diff --git a/modules/nixos/services/caddy.nix b/modules/nixos/services/caddy.nix index cde7cf2..36c8a46 100644 --- a/modules/nixos/services/caddy.nix +++ b/modules/nixos/services/caddy.nix @@ -46,7 +46,7 @@ # Force Caddy to 403 if not coming from allowlisted source caddy.cidrAllowlist = [ "127.0.0.1/32" ]; - caddy.routes = [ + caddy.routes = lib.mkBefore [ { match = [ { not = [ { remote_ip.ranges = config.caddy.cidrAllowlist; } ]; } ]; handle = [