From 71fab52e96c8c1717dc0f686b39864479392bf0d Mon Sep 17 00:00:00 2001
From: jv <juvenaldiaz522@gmail.com>
Date: Sun, 24 May 2026 10:33:38 -0500
Subject: [PATCH] fixed rpi endpoint

---
 .gitignore                |  1 +
 bootstrap/cluster/main.tf | 25 ++++++++++---------------
 2 files changed, 11 insertions(+), 15 deletions(-)

diff --git a/.gitignore b/.gitignore
index 8b1abc6..c2fdd15 100644
--- a/.gitignore
+++ b/.gitignore
@@ -10,3 +10,4 @@ apps/gitea/gitea-docker-backup
 
 # Ignore older source iterations
 *.old
+*.terraform.lock.hcl
diff --git a/bootstrap/cluster/main.tf b/bootstrap/cluster/main.tf
index 8d53c90..15b6cc4 100644
--- a/bootstrap/cluster/main.tf
+++ b/bootstrap/cluster/main.tf
@@ -547,12 +547,6 @@ NODEPORT_SYSCTL_EOT
 #!/bin/sh
 set -eu
 
-PEER_IP="$peer_ip"
-NODE_TAILSCALE_IP="$node_tailscale_ip"
-POD_CIDR="$pod_cidr"
-NODE_PORT="$node_port"
-TARGET_PORT="$target_port"
-
 sysctl -w net.ipv4.conf.all.rp_filter=0 >/dev/null
 sysctl -w net.ipv4.conf.tailscale0.rp_filter=0 >/dev/null 2>&1 || true
 
@@ -561,16 +555,16 @@ if ! ip link show tailscale0 >/dev/null 2>&1; then
   exit 0
 fi
 
-ip route replace "$PEER_IP/32" dev tailscale0 src "$NODE_TAILSCALE_IP"
+ip route replace "$peer_ip/32" dev tailscale0 src "$node_tailscale_ip"
 
-iptables -C INPUT -i tailscale0 -p tcp --dport "$NODE_PORT" -j ACCEPT 2>/dev/null ||
-  iptables -I INPUT 1 -i tailscale0 -p tcp --dport "$NODE_PORT" -j ACCEPT
-iptables -C FORWARD -i tailscale0 -d "$POD_CIDR" -p tcp --dport "$TARGET_PORT" -j ACCEPT 2>/dev/null ||
-  iptables -I FORWARD 1 -i tailscale0 -d "$POD_CIDR" -p tcp --dport "$TARGET_PORT" -j ACCEPT
-iptables -C FORWARD -s "$POD_CIDR" -o tailscale0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT 2>/dev/null ||
-  iptables -I FORWARD 1 -s "$POD_CIDR" -o tailscale0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-iptables -t nat -C POSTROUTING -s 100.64.0.0/10 -d "$POD_CIDR" -p tcp --dport "$TARGET_PORT" -m comment --comment tailscale-nodeport-to-pods -j MASQUERADE 2>/dev/null ||
-  iptables -t nat -I POSTROUTING 1 -s 100.64.0.0/10 -d "$POD_CIDR" -p tcp --dport "$TARGET_PORT" -m comment --comment tailscale-nodeport-to-pods -j MASQUERADE
+iptables -C INPUT -i tailscale0 -p tcp --dport "$node_port" -j ACCEPT 2>/dev/null ||
+  iptables -I INPUT 1 -i tailscale0 -p tcp --dport "$node_port" -j ACCEPT
+iptables -C FORWARD -i tailscale0 -d "$pod_cidr" -p tcp --dport "$target_port" -j ACCEPT 2>/dev/null ||
+  iptables -I FORWARD 1 -i tailscale0 -d "$pod_cidr" -p tcp --dport "$target_port" -j ACCEPT
+iptables -C FORWARD -s "$pod_cidr" -o tailscale0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT 2>/dev/null ||
+  iptables -I FORWARD 1 -s "$pod_cidr" -o tailscale0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+iptables -t nat -C POSTROUTING -s 100.64.0.0/10 -d "$pod_cidr" -p tcp --dport "$target_port" -m comment --comment tailscale-nodeport-to-pods -j MASQUERADE 2>/dev/null ||
+  iptables -t nat -I POSTROUTING 1 -s 100.64.0.0/10 -d "$pod_cidr" -p tcp --dport "$target_port" -m comment --comment tailscale-nodeport-to-pods -j MASQUERADE
 NODEPORT_SCRIPT_EOT
   sudo chmod 0755 /usr/local/sbin/homelab-tailscale-nodeport.sh
 
@@ -642,3 +636,4 @@ output "kubeconfig_path" {
 output "pod_network_cidr" {
   value = var.pod_network_cidr
 }
+