcKU+LyGfxH505yUkbWa5VtRFNWF2fjTAYGj6o5M4dt+fv1h370HXvvOBtt8sIlWQgMsD10+9mvjdXWhTcpnYPx4yWuyEERE1/1BhItrog6XJKAedbCDpQQ+POoewouiHWVAUfFByPj5RXuE8zKUeIEkGev/QKrKTLnTcS8zFs/yrokf1qYYR571B3U8IPDjpV/Y1GieG3MSNaefIMCwAAup1gPkUA0XZ4A1L7NdEiUEHlceKVu9eYiWUM+wDRunBXnLHubeGyP8KmBA7PNKgml3WWRNTZjqNQk4u9Bl+Qea5eCkD8KI257EqgXYXy0QBWNyF8X j03@l302"
|
||||
];
|
||||
|
||||
|
||||
## Service specific configuration
|
||||
|
||||
users.users."beherbergung" = {
|
||||
|
|
Loading…
Reference in New Issue
Block a user