fix: service firewall settings

2026-02-09 12:29:19 -08:00 · 2024-01-13 12:44:02 -08:00 · 2024-01-13 12:44:02 -08:00 · d87b210c46
commit d87b210c46
parent 3d188ab76e
4 changed files with 6 additions and 4 deletions
--- a/modules/nixos/nginx-vouch.nix
+++ b/modules/nixos/nginx-vouch.nix
@ -28,7 +28,8 @@ in {
            vouch = mkIf vouch-proxy.enable {
              proxyOrigin = let
                inherit (vouch-proxy.settings.vouch) listen port;
-              in mkOptionDefault "http://${listen}:${toString port}";
+                host = if listen == "0.0.0.0" || listen == "[::]" then "localhost" else listen;
+              in mkOptionDefault "http://${host}:${toString port}";
              authUrl = mkOptionDefault vouch-proxy.authUrl;
              url = mkOptionDefault vouch-proxy.url;
            };
--- a/nixos/access/zigbee2mqtt.nix
+++ b/nixos/access/zigbee2mqtt.nix
@ -3,14 +3,15 @@
  lib,
  ...
 }:
-with lib; let
+let
+  inherit (lib.modules) mkDefault;
  cfg = config.services.zigbee2mqtt;
 in {
  services.nginx.virtualHosts.${cfg.domain} = {
    vouch.enable = true;
    locations = {
      "/" = {
-        proxyPass = "http://127.0.0.1:${toString cfg.settings.frontend.port}";
+        proxyPass = mkDefault "http://127.0.0.1:${toString cfg.settings.frontend.port}";
        extraConfig = ''
          proxy_set_header Upgrade $http_upgrade;
          proxy_set_header Connection "upgrade";
--- a/nixos/vouch.nix
+++ b/nixos/vouch.nix
@ -10,6 +10,7 @@ in {
    enable = mkDefault true;
    domain = mkDefault "login.${config.networking.domain}";
    settings = {
+      vouch.listen = mkDefault "0.0.0.0";
      vouch.cookie.secure = mkDefault false;
    };
    enableSettingsSecrets = mkDefault true;
--- a/nixos/zigbee2mqtt.nix
+++ b/nixos/zigbee2mqtt.nix
@ -15,7 +15,6 @@ in {

  services.zigbee2mqtt = {
    enable = mkDefault true;
-    openFirewall = mkDefault true;
    domain = mkDefault "z2m.${config.networking.domain}";
    settings = {
      advanced = {