Nginx proxy: switch to tailscale

2024-01-09 10:49:05 +01:00 · 2024-01-09 10:49:05 +01:00 · 4f77fc3fb4
commit 4f77fc3fb4
parent 611eba5de8
3 changed files with 16 additions and 4 deletions
--- a/instances/baldur/configuration.nix
+++ b/instances/baldur/configuration.nix
@ -68,12 +68,12 @@
          ssl = { enableACME = true; forceSSL = true; };
        in
        {
-          "unimi.bertof.net" = ssl // {
+          "me.bertof.net" = ssl // {
            locations."/".extraConfig =
              "rewrite ^/(.*)$ https://homes.di.unimi.it/berto/$1 redirect ;";
          };
          "home-assistant.bertof.net" = ssl // {
-            locations."/" = { proxyPass = "http://loki.zto:8123/"; proxyWebsockets = true; };
+            locations."/" = { proxyPass = "http://loki.tsn:8123/"; proxyWebsockets = true; };
            extraConfig = ''
              proxy_pass_header Authorization;
              proxy_buffering off;
--- a/instances/loki/configuration.nix
+++ b/instances/loki/configuration.nix
@ -280,7 +280,12 @@ in

      http = {
        use_x_forwarded_for = true;
-        trusted_proxies = [ hosts.zerotier.ipv4."baldur.zto" "::1" "127.0.0.1" ];
+        trusted_proxies = [
+          hosts.zerotier.ipv4."baldur.zto"
+          hosts.tailscale.ipv4."baldur.tsn"
+          "::1"
+          "127.0.0.1"
+        ];
      };

      automation = "!include automations.yaml";
--- a/modules/nixos/nextcloud.nix
+++ b/modules/nixos/nextcloud.nix
@ -39,7 +39,14 @@ in
    ];

    config = {
-      trustedProxies = [ hosts.zerotier.ipv4."baldur.zto" hosts.zerotier.ipv6."baldur.zto" "baldur.zto" ];
+      trustedProxies = [
+        hosts.zerotier.ipv4."baldur.zto"
+        hosts.zerotier.ipv6."baldur.zto"
+        hosts.tailscale.ipv4."baldur.tsn"
+        hosts.tailscale.ipv6."baldur.tsn"
+        "baldur.zto"
+        "baldur.tsn"
+      ];
      extraTrustedDomains = [ config.services.nextcloud.hostName "freya.zto" ];
      adminpassFile = config.age.secrets.nextcloud_admin_secret.path;
      overwriteProtocol = "https";