nico/dots
2
2
Fork 1
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

caddy: add block_non_private_ips snippet

Browse source 
blocks ips not in tailnet or in local network from accessing services
using `important block_non_private_ips` in their caddy config
This commit is contained in:
Nico 2025-08-04 22:13:59 +10:00
parent a37e71055f
commit 7537a1e5b6
Signed by: nico
SSH key fingerprint: SHA256:XuacYOrGqRxC3jVFjfLROn1CSvLz85Dec6N7O9Gwu/0
8 changed files with 18 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

6
modules/services/caddy.nix
View file

@ -22,6 +22,12 @@
services.caddy = {
enable = true;
extraConfig = ''
(block_non_private_ips) {
@non_private_ips not remote_ip 100.64.0.0/10 fd7a:115c:a1e0::/48 private_ranges
abort @non_private_ips
}
'';
};
security.acme = {