penal-colony/nixos-vps
2
0
Fork 1
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

.

Browse source
This commit is contained in:
ashisgreat22 2026-03-21 20:23:32 +00:00
parent ad55793d41
commit 6b64254eab
11 changed files with 155 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

8
modules/adguard.nix
View file

@ -185,12 +185,18 @@ in
iptables -t nat -D PREROUTING -i tailscale0 -p tcp --dport 53 -j REDIRECT --to-ports 5353 || true
'';
# Nginx reverse proxy for AdGuard Home Web UI and DoH
# Nginx reverse proxy for AdGuard Home Web UI and DoH (Tailscale only)
myModules.nginx.domains."${cfg.domain}" = {
port = cfg.port;
internalOnly = true; # Restrict access to Tailscale network and localhost only
contentSecurityPolicy = null; # AdGuard Home handles its own CSP
};
# Allow direct Tailscale access to AdGuard Home dashboard
networking.firewall.extraCommands = lib.mkAfter ''
iptables -I ts-input 3 -p tcp --dport ${toString cfg.port} -s 100.64.0.0/10 -j ACCEPT
'';
# Ensure nginx user can access ACME certs
users.users.nginx.extraGroups = [ "acme" ];
};