services: paperless: restrict to Tailscale

2021-07-13 01:14:01 +02:00 · 2021-07-13 01:14:01 +02:00 · 8eb1fe5001
parent f0e5e90c10
commit 8eb1fe5001
1 changed files with 14 additions and 0 deletions
--- a/services/paperless.nix
+++ b/services/paperless.nix
@ -25,6 +25,20 @@ in
        forceSSL = true;
        useACMEHost = domain;

+        listen = [
+          # FIXME: hardcoded tailscale IP
+          {
+            addr = "100.80.61.67";
+            port = 443;
+            ssl = true;
+          }
+          {
+            addr = "100.80.61.67";
+            port = 80;
+            ssl = false;
+          }
+        ];
+
        locations."/" = {
          proxyPass = "http://127.0.0.1:${toString cfg.port}";
          proxyWebsockets = true;