fix(homelab): use iptables rules to prevent wan access

2025-12-27 20:31:37 -08:00
parent 136d127117
commit 13e61322a0
11 changed files with 48 additions and 116 deletions
--- a/nix/homelab/kustomize/traefik/chain.yaml
+++ b/nix/homelab/kustomize/traefik/chain.yaml
@@ -1,43 +0,0 @@
-apiVersion: traefik.io/v1alpha1
-kind: Middleware
-metadata:
-  name: rfc1918-chain
-  namespace: home
-spec:
-  chain:
-    middlewares:
-      - name: rfc1918-only
-        namespace: kube-system
---
-apiVersion: traefik.io/v1alpha1
-kind: Middleware
-metadata:
-  name: rfc1918-chain
-  namespace: longhorn-system
-spec:
-  chain:
-    middlewares:
-      - name: rfc1918-only
-        namespace: kube-system
---
-apiVersion: traefik.io/v1alpha1
-kind: Middleware
-metadata:
-  name: rfc1918-chain
-  namespace: media
-spec:
-  chain:
-    middlewares:
-      - name: rfc1918-only
-        namespace: kube-system
---
-apiVersion: traefik.io/v1alpha1
-kind: Middleware
-metadata:
-  name: rfc1918-chain
-  namespace: vaultwarden
-spec:
-  chain:
-    middlewares:
-      - name: rfc1918-only
-        namespace: kube-system
--- a/nix/homelab/kustomize/traefik/rfc1918-middleware.yaml
+++ b/nix/homelab/kustomize/traefik/rfc1918-middleware.yaml
@@ -1,11 +0,0 @@
-apiVersion: traefik.io/v1alpha1
-kind: Middleware
-metadata:
-  name: rfc1918-only
-  namespace: kube-system
-spec:
-  ipAllowList:
-    sourceRange:
-      - "10.0.0.0/8"
-      - "172.16.0.0/12"
-      - "192.168.0.0/16"