Commit 8872c1b9 authored by erdnaxe's avatar erdnaxe 🦋
Browse files

Authorize only localhost to grafana and isso

parent 7109bddc
......@@ -21,6 +21,12 @@
};
};
# Allow only localhost network access
systemd.services.grafana.serviceConfig = {
IPAddressAllow = "localhost";
IPAddressDeny = "any";
};
services.nginx = {
enable = true;
virtualHosts."grafana.nanax.fr" = {
......
......@@ -60,6 +60,10 @@
SystemCallArchitectures = "native";
SystemCallFilter = [ "@system-service" "~@privileged" "~@resources" ];
UMask = "0077";
# Allow only localhost network access
IPAddressAllow = "localhost";
IPAddressDeny = "any";
};
services.nginx = {
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment