Restict allowed local IPs

2023-09-24 18:32:26 +02:00 · 2023-09-24 18:32:26 +02:00 · 0806fd0dac
parent 43aed3e6b7
commit 0806fd0dac
2 changed files with 8 additions and 4 deletions
--- a/roles/docker_services/defaults/main.yml
+++ b/roles/docker_services/defaults/main.yml
@ -57,8 +57,9 @@ services:
  watchtower:
    version: '1.5.3'

-sender_domains:
-  - "{{ services.nextcloud.domain }}"
+local_ipv4s:
+  - '192.168.1.0/24'
+  - '192.168.8.0/24'

 restic_volumes:
  - "/var/run/docker.sock:/var/run/docker.sock:rw"
@ -67,3 +68,6 @@ restic_volumes:
  - "{{ services.emby.volume }}:/mnt/volumes/emby:ro"
  - "{{ services.nextcloud.volume }}:/mnt/volumes/nextcloud:ro"
  - "{{ services.pihole.volume }}:/mnt/volumes/pi-hole:ro"
+
+sender_domains:
+  - "{{ services.nextcloud.domain }}"
--- a/roles/docker_services/templates/Caddyfile.j2
+++ b/roles/docker_services/templates/Caddyfile.j2
@ -24,7 +24,7 @@
    }

    @local {
-        remote_ip 192.168.0.0/16
+        remote_ip {{ local_ipv4s | join(' ') }}
    }

    handle @local {
@ -85,7 +85,7 @@
    }

    @local {
-        remote_ip 192.168.0.0/16
+        remote_ip {{ local_ipv4s | join(' ') }}
    }

    handle @local {