services: paperless: drop external traffic to docker
This commit is contained in:
parent
8eb1fe5001
commit
d2835ceb77
|
@ -20,6 +20,14 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
|
# HACK: see https://github.com/NixOS/nixpkgs/issues/111852
|
||||||
|
networking.firewall.extraCommands = ''
|
||||||
|
iptables -N DOCKER-USER || true
|
||||||
|
iptables -F DOCKER-USER
|
||||||
|
iptables -A DOCKER-USER -i eno1 -m state --state RELATED,ESTABLISHED -j ACCEPT
|
||||||
|
iptables -A DOCKER-USER -i eno1 -j DROP
|
||||||
|
'';
|
||||||
|
|
||||||
services.nginx.virtualHosts = {
|
services.nginx.virtualHosts = {
|
||||||
"paperless.${domain}" = {
|
"paperless.${domain}" = {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
|
|
Loading…
Reference in a new issue