From 8eb1fe5001b1004f06415a095355d4085e8d9f24 Mon Sep 17 00:00:00 2001
From: Antoine Martin <antoine@alarsyo.net>
Date: Tue, 13 Jul 2021 01:14:01 +0200
Subject: [PATCH] services: paperless: restrict to Tailscale

---
 services/paperless.nix | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/services/paperless.nix b/services/paperless.nix
index 132a617..a837d38 100644
--- a/services/paperless.nix
+++ b/services/paperless.nix
@@ -25,6 +25,20 @@ in
         forceSSL = true;
         useACMEHost = domain;
 
+        listen = [
+          # FIXME: hardcoded tailscale IP
+          {
+            addr = "100.80.61.67";
+            port = 443;
+            ssl = true;
+          }
+          {
+            addr = "100.80.61.67";
+            port = 80;
+            ssl = false;
+          }
+        ];
+
         locations."/" = {
           proxyPass = "http://127.0.0.1:${toString cfg.port}";
           proxyWebsockets = true;