From 76aa17f2fb7e1cadb7731ba14a97efda5cde082b Mon Sep 17 00:00:00 2001 From: Nick Date: Thu, 3 Jul 2025 20:56:06 -0500 Subject: [PATCH] feat: glance test --- modules/nixos/services/glance/default.nix | 14 ++++++++++++-- systems/ceres/config/wireguard.nix | 4 ---- systems/deimos/config/wireguard.nix | 5 ++++- 3 files changed, 16 insertions(+), 7 deletions(-) diff --git a/modules/nixos/services/glance/default.nix b/modules/nixos/services/glance/default.nix index 37b28d2..eb08189 100755 --- a/modules/nixos/services/glance/default.nix +++ b/modules/nixos/services/glance/default.nix @@ -30,8 +30,18 @@ in virtualHosts = { "${configHelpers.host}" = { extraConfig = '' - reverse_proxy ${configHelpers.localhost}:${toString configHelpers.service.ports.port0} + @allowed_ips { + remote_ip ${mars.wireguard.ip0} ${deimos.wireguard.ip0} + } + handle @allowed_ips { + redir /.well-known/carddav /remote.php/dav/ 301 + redir /.well-known/caldav /remote.php/dav/ 301 + reverse_proxy ${ceres.wireguard.ip0}:${toString configHelpers.service.ports.port0} + } + handle { + respond "Access Denied" 403 + } tls ${configHelpers.service.ssl.cert} ${configHelpers.service.ssl.key} ''; }; @@ -64,7 +74,7 @@ in networking = { firewall = { - allowedTCPPorts = [ + interfaces.wg0.allowedTCPPorts = [ configHelpers.service.ports.port0 ]; }; diff --git a/systems/ceres/config/wireguard.nix b/systems/ceres/config/wireguard.nix index b4d30bb..c435e8c 100755 --- a/systems/ceres/config/wireguard.nix +++ b/systems/ceres/config/wireguard.nix @@ -16,10 +16,6 @@ in service.ports.port0 service.ports.port1 ]; - interfaces.wg0.allowedTCPPorts = [ - searx.ports.port0 - glance.ports.port0 - ]; }; nat = { diff --git a/systems/deimos/config/wireguard.nix b/systems/deimos/config/wireguard.nix index 6a88979..72fb149 100755 --- a/systems/deimos/config/wireguard.nix +++ b/systems/deimos/config/wireguard.nix @@ -8,7 +8,10 @@ in { networking = { hosts = { - ${ceres.wireguard.ip0} = [ instances.searx.domains.url0 ]; + ${ceres.wireguard.ip0} = [ + instances.searx.domains.url0 + instances.glance.domains.url0 + ]; }; wireguard.interfaces = { wg0 = {