From 20456b444b7cbdeda2f26857d63d42a6cebbe9fe Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Thu, 20 Jul 2023 00:18:28 +0000
Subject: [PATCH] fix: localhost as default not in caddy allowlist

---
 modules/nixos/services/caddy.nix | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/modules/nixos/services/caddy.nix b/modules/nixos/services/caddy.nix
index cf77f87..ce3fa6b 100644
--- a/modules/nixos/services/caddy.nix
+++ b/modules/nixos/services/caddy.nix
@@ -20,7 +20,7 @@
       cidrAllowlist = lib.mkOption {
         type = lib.types.listOf lib.types.str;
         description = "CIDR blocks to allow for requests";
-        default = [ "127.0.0.1/32" ];
+        default = [ ];
       };
     };
   };
@@ -28,6 +28,7 @@
   config = lib.mkIf config.services.caddy.enable {
 
     # Force Caddy to 403 if not coming from allowlisted source
+    caddy.cidrAllowlist = [ "127.0.0.1/32" ];
     caddy.routes = [{
       match = [{ not = [{ remote_ip.ranges = config.caddy.cidrAllowlist; }]; }];
       handle = [{