From 579840697799b8b7beba61d6a5c362022a1924d5 Mon Sep 17 00:00:00 2001 From: Noah Masur <7386960+nmasur@users.noreply.github.com> Date: Mon, 19 Aug 2024 00:04:33 +0000 Subject: [PATCH] add denylist to top of caddy routes --- modules/nixos/services/caddy.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/services/caddy.nix b/modules/nixos/services/caddy.nix index cde7cf2..36c8a46 100644 --- a/modules/nixos/services/caddy.nix +++ b/modules/nixos/services/caddy.nix @@ -46,7 +46,7 @@ # Force Caddy to 403 if not coming from allowlisted source caddy.cidrAllowlist = [ "127.0.0.1/32" ]; - caddy.routes = [ + caddy.routes = lib.mkBefore [ { match = [ { not = [ { remote_ip.ranges = config.caddy.cidrAllowlist; } ]; } ]; handle = [