From 0806fd0dacc3d1a1231d7b4c3006ff87623816f5 Mon Sep 17 00:00:00 2001
From: Sam Al-Sapti <sam@sapti.me>
Date: Sun, 24 Sep 2023 18:32:26 +0200
Subject: [PATCH] Restict allowed local IPs

---
 roles/docker_services/defaults/main.yml      | 8 ++++++--
 roles/docker_services/templates/Caddyfile.j2 | 4 ++--
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/roles/docker_services/defaults/main.yml b/roles/docker_services/defaults/main.yml
index 2d4b9cc..c5f52f9 100644
--- a/roles/docker_services/defaults/main.yml
+++ b/roles/docker_services/defaults/main.yml
@@ -57,8 +57,9 @@ services:
   watchtower:
     version: '1.5.3'
 
-sender_domains:
-  - "{{ services.nextcloud.domain }}"
+local_ipv4s:
+  - '192.168.1.0/24'
+  - '192.168.8.0/24'
 
 restic_volumes:
   - "/var/run/docker.sock:/var/run/docker.sock:rw"
@@ -67,3 +68,6 @@ restic_volumes:
   - "{{ services.emby.volume }}:/mnt/volumes/emby:ro"
   - "{{ services.nextcloud.volume }}:/mnt/volumes/nextcloud:ro"
   - "{{ services.pihole.volume }}:/mnt/volumes/pi-hole:ro"
+
+sender_domains:
+  - "{{ services.nextcloud.domain }}"
diff --git a/roles/docker_services/templates/Caddyfile.j2 b/roles/docker_services/templates/Caddyfile.j2
index c6f7620..6bd3ffd 100644
--- a/roles/docker_services/templates/Caddyfile.j2
+++ b/roles/docker_services/templates/Caddyfile.j2
@@ -24,7 +24,7 @@
     }
 
     @local {
-        remote_ip 192.168.0.0/16
+        remote_ip {{ local_ipv4s | join(' ') }}
     }
 
     handle @local {
@@ -85,7 +85,7 @@
     }
 
     @local {
-        remote_ip 192.168.0.0/16
+        remote_ip {{ local_ipv4s | join(' ') }}
     }
 
     handle @local {