diff --git a/hosts/architect/options.nix b/hosts/architect/options.nix index 82c0235..4d8bef0 100644 --- a/hosts/architect/options.nix +++ b/hosts/architect/options.nix @@ -96,23 +96,29 @@ in description = "The host for the location."; default = "127.0.0.1"; }; - + port = mkOption { type = types.int; description = "The port number for the location."; }; - + allow = mkOption { type = types.listOf types.str; default = [ ]; description = "IP address or CIDR block to allow."; }; - + path = mkOption { type = types.str; default = ""; }; + allowWAN = mkOption { + type = types.bool; + default = false; + description = "If set to false, deny all WAN traffic."; + }; + deny = mkOption { type = types.listOf types.str; default = [ ]; @@ -140,9 +146,9 @@ in proxyPass = "http://${location.host}:${toString location.port}${location.path}"; proxyWebsockets = location.proxyWebsockets; extraConfig = '' - ${optionalString location.allowLan "deny 10.0.0.1;"} - ${concatMapStringsSep "\n" (denyCIDR: "deny ${denyCIDR};") location.deny} ${concatMapStringsSep "\n" (allowCIDR: "allow ${allowCIDR};") location.allow} + ${optionalString (!location.allowWAN) "deny all;"} + ${concatMapStringsSep "\n" (denyCIDR: "deny ${denyCIDR};") location.deny} ${optionalString location.allowLan ''allow ${config.architect.networks."lan".net};''} '' + location.extraConfig; })