mirror of
https://github.com/nmasur/dotfiles
synced 2024-11-09 23:22:57 +00:00
fix: localhost as default not in caddy allowlist
This commit is contained in:
parent
cce6f6573f
commit
20456b444b
@ -20,7 +20,7 @@
|
|||||||
cidrAllowlist = lib.mkOption {
|
cidrAllowlist = lib.mkOption {
|
||||||
type = lib.types.listOf lib.types.str;
|
type = lib.types.listOf lib.types.str;
|
||||||
description = "CIDR blocks to allow for requests";
|
description = "CIDR blocks to allow for requests";
|
||||||
default = [ "127.0.0.1/32" ];
|
default = [ ];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
@ -28,6 +28,7 @@
|
|||||||
config = lib.mkIf config.services.caddy.enable {
|
config = lib.mkIf config.services.caddy.enable {
|
||||||
|
|
||||||
# Force Caddy to 403 if not coming from allowlisted source
|
# Force Caddy to 403 if not coming from allowlisted source
|
||||||
|
caddy.cidrAllowlist = [ "127.0.0.1/32" ];
|
||||||
caddy.routes = [{
|
caddy.routes = [{
|
||||||
match = [{ not = [{ remote_ip.ranges = config.caddy.cidrAllowlist; }]; }];
|
match = [{ not = [{ remote_ip.ranges = config.caddy.cidrAllowlist; }]; }];
|
||||||
handle = [{
|
handle = [{
|
||||||
|
Loading…
Reference in New Issue
Block a user