diff options
Diffstat (limited to 'shared/nixos')
| -rw-r--r-- | shared/nixos/cloudflare-proxy/default.nix | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/shared/nixos/cloudflare-proxy/default.nix b/shared/nixos/cloudflare-proxy/default.nix index 45ccaa6..7725fbb 100644 --- a/shared/nixos/cloudflare-proxy/default.nix +++ b/shared/nixos/cloudflare-proxy/default.nix @@ -19,8 +19,21 @@ hash = "sha256-np054+g7rQDE3sr9U8Y/piAp89ldto3pN9K+KCNMoKk="; }); - IPv4Whitelist = [metadata.hosts.muhammed.ipAddress]; - IPv6Whitelist = []; + # Allow local IP addresses. + # See: https://en.wikipedia.org/wiki/Reserved_IP_addresses + IPv4Whitelist = [ + "100.64.0.0/10 " + "10.0.0.0/8" + "127.0.0.0/8" + "172.16.0.0/12" + "192.0.0.0/24" + "192.168.0.0/16" + "198.18.0.0/15" + ]; + IPv6Whitelist = [ + "64:ff9b:1::/48 " + "fc00::/7" + ]; in { config = { # Teach NGINX how to extract the proxied IP from proxied requests. |