From 0db876e1688da709ad2ed62a2fb96b274615f2c4 Mon Sep 17 00:00:00 2001
From: Mel <mel@rnrd.eu>
Date: Wed, 12 Feb 2025 22:54:17 +0100
Subject: Listen only on tailnet address for new internal rnrd.fyi sites

Signed-off-by: Mel <mel@rnrd.eu>
---
 services/shiori.nix | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'services/shiori.nix')

diff --git a/services/shiori.nix b/services/shiori.nix
index c580577..f7943ed 100644
--- a/services/shiori.nix
+++ b/services/shiori.nix
@@ -1,4 +1,4 @@
-{ pkgs, auxiliaryPkgs, ... }:
+{ me, pkgs, auxiliaryPkgs, ... }:
 
 let
   inherit (pkgs) dockerTools;
@@ -49,6 +49,7 @@ in
   services.nginx.virtualHosts."shiori.rnrd.fyi" = {
     useACMEHost = "rnrd.fyi";
     forceSSL = true;
+    listenAddresses = [ me.tailscale.ip ];
     locations."/" = {
       proxyPass = "http://127.0.0.1:${toString shioriLocalPort}/";
     };
-- 
cgit 1.4.1