services: paperless: restrict to Tailscale

This commit is contained in:
Antoine Martin 2021-07-13 01:14:01 +02:00
parent f0e5e90c10
commit 8eb1fe5001

View file

@ -25,6 +25,20 @@ in
forceSSL = true; forceSSL = true;
useACMEHost = domain; useACMEHost = domain;
listen = [
# FIXME: hardcoded tailscale IP
{
addr = "100.80.61.67";
port = 443;
ssl = true;
}
{
addr = "100.80.61.67";
port = 80;
ssl = false;
}
];
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:${toString cfg.port}"; proxyPass = "http://127.0.0.1:${toString cfg.port}";
proxyWebsockets = true; proxyWebsockets = true;