jv
/
my-homelab-configs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fixed rpi endpoint

This commit is contained in:
jv 2026-05-24 10:33:38 -05:00
parent a9012d8777
commit 71fab52e96
2 changed files with 11 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -10,3 +10,4 @@ apps/gitea/gitea-docker-backup
# Ignore older source iterations
*.old
*.terraform.lock.hcl

25
bootstrap/cluster/main.tf
View File

@ -547,12 +547,6 @@ NODEPORT_SYSCTL_EOT
#!/bin/sh
set -eu
PEER_IP="$peer_ip"
NODE_TAILSCALE_IP="$node_tailscale_ip"
POD_CIDR="$pod_cidr"
NODE_PORT="$node_port"
TARGET_PORT="$target_port"
sysctl -w net.ipv4.conf.all.rp_filter=0 >/dev/null
sysctl -w net.ipv4.conf.tailscale0.rp_filter=0 >/dev/null 2>&1 || true
@ -561,16 +555,16 @@ if ! ip link show tailscale0 >/dev/null 2>&1; then
exit 0
fi
ip route replace "$PEER_IP/32" dev tailscale0 src "$NODE_TAILSCALE_IP"
ip route replace "$peer_ip/32" dev tailscale0 src "$node_tailscale_ip"
iptables -C INPUT -i tailscale0 -p tcp --dport "$NODE_PORT" -j ACCEPT 2>/dev/null ||
iptables -I INPUT 1 -i tailscale0 -p tcp --dport "$NODE_PORT" -j ACCEPT
iptables -C FORWARD -i tailscale0 -d "$POD_CIDR" -p tcp --dport "$TARGET_PORT" -j ACCEPT 2>/dev/null ||
iptables -I FORWARD 1 -i tailscale0 -d "$POD_CIDR" -p tcp --dport "$TARGET_PORT" -j ACCEPT
iptables -C FORWARD -s "$POD_CIDR" -o tailscale0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT 2>/dev/null ||
iptables -I FORWARD 1 -s "$POD_CIDR" -o tailscale0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -C POSTROUTING -s 100.64.0.0/10 -d "$POD_CIDR" -p tcp --dport "$TARGET_PORT" -m comment --comment tailscale-nodeport-to-pods -j MASQUERADE 2>/dev/null ||
iptables -t nat -I POSTROUTING 1 -s 100.64.0.0/10 -d "$POD_CIDR" -p tcp --dport "$TARGET_PORT" -m comment --comment tailscale-nodeport-to-pods -j MASQUERADE
iptables -C INPUT -i tailscale0 -p tcp --dport "$node_port" -j ACCEPT 2>/dev/null ||
iptables -I INPUT 1 -i tailscale0 -p tcp --dport "$node_port" -j ACCEPT
iptables -C FORWARD -i tailscale0 -d "$pod_cidr" -p tcp --dport "$target_port" -j ACCEPT 2>/dev/null ||
iptables -I FORWARD 1 -i tailscale0 -d "$pod_cidr" -p tcp --dport "$target_port" -j ACCEPT
iptables -C FORWARD -s "$pod_cidr" -o tailscale0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT 2>/dev/null ||
iptables -I FORWARD 1 -s "$pod_cidr" -o tailscale0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -C POSTROUTING -s 100.64.0.0/10 -d "$pod_cidr" -p tcp --dport "$target_port" -m comment --comment tailscale-nodeport-to-pods -j MASQUERADE 2>/dev/null ||
iptables -t nat -I POSTROUTING 1 -s 100.64.0.0/10 -d "$pod_cidr" -p tcp --dport "$target_port" -m comment --comment tailscale-nodeport-to-pods -j MASQUERADE
NODEPORT_SCRIPT_EOT
sudo chmod 0755 /usr/local/sbin/homelab-tailscale-nodeport.sh
@ -642,3 +636,4 @@ output "kubeconfig_path" {
output "pod_network_cidr" {
value = var.pod_network_cidr
}