m 1 shoney: update to new tinc_stats api, reject external
This commit is contained in:
parent
6b4f2995f4
commit
e177454d68
|
@ -21,7 +21,6 @@ in {
|
||||||
krebs = {
|
krebs = {
|
||||||
enable = true;
|
enable = true;
|
||||||
build.host = config.krebs.hosts.shoney;
|
build.host = config.krebs.hosts.shoney;
|
||||||
nginx.enable = true;
|
|
||||||
tinc_graphs = {
|
tinc_graphs = {
|
||||||
enable = true;
|
enable = true;
|
||||||
network = "siem";
|
network = "siem";
|
||||||
|
@ -29,9 +28,15 @@ in {
|
||||||
nginx = {
|
nginx = {
|
||||||
enable = true;
|
enable = true;
|
||||||
# TODO: remove hard-coded hostname
|
# TODO: remove hard-coded hostname
|
||||||
|
anonymous-domain = "localhost.localdomain";
|
||||||
|
anonymous.extraConfig = "return 403;";
|
||||||
complete = {
|
complete = {
|
||||||
listen = [ "${tinc-siem-ip}:80" ];
|
serverAliases = [ "graphs.siem" ];
|
||||||
server-names = [ "graphs.siem" ];
|
extraConfig = ''
|
||||||
|
if ( $server_addr = "${ip}" ) {
|
||||||
|
return 403;
|
||||||
|
}
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in a new issue