From 227f51f93725c2b8b07dc0ddbf0c3b6d897b83a4 Mon Sep 17 00:00:00 2001 From: Ingolf Wagner Date: Sat, 1 Jan 2022 10:31:13 +0100 Subject: [PATCH] secure transmission --- nixos/configs/robi/configuration.nix | 8 +++++++- nixos/configs/robi/transmission.nix | 9 +++++++-- 2 files changed, 14 insertions(+), 3 deletions(-) diff --git a/nixos/configs/robi/configuration.nix b/nixos/configs/robi/configuration.nix index 1614986..92ed7df 100644 --- a/nixos/configs/robi/configuration.nix +++ b/nixos/configs/robi/configuration.nix @@ -7,7 +7,6 @@ ./hetzner.nix - ./packages.nix ./tinc.nix ./syncthing.nix @@ -35,6 +34,13 @@ ]; + # 2 hours = 2 * 60 * 60 = 7200 seconds + #services.netdata.config.global.history = 7200; + # 4 hours = 4 * 60 * 60 = 14440 seconds + services.netdata.config.global.history = 14440; + # 24 hours = 24 * 60 * 60 = 86400 seconds + #services.netdata.config.global.history = 86400; + services.sshguard.enable = true; # Shell configuration diff --git a/nixos/configs/robi/transmission.nix b/nixos/configs/robi/transmission.nix index 5152c29..bd18749 100644 --- a/nixos/configs/robi/transmission.nix +++ b/nixos/configs/robi/transmission.nix @@ -287,13 +287,18 @@ in # [ 5044 12304 12305 ]; # host nginx setup - # curl transmission.robi.private < will work - # curl -H "Host: transmission.robi.private" http://144.76.13.147/ < will work + # curl transmission.robi.private < will work + # curl -H "Host: transmission.robi.private" https://robi.private/ < will work + # curl -H "Host: transmission.robi.private" https://144.76.13.147/ < wont work services.nginx = { enable = true; recommendedProxySettings = true; virtualHosts = { "transmission.${config.networking.hostName}.private" = { + extraConfig = '' + allow ${config.module.cluster.services.tinc.private.networkSubnet}; + deny all; + ''; locations."/" = { proxyPass = "http://${containerAddress}:${toString uiPort}"; };