fix(homelab): use iptables rules to prevent wan access

nix/homelab/kustomize/routes/consul-media.yaml

@@ -36,12 +36,6 @@ spec:
     - backendRefs:
         - name: bazarr
           port: 6767
-      filters:
-        - type: ExtensionRef
-          extensionRef:
-            group: traefik.io
-            kind: Middleware
-            name: rfc1918-chain
 ---
 apiVersion: v1
 kind: Service
@@ -81,12 +75,6 @@ spec:
     - backendRefs:
         - name: prowlarr
           port: 9696
-      filters:
-        - type: ExtensionRef
-          extensionRef:
-            group: traefik.io
-            kind: Middleware
-            name: rfc1918-chain
 ---
 apiVersion: v1
 kind: Service
@@ -126,12 +114,6 @@ spec:
     - backendRefs:
         - name: radarr
           port: 7878
-      filters:
-        - type: ExtensionRef
-          extensionRef:
-            group: traefik.io
-            kind: Middleware
-            name: rfc1918-chain
 ---
 apiVersion: v1
 kind: Service
@@ -171,12 +153,6 @@ spec:
     - backendRefs:
         - name: sonarr
           port: 8989
-      filters:
-        - type: ExtensionRef
-          extensionRef:
-            group: traefik.io
-            kind: Middleware
-            name: rfc1918-chain
 ---
 apiVersion: v1
 kind: Service
@@ -216,12 +192,6 @@ spec:
     - backendRefs:
         - name: qbittorrent
           port: 8090
-      filters:
-        - type: ExtensionRef
-          extensionRef:
-            group: traefik.io
-            kind: Middleware
-            name: rfc1918-chain
 ---
 apiVersion: v1
 kind: Service
@@ -261,12 +231,6 @@ spec:
     - backendRefs:
         - name: flaresolverr
           port: 8191
-      filters:
-        - type: ExtensionRef
-          extensionRef:
-            group: traefik.io
-            kind: Middleware
-            name: rfc1918-chain
 ---
 apiVersion: v1
 kind: Service
@@ -306,9 +270,3 @@ spec:
     - backendRefs:
         - name: jellyfin
           port: 8096
-      filters:
-        - type: ExtensionRef
-          extensionRef:
-            group: traefik.io
-            kind: Middleware
-            name: rfc1918-chain

nix/homelab/kustomize/routes/consul-vaultwarden.yaml

@@ -41,9 +41,3 @@ spec:
     - backendRefs:
         - name: vaultwarden
           port: 8000
-      filters:
-        - type: ExtensionRef
-          extensionRef:
-            group: traefik.io
-            kind: Middleware
-            name: rfc1918-chain

nix/homelab/kustomize/routes/home-assistant.yaml

@@ -13,9 +13,3 @@ spec:
     - backendRefs:
         - name: home-assistant
           port: 8080
-      filters:
-        - type: ExtensionRef
-          extensionRef:
-            group: traefik.io
-            kind: Middleware
-            name: rfc1918-chain

nix/homelab/kustomize/routes/longhorn.yaml

@@ -13,9 +13,3 @@ spec:
     - backendRefs:
         - name: longhorn-frontend
           port: 80
-      filters:
-        - type: ExtensionRef
-          extensionRef:
-            group: traefik.io
-            kind: Middleware
-            name: rfc1918-chain

nix/homelab/kustomize/routes/pihole.yaml

@@ -0,0 +1,15 @@
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: longhorn
+  namespace: pihole-system
+spec:
+  parentRefs:
+    - name: traefik-gateway
+      namespace: kube-system
+  hostnames:
+    - "pihole.lucalise.ca"
+  rules:
+    - backendRefs:
+        - name: pihole-web
+          port: 80