cockpit: now remote access is denied by default. Require wireguard to

access cockpit.

system/services/cockpit.nix

@@ -8,7 +8,11 @@ in
     environment.systemPackages = mkIf config.profile.podman.enable [
       (pkgs.callPackage ../packages/cockpit-podman.nix { })
     ];
-    services.caddy.virtualHosts."cockpit.tigor.web.id".extraConfig = ''
+    services.caddy.virtualHosts."cockpit.tigor.web.id".extraConfig = /*caddyfile*/ ''
+      @denied not remote_ip private_ranges
+
+      respond @denied "Access denied" 403
+
       reverse_proxy 0.0.0.0:9090
     '';
     services.udisks2.enable = true;