mirror of
https://github.com/nmasur/dotfiles
synced 2024-11-22 13:25:38 +00:00
fix: localhost as default not in caddy allowlist
This commit is contained in:
parent
cce6f6573f
commit
20456b444b
@ -20,7 +20,7 @@
|
||||
cidrAllowlist = lib.mkOption {
|
||||
type = lib.types.listOf lib.types.str;
|
||||
description = "CIDR blocks to allow for requests";
|
||||
default = [ "127.0.0.1/32" ];
|
||||
default = [ ];
|
||||
};
|
||||
};
|
||||
};
|
||||
@ -28,6 +28,7 @@
|
||||
config = lib.mkIf config.services.caddy.enable {
|
||||
|
||||
# Force Caddy to 403 if not coming from allowlisted source
|
||||
caddy.cidrAllowlist = [ "127.0.0.1/32" ];
|
||||
caddy.routes = [{
|
||||
match = [{ not = [{ remote_ip.ranges = config.caddy.cidrAllowlist; }]; }];
|
||||
handle = [{
|
||||
|
Loading…
Reference in New Issue
Block a user