fix(homelab)!: use traefik middleware to restrict WAN access

This commit is contained in:
2025-12-27 23:29:35 -08:00
parent 13e61322a0
commit d1b81ce0db
11 changed files with 118 additions and 11 deletions

View File

@@ -0,0 +1,36 @@
#!/usr/bin/env bash
set -e
NAMESPACES=(
"home"
"longhorn-system"
"pihole-system"
)
OUTPUT_FILE="kustomize/traefik/chains.yaml"
> "$OUTPUT_FILE"
for i in "${!NAMESPACES[@]}"; do
ns="${NAMESPACES[$i]}"
if [[ $i -gt 0 ]]; then
echo "---" >> "$OUTPUT_FILE"
fi
cat >> "$OUTPUT_FILE" <<EOF
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: private-networks
namespace: ${ns}
spec:
chain:
middlewares:
- name: private-networks
namespace: kube-system
EOF
done
echo "Generated $OUTPUT_FILE with ${#NAMESPACES[@]} namespace chains"

View File

@@ -0,0 +1,20 @@
#!/usr/bin/env bash
set -e
if [ "$#" -ne 2 ]; then
echo "Usage: $0 <server_name> <backup_file>" >&2
exit 1
fi
SERVER_NAME="$1"
BACKUP_FILE="$2"
cd kustomize
kubectl scale deployment minecraft-$SERVER_NAME --replicas 0
sed -e "s/{{SERVER_NAME}}/$SERVER_NAME/g" \
-e "s/{{BACKUP_FILE}}/$BACKUP_FILE/g" \
restore-job.yaml | kubectl apply -f -
cd -

View File

@@ -0,0 +1,11 @@
#!/usr/bin/env bash
set -e
HOST="$1"
if [ -z "$HOST" ]; then
echo "Usage: $0 <ip-or-hostname>"
exit 1
fi
ssh "$HOST" "cd ~/dotfiles && git pull && sudo nixos-rebuild switch --flake ~/dotfiles/nix/homelab --impure"