From cb0697f14a5a13985710e8e2824158c038e03d83 Mon Sep 17 00:00:00 2001
From: Linnnus <linnnus@users.noreply.github.com>
Date: Sat, 21 Oct 2023 19:09:27 +0200
Subject: cloudflare-proxy: Block non-cloudflare HTTP(S) connections

---
 hosts/ahmed/configuration.nix | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'hosts/ahmed/configuration.nix')

diff --git a/hosts/ahmed/configuration.nix b/hosts/ahmed/configuration.nix
index 945f29c..f95f449 100644
--- a/hosts/ahmed/configuration.nix
+++ b/hosts/ahmed/configuration.nix
@@ -3,6 +3,7 @@
 {
   config,
   pkgs,
+  metadata,
   ...
 }: {
   imports = [
@@ -82,7 +83,10 @@
   networking.firewall.allowedTCPPorts = [80 443];
 
   # We are running behind CF proxy.
-  modules.cloudflare-proxy.enable = true;
+  modules.cloudflare-proxy = {
+    enable = true;
+    firewall.IPv4Whitelist = [metadata.hosts.muhammed.ipAddress];
+  };
 
   # Use as main driver temporarily.
   # modules.graphics.enable = true;
-- 
cgit v1.2.3