causalhonk/dots
1
0
Fork 0
forked from nico/dots
Code Pull requests Activity

caddy: add block_non_private_ips snippet

Browse source 
blocks ips not in tailnet or in local network from accessing services
using `important block_non_private_ips` in their caddy config
This commit is contained in:
Nico 2025-08-04 22:13:59 +10:00
parent a37e71055f
commit 7537a1e5b6
Signed by: nico
SSH key fingerprint: SHA256:XuacYOrGqRxC3jVFjfLROn1CSvLz85Dec6N7O9Gwu/0
8 changed files with 18 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

6
modules/services/media/arr.nix
View file

@ -50,36 +50,42 @@
useACMEHost = config.homelab.domain;
extraConfig = ''
reverse_proxy http://localhost:7878
import block_non_private_ips
'';
};
services.caddy.virtualHosts."sonarr.${config.homelab.domain}" = {
useACMEHost = config.homelab.domain;
extraConfig = ''
reverse_proxy http://localhost:8989
import block_non_private_ips
'';
};
services.caddy.virtualHosts."prowlarr.${config.homelab.domain}" = {
useACMEHost = config.homelab.domain;
extraConfig = ''
reverse_proxy http://localhost:9696
import block_non_private_ips
'';
};
services.caddy.virtualHosts."bazarr.${config.homelab.domain}" = {
useACMEHost = config.homelab.domain;
extraConfig = ''
reverse_proxy http://localhost:6767
import block_non_private_ips
'';
};
services.caddy.virtualHosts."deluge.${config.homelab.domain}" = {
useACMEHost = config.homelab.domain;
extraConfig = ''
reverse_proxy http://localhost:8112
import block_non_private_ips
'';
};
services.caddy.virtualHosts."jellyseer.${config.homelab.domain}" = {
useACMEHost = config.homelab.domain;
extraConfig = ''
reverse_proxy http://localhost:5055
import block_non_private_ips
'';
};
}