fix(homelab)!: use traefik middleware to restrict WAN access

2025-12-27 23:29:35 -08:00
parent 13e61322a0
commit d1b81ce0db
11 changed files with 118 additions and 11 deletions
--- a/nix/homelab/scripts/generate-chains.sh
+++ b/nix/homelab/scripts/generate-chains.sh
@@ -0,0 +1,36 @@
+#!/usr/bin/env bash
+
+set -e
+
+NAMESPACES=(
+  "home"
+  "longhorn-system"
+  "pihole-system"
+)
+
+OUTPUT_FILE="kustomize/traefik/chains.yaml"
+
+> "$OUTPUT_FILE"
+
+for i in "${!NAMESPACES[@]}"; do
+  ns="${NAMESPACES[$i]}"
+  
+  if [[ $i -gt 0 ]]; then
+    echo "---" >> "$OUTPUT_FILE"
+  fi
+  
+  cat >> "$OUTPUT_FILE" <<EOF
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: private-networks 
+  namespace: ${ns}
+spec:
+  chain:
+    middlewares:
+      - name: private-networks
+        namespace: kube-system
+EOF
+done
+
+echo "Generated $OUTPUT_FILE with ${#NAMESPACES[@]} namespace chains"