mirror of
https://github.com/nmasur/dotfiles
synced 2024-11-09 23:22:57 +00:00
fix: caddy denylist and jellyfin prometheus
This commit is contained in:
parent
6ea99eca5d
commit
d85e4b1593
@ -41,11 +41,11 @@ in {
|
||||
config = lib.mkIf config.cloudflare.enable {
|
||||
|
||||
# Forces Caddy to error if coming from a non-Cloudflare IP
|
||||
caddy.blocks = [{
|
||||
caddy.routes = [{
|
||||
match = [{ not = [{ remote_ip.ranges = cloudflareIpRanges; }]; }];
|
||||
handle = [{
|
||||
handler = "static_response";
|
||||
abort = true;
|
||||
status_code = "403";
|
||||
}];
|
||||
}];
|
||||
|
||||
|
@ -5,13 +5,25 @@
|
||||
services.jellyfin.group = "media";
|
||||
users.users.jellyfin = { isSystemUser = true; };
|
||||
|
||||
caddy.routes = [{
|
||||
match = [{ host = [ config.hostnames.stream ]; }];
|
||||
handle = [{
|
||||
handler = "reverse_proxy";
|
||||
upstreams = [{ dial = "localhost:8096"; }];
|
||||
}];
|
||||
}];
|
||||
caddy.routes = [
|
||||
{
|
||||
match = [{
|
||||
host = [ config.hostnames.stream ];
|
||||
path = [ "/metrics*" ];
|
||||
}];
|
||||
handle = [{
|
||||
handler = "static_response";
|
||||
status_code = "403";
|
||||
}];
|
||||
}
|
||||
{
|
||||
match = [{ host = [ config.hostnames.stream ]; }];
|
||||
handle = [{
|
||||
handler = "reverse_proxy";
|
||||
upstreams = [{ dial = "localhost:8096"; }];
|
||||
}];
|
||||
}
|
||||
];
|
||||
|
||||
# Create videos directory, allow anyone in Jellyfin group to manage it
|
||||
systemd.tmpfiles.rules = [
|
||||
@ -35,6 +47,9 @@
|
||||
users.users.jellyfin.extraGroups =
|
||||
[ "render" "video" ]; # Access to /dev/dri
|
||||
|
||||
# Requires MetricsEnable is true in /var/lib/jellyfin/config/system.xml
|
||||
prometheus.scrapeTargets = [ "127.0.0.1:8096" ];
|
||||
|
||||
};
|
||||
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user