From 0db876e1688da709ad2ed62a2fb96b274615f2c4 Mon Sep 17 00:00:00 2001
From: Mel <mel@rnrd.eu>
Date: Wed, 12 Feb 2025 22:54:17 +0100
Subject: Listen only on tailnet address for new internal rnrd.fyi sites

Signed-off-by: Mel <mel@rnrd.eu>
---
 services/irc/gamja.nix          | 1 +
 services/miniflux.nix           | 1 +
 services/monitoring/default.nix | 1 +
 services/shiori.nix             | 3 ++-
 4 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/services/irc/gamja.nix b/services/irc/gamja.nix
index d2d5f08..a63e35b 100644
--- a/services/irc/gamja.nix
+++ b/services/irc/gamja.nix
@@ -30,6 +30,7 @@ in
   services.nginx.virtualHosts."gamja.rnrd.fyi" = {
     useACMEHost = "rnrd.fyi";
     forceSSL = true;
+    listenAddresses = [ me.tailscale.ip ];
     locations = {
       "/" = {
         root = gamja;
diff --git a/services/miniflux.nix b/services/miniflux.nix
index 3d2245b..19f1635 100644
--- a/services/miniflux.nix
+++ b/services/miniflux.nix
@@ -54,6 +54,7 @@ in
   services.nginx.virtualHosts."miniflux.rnrd.fyi" = {
     useACMEHost = "rnrd.fyi";
     forceSSL = true;
+    listenAddresses = [ me.tailscale.ip ];
     locations."/" = {
       proxyPass = "http://127.0.0.1:${toString minifluxLocalPort}/";
       recommendedProxySettings = true;
diff --git a/services/monitoring/default.nix b/services/monitoring/default.nix
index 419c977..ba87765 100644
--- a/services/monitoring/default.nix
+++ b/services/monitoring/default.nix
@@ -78,6 +78,7 @@ in
   services.nginx.virtualHosts."grafana.rnrd.fyi" = {
     useACMEHost = "rnrd.fyi";
     forceSSL = true;
+    listenAddresses = [ me.tailscale.ip ];
     locations."/" = {
       proxyPass = "http://127.0.0.1:${toString grafanaLocalPort}/";
       proxyWebsockets = true;
diff --git a/services/shiori.nix b/services/shiori.nix
index c580577..f7943ed 100644
--- a/services/shiori.nix
+++ b/services/shiori.nix
@@ -1,4 +1,4 @@
-{ pkgs, auxiliaryPkgs, ... }:
+{ me, pkgs, auxiliaryPkgs, ... }:
 
 let
   inherit (pkgs) dockerTools;
@@ -49,6 +49,7 @@ in
   services.nginx.virtualHosts."shiori.rnrd.fyi" = {
     useACMEHost = "rnrd.fyi";
     forceSSL = true;
+    listenAddresses = [ me.tailscale.ip ];
     locations."/" = {
       proxyPass = "http://127.0.0.1:${toString shioriLocalPort}/";
     };
-- 
cgit 1.4.1