Listen only on tailnet address for new internal rnrd.fyi sites

Signed-off-by: Mel <mel@rnrd.eu>

4 files changed, 5 insertions, 1 deletions

diff --git a/services/irc/gamja.nix b/services/irc/gamja.nix
index d2d5f08..a63e35b 100644
--- a/services/irc/gamja.nix
+++ b/services/irc/gamja.nix
@@ -30,6 +30,7 @@ in
   services.nginx.virtualHosts."gamja.rnrd.fyi" = {
     useACMEHost = "rnrd.fyi";
     forceSSL = true;
+    listenAddresses = [ me.tailscale.ip ];
     locations = {
       "/" = {
         root = gamja;
diff --git a/services/miniflux.nix b/services/miniflux.nix
index 3d2245b..19f1635 100644
--- a/services/miniflux.nix
+++ b/services/miniflux.nix
@@ -54,6 +54,7 @@ in
   services.nginx.virtualHosts."miniflux.rnrd.fyi" = {
     useACMEHost = "rnrd.fyi";
     forceSSL = true;
+    listenAddresses = [ me.tailscale.ip ];
     locations."/" = {
       proxyPass = "http://127.0.0.1:${toString minifluxLocalPort}/";
       recommendedProxySettings = true;
diff --git a/services/monitoring/default.nix b/services/monitoring/default.nix
index 419c977..ba87765 100644
--- a/services/monitoring/default.nix
+++ b/services/monitoring/default.nix
@@ -78,6 +78,7 @@ in
   services.nginx.virtualHosts."grafana.rnrd.fyi" = {
     useACMEHost = "rnrd.fyi";
     forceSSL = true;
+    listenAddresses = [ me.tailscale.ip ];
     locations."/" = {
       proxyPass = "http://127.0.0.1:${toString grafanaLocalPort}/";
       proxyWebsockets = true;
diff --git a/services/shiori.nix b/services/shiori.nix
index c580577..f7943ed 100644
--- a/services/shiori.nix
+++ b/services/shiori.nix
@@ -1,4 +1,4 @@
-{ pkgs, auxiliaryPkgs, ... }:
+{ me, pkgs, auxiliaryPkgs, ... }:
 
 let
   inherit (pkgs) dockerTools;
@@ -49,6 +49,7 @@ in
   services.nginx.virtualHosts."shiori.rnrd.fyi" = {
     useACMEHost = "rnrd.fyi";
     forceSSL = true;
+    listenAddresses = [ me.tailscale.ip ];
     locations."/" = {
       proxyPass = "http://127.0.0.1:${toString shioriLocalPort}/";
     };