Nginx: Fix ipv6 listen addresses.

home/file/ssh/config

@@ -4,12 +4,12 @@ Host *
 	ControlPersist yes
 
 Host dasha
-	HostName 10.0.0.7
+	HostName dasha.local
 	User root
 	Port 22143
 
 Host desktop
-	HostName 10.0.0.3
+	HostName desktop.local
 	User root
 	Port 22143
 
@@ -19,41 +19,41 @@ Host fmpmaven
 	Port 22
 
 Host home
-	HostName 10.0.0.1
+	HostName [fd09:8d46:b26:0:8079:82ff:fe1a:916a]
 	User root
 	Port 22143
 
 Host laptop
-	HostName 192.168.1.9
+	HostName laptop.local
 	User root
 	Port 22143
 
 Host max
-	HostName 10.0.0.13
+	HostName max.local
 	User root
 	Port 22143
 
 Host nixbuilder
-	HostName 10.0.0.1
+	HostName [fd09:8d46:b26:0:8079:82ff:fe1a:916a]
 	User nixbuilder
 	Port 22143
 
 Host pi
-	HostName 192.168.1.6
+	HostName pi.local
 	User root
 	Port 22143
 
 Host pocket
-	HostName 192.168.1.11
+	HostName pocket.local
 	User root
 	Port 22143
 
 Host vpn
-	HostName 194.113.233.38
+	HostName vpn.local
 	User root
 	Port 22143
 
 Host work
-	HostName 192.168.1.5
+	HostName work.local
 	User root
 	Port 22143

host/x86_64-linux/dasha/Network.nix

@@ -3,7 +3,6 @@
   networking = {
     firewall.extraCommands = ''
       # Local access.
-      iptables  -I INPUT -j ACCEPT -s 10.0.0.0/8
       ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48
     '';
   };

host/x86_64-linux/desktop/Network.nix

@@ -3,7 +3,6 @@
   networking = {
     firewall.extraCommands = ''
       # Local access.
-      iptables  -I INPUT -j ACCEPT -s 10.0.0.0/8
       ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48
     '';
   };

host/x86_64-linux/home/Change.nix

@@ -4,7 +4,6 @@
     enable = true;
     baseURL = "change.voronind.com";
     behindProxy = true;
-    listenAddress = "0.0.0.0";
     port = 5001;
   };
 }

host/x86_64-linux/home/Cups.nix

@@ -12,7 +12,7 @@ in
     browsing = true;
     defaultShared = true;
     drivers = [ package ];
-    listenAddresses = [ "0.0.0.0:631" ];
+    listenAddresses = [ "[::1]:631" ];
     startWhenNeeded = true;
     stateless = false;
     webInterface = true;

host/x86_64-linux/home/Invidious.nix

@@ -14,6 +14,7 @@
     enable = true;
     domain = "yt.voronind.com";
     package = pkgsMaster.invidious;
+    address = "::1";
     port = 3001;
     nginx.enable = false;
     database = {

host/x86_64-linux/home/Paperless.nix

@@ -2,10 +2,8 @@
 {
   services.paperless = {
     enable = true;
-    address = "0.0.0.0";
-    dataDir = "/var/lib/paperless";
-    # port         = cfg.port;
-    passwordFile = pkgs.writeText "PaperlessPassword" "root"; # NOTE: Only for initial setup, change later.
+    address = "[::1]";
+    passwordFile = pkgs.writeText "PaperlessPassword" "root"; # WARN: Only for initial setup, change later.
     settings = {
       PAPERLESS_ADMIN_USER = "root";
       PAPERLESS_DBHOST = "/run/postgresql";

host/x86_64-linux/home/SearX.nix

@@ -11,7 +11,7 @@
         instance_name = "SearX";
       };
       server = {
-        # bind_address    = cfg.address;
+        bind_address = "::1";
         image_proxy = false;
         limiter = false;
         method = "GET";

host/x86_64-linux/home/UptimeKuma.nix

@@ -5,7 +5,7 @@
     settings = {
       DATA_DIR = "/var/lib/uptime-kuma/";
       PORT = "64901";
-      # HOST = cfg.address;
+      HOST = "::1";
     };
   };
 

host/x86_64-linux/home/Vaultwarden.nix

@@ -7,7 +7,7 @@
     config = {
       DATA_FOLDER = "/var/lib/vaultwarden";
       DOMAIN = "https://pass.voronind.com";
-      # ROCKET_ADDRESS    = cfg.address;
+      ROCKET_ADDRESS = "::1";
       ROCKET_PORT = 8001;
       SIGNUPS_ALLOWED = false;
       WEB_VAULT_ENABLED = true;

host/x86_64-linux/home/nginx/Change.nix

@@ -8,7 +8,7 @@
       allow fd09:8d46:b26::/48;
       deny all;
 
-      proxy_pass http://[::1]:5001$request_uri;
+      proxy_pass http://127.0.0.1:5001$request_uri;
 
       add_header Referrer-Policy 'origin';
     }

host/x86_64-linux/home/nginx/Deluge.nix

@@ -7,7 +7,7 @@
       allow 10.0.0.0/8;
       allow fd09:8d46:b26::/48;
       deny all;
-      proxy_pass http://[::1]:8112$request_uri;
+      proxy_pass http://127.0.0.1:8112$request_uri;
     }
 
     ssl_certificate /etc/letsencrypt/live/voronind.com/fullchain.pem;

host/x86_64-linux/home/nginx/Jellyfin.nix

@@ -7,7 +7,7 @@
       allow 10.0.0.0/8;
       allow fd09:8d46:b26::/48;
       deny all;
-      proxy_pass http://[::1]:8096$request_uri;
+      proxy_pass http://127.0.0.1:8096$request_uri;
     }
 
     ssl_certificate /etc/letsencrypt/live/voronind.com/fullchain.pem;

host/x86_64-linux/laptop/Network.nix

@@ -3,7 +3,6 @@
   networking = {
     firewall.extraCommands = ''
       # Local access.
-      iptables  -I INPUT -j ACCEPT -s 10.0.0.0/8
       ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48
     '';
   };

host/x86_64-linux/max/Network.nix

@@ -3,7 +3,6 @@
   networking = {
     firewall.extraCommands = ''
       # Local access.
-      iptables  -I INPUT -j ACCEPT -s 10.0.0.0/8
       ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48
     '';
   };

host/x86_64-linux/pocket/Network.nix

@@ -3,7 +3,6 @@
   networking = {
     firewall.extraCommands = ''
       # Local access.
-      iptables  -I INPUT -j ACCEPT -s 10.0.0.0/8
       ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48
     '';
   };

host/x86_64-linux/work/Network.nix

@@ -2,9 +2,8 @@
 {
   networking = {
     firewall.extraCommands = ''
-      			# Ssh access.
-      			iptables  -I INPUT -j ACCEPT -s 10.0.0.0/8          -p tcp --dport 22143
-      			ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48 -p tcp --dport 22143
+      # Local access.
+      ip6tables -I INPUT -j ACCEPT -s fd09:8d46:0b26::/48
     '';
   };
 }

system/Sshd.nix

@@ -6,10 +6,6 @@
     allowSFTP = true;
     ports = [ 22143 ];
     listenAddresses = [
-      {
-        addr = "0.0.0.0";
-        port = 22143;
-      }
       {
         addr = "[::]";
         port = 22143;