No reason to put the HTTPS proxy on a public port

2021-10-13 08:34:48 -07:00 · 2021-10-13 08:34:48 -07:00 · 248df221d8
commit 248df221d8
parent 76c0d49053
1 changed files with 3 additions and 3 deletions
--- a/config/host-config/limina.nix
+++ b/config/host-config/limina.nix
@ -10,7 +10,7 @@ let
  domain-name = host-config.domain;
  domain = config.fudo.domains.${domain-name};

-  dns-proxy-port = 5335;
+  dns-proxy-port = 5335

 in {
  config = {
@ -81,7 +81,7 @@ in {
        bootstrap-dns = "1.1.1.1";
        allowed-networks =
          [ "1.1.1.1/32" "1.0.0.1/32" "10.0.0.0/16" "localhost" "link-local" ];
-        listen-ips = [ primary-ip ];
+        listen-ips = [ "127.0.0.1" ];
      };
    };

@ -102,7 +102,7 @@ in {
            environment = {
              # ServerIP = primary-ip;
              VIRTUAL_HOST = "dns-hole.sea.fudo.org";
-              DNS1 = "${primary-ip}#${toString dns-proxy-port}";
+              DNS1 = "127.0.0.1#${toString dns-proxy-port}";
            };
            volumes = [
              "/state/pihole/etc-pihole/:/etc/pihole/"