noah/dotfiles
1
0
Fork 0
mirror of https://github.com/nmasur/dotfiles synced 2024-11-22 19:15:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: localhost as default not in caddy allowlist

Browse Source
This commit is contained in:
Noah Masur 2023-07-20 00:18:28 +00:00
parent cce6f6573f
commit 20456b444b
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
modules/nixos/services/caddy.nix
View File

@ -20,7 +20,7 @@
cidrAllowlist = lib.mkOption { cidrAllowlist = lib.mkOption {
type = lib.types.listOf lib.types.str; type = lib.types.listOf lib.types.str;
description = "CIDR blocks to allow for requests"; description = "CIDR blocks to allow for requests";
default = [ "127.0.0.1/32" ]; default = [ ];
}; };
}; };
}; };
@ -28,6 +28,7 @@
config = lib.mkIf config.services.caddy.enable { config = lib.mkIf config.services.caddy.enable {
# Force Caddy to 403 if not coming from allowlisted source # Force Caddy to 403 if not coming from allowlisted source
caddy.cidrAllowlist = [ "127.0.0.1/32" ];
caddy.routes = [{ caddy.routes = [{
match = [{ not = [{ remote_ip.ranges = config.caddy.cidrAllowlist; }]; }]; match = [{ not = [{ remote_ip.ranges = config.caddy.cidrAllowlist; }]; }];
handle = [{ handle = [{