diff --git a/ansible/roles/traefik/files/file-provider-main.yml b/ansible/roles/traefik/files/file-provider-main.yml index 75d7438..2715d76 100644 --- a/ansible/roles/traefik/files/file-provider-main.yml +++ b/ansible/roles/traefik/files/file-provider-main.yml @@ -10,7 +10,15 @@ http: Permissions-Policy: interest-cohort=() tailscale-only: - ipAllowList: + ipWhiteList: sourceRange: - "{{ tailscale_cidr }}" - "{{ tailscale_cidr_ipv6 }}" + + private-access: + ipWhiteList: + sourceRange: + - "{{ tailscale_cidr }}" + - "{{ tailscale_cidr_ipv6 }}" + - "{{ nebula.cidr }}" + - "{{ pve_hosts.internal_cidr }}" diff --git a/ansible/roles/vaultwarden/files/docker-compose.yml b/ansible/roles/vaultwarden/files/docker-compose.yml index 20850cc..38af1c5 100644 --- a/ansible/roles/vaultwarden/files/docker-compose.yml +++ b/ansible/roles/vaultwarden/files/docker-compose.yml @@ -22,7 +22,7 @@ services: - traefik.http.middlewares.vaultwarden-ratelimit.ratelimit.average=5 - traefik.http.middlewares.vaultwarden-ratelimit.ratelimit.burst=200 - - traefik.http.routers.vaultwarden.middlewares=vaultwarden-ratelimit + - traefik.http.routers.vaultwarden.middlewares=vaultwarden-ratelimit,tailscale-only@file environment: - SIGNUPS_ALLOWED=false - DOMAIN=https://vaultwarden.jakehoward.tech diff --git a/terraform/jakehoward.tech.tf b/terraform/jakehoward.tech.tf index 8c62db1..df12f84 100644 --- a/terraform/jakehoward.tech.tf +++ b/terraform/jakehoward.tech.tf @@ -143,7 +143,7 @@ resource "cloudflare_record" "jakehowardtech_grafana" { resource "cloudflare_record" "jakehowardtech_vaultwarden" { zone_id = cloudflare_zone.jakehowardtech.id name = "vaultwarden" - value = cloudflare_record.sys_domain_pve.hostname + value = cloudflare_record.sys_domain_private.hostname type = "CNAME" ttl = 1 }