box: only expose graph on local net

2022-11-25 13:06:29 -07:00 · 2022-11-25 13:06:29 -07:00 · a272eeab0b
commit a272eeab0b
parent 28535545da
3 changed files with 6 additions and 3 deletions
--- a/hosts/box/default.nix
+++ b/hosts/box/default.nix
@ -70,6 +70,8 @@ in {
  sops.secrets.reddit_key = mkNginxSecret;
  sops.secrets.sonarr_cert = mkNginxSecret;
  sops.secrets.sonarr_key = mkNginxSecret;
+  sops.secrets.graph_cert = mkNginxSecret;
+  sops.secrets.graph_key = mkNginxSecret;

  boot.supportedFilesystems = [ "zfs" ];
  boot.loader.grub.copyKernels = true;
@ -696,9 +698,10 @@ in {
          };
        };

-        ${config.services.grafana.settings.server.domain} = {
+        "graph.bold.daemon" = {
+          sslCertificateKey = "${config.sops.secrets.graph_key.path}";
+          sslCertificate = "${config.sops.secrets.graph_cert.path}";
          forceSSL = true;
-          enableACME = true;

          locations."/" = {
            proxyPass = "http://127.0.0.1:${
--- a/hosts/europa/default.nix
+++ b/hosts/europa/default.nix
@ -80,7 +80,6 @@ in {
  virtualisation.libvirtd.enable = true;
  programs.dconf.enable = true;

-  networking.hosts."100.120.151.126" = [ "graph.tapenet.org" ];
  networking = {
    hostName = "europa";
    hostId = "87703c3e";
--- a/hosts/faf/default.nix
+++ b/hosts/faf/default.nix
@ -114,6 +114,7 @@ in {
          ''"radarr.bold.daemon. IN A 100.120.151.126"''
          ''"reddit.bold.daemon. IN A 100.120.151.126"''
          ''"sonarr.bold.daemon. IN A 100.120.151.126"''
+          ''"graph.bold.daemon. IN A 100.120.151.126"''
        ];
      };
    };