noah/dotfiles
1
0
Fork 0
mirror of https://github.com/nmasur/dotfiles synced 2024-09-19 15:54:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: localhost as default not in caddy allowlist

Browse Source
This commit is contained in:
Noah Masur 2023-07-20 00:18:28 +00:00
parent cce6f6573f
commit 20456b444b
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
modules/nixos/services/caddy.nix
View File

@ -20,7 +20,7 @@
cidrAllowlist = lib.mkOption {
type = lib.types.listOf lib.types.str;
description = "CIDR blocks to allow for requests";
default = [ "127.0.0.1/32" ];
default = [ ];
};
};
};
@ -28,6 +28,7 @@
config = lib.mkIf config.services.caddy.enable {
# Force Caddy to 403 if not coming from allowlisted source
caddy.cidrAllowlist = [ "127.0.0.1/32" ];
caddy.routes = [{
match = [{ not = [{ remote_ip.ranges = config.caddy.cidrAllowlist; }]; }];
handle = [{