From 83f80c3236d6be8a0a8a29c5a9bd4c4761cdff14 Mon Sep 17 00:00:00 2001
From: Linnnus <linnnus@users.noreply.github.com>
Date: Sun, 16 Mar 2025 01:32:51 +0100
Subject: mdoules/cloudflare-proxy: Allow local ip addreses

---
 shared/nixos/cloudflare-proxy/default.nix | 17 +++++++++++++++--
 1 file changed, 15 insertions(+), 2 deletions(-)

diff --git a/shared/nixos/cloudflare-proxy/default.nix b/shared/nixos/cloudflare-proxy/default.nix
index 45ccaa6..7725fbb 100644
--- a/shared/nixos/cloudflare-proxy/default.nix
+++ b/shared/nixos/cloudflare-proxy/default.nix
@@ -19,8 +19,21 @@
     hash = "sha256-np054+g7rQDE3sr9U8Y/piAp89ldto3pN9K+KCNMoKk=";
   });
 
-  IPv4Whitelist = [metadata.hosts.muhammed.ipAddress];
-  IPv6Whitelist = [];
+  # Allow local IP addresses.
+  # See: https://en.wikipedia.org/wiki/Reserved_IP_addresses
+  IPv4Whitelist = [
+    "100.64.0.0/10 "
+    "10.0.0.0/8"
+    "127.0.0.0/8"
+    "172.16.0.0/12"
+    "192.0.0.0/24"
+    "192.168.0.0/16"
+    "198.18.0.0/15"
+  ];
+  IPv6Whitelist = [
+    "64:ff9b:1::/48 "
+    "fc00::/7"
+  ];
 in {
   config = {
     # Teach NGINX how to extract the proxied IP from proxied requests.
-- 
cgit v1.2.3