alarsyo/nixos-config
alarsyo/nixos-config
1
1
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

services: paperless: drop external traffic to docker

Browse source
This commit is contained in:
Antoine Martin 2021-07-13 13:15:38 +02:00
parent 8eb1fe5001
commit d2835ceb77
1 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
services/paperless.nix
View file

@ -20,6 +20,14 @@ in
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
# HACK: see https://github.com/NixOS/nixpkgs/issues/111852
networking.firewall.extraCommands = ''
iptables -N DOCKER-USER || true
iptables -F DOCKER-USER
iptables -A DOCKER-USER -i eno1 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A DOCKER-USER -i eno1 -j DROP
'';
services.nginx.virtualHosts = { services.nginx.virtualHosts = {
"paperless.${domain}" = { "paperless.${domain}" = {
forceSSL = true; forceSSL = true;