From 977f63a951ef64b4980cbee2962c5fcf223e38c0 Mon Sep 17 00:00:00 2001 From: Erich Blume Date: Sun, 8 Feb 2026 09:33:05 -0800 Subject: [PATCH] =?UTF-8?q?Document=20security=20implications=20of=20flyio?= =?UTF-8?q?-proxy=20=E2=86=92=20homelab=20ACL?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The new ACL grant lets the Fly.io proxy reach all Caddy-proxied services, not just Loki/Prometheus. Document the expanded attack surface and trust boundary (requires RCE on gilbert or 1Password access) in both the flyio-proxy and caddy reference cards. Co-Authored-By: Claude Opus 4.6 --- docs/reference/services/caddy.md | 4 ++++ docs/reference/services/flyio-proxy.md | 8 ++++++++ 2 files changed, 12 insertions(+) diff --git a/docs/reference/services/caddy.md b/docs/reference/services/caddy.md index 49b60e7..0ef0b31 100644 --- a/docs/reference/services/caddy.md +++ b/docs/reference/services/caddy.md @@ -79,6 +79,10 @@ mise run provision-indri -- --tags caddy The token is written to `~/.config/caddy/gandi-token` (chmod 0600) and sourced by the Caddy wrapper script. +## Security Considerations + +Caddy has no authentication layer — it is a plain reverse proxy. Access control relies entirely on Tailscale ACLs restricting which devices can reach indri on port 443. Currently `tag:homelab`, `autogroup:admin`, and `tag:flyio-proxy` can reach Caddy. The [[flyio-proxy]] grant exists so Alloy can push metrics/logs to Loki and Prometheus, but it means the Fly.io container can technically reach all Caddy-proxied services. See [[flyio-proxy#Security Considerations]] for the threat model. + ## Custom Build Caddy is built from source with the Gandi DNS plugin: diff --git a/docs/reference/services/flyio-proxy.md b/docs/reference/services/flyio-proxy.md index d39cacc..e75da0d 100644 --- a/docs/reference/services/flyio-proxy.md +++ b/docs/reference/services/flyio-proxy.md @@ -70,6 +70,14 @@ The Tailscale auth key is `preauthorized=True` to avoid device approval hangs on Alloy listens on `127.0.0.1:12345` for self-scraping its `/metrics` endpoint. All metrics carry `instance="flyio-proxy"`. +## Security Considerations + +The `tag:flyio-proxy` ACL grants access to both `tag:k8s:443` (for proxying public services) and `tag:homelab:443` (for pushing metrics/logs to [[caddy|Caddy]]-proxied Loki and Prometheus). This means a compromised nginx config could route traffic to **any** Caddy-proxied service — not just the intended backends. Some of those services (Loki, Prometheus) have no auth; others ([[forgejo]], [[navidrome]], [[immich]]) do. + +Exploitation requires either pushing a malicious image to Fly.io or modifying the nginx config — both of which require RCE on [[gilbert]] (where `fly` is authenticated) or access to [[1password]] (the deploy token). This is an acceptable boundary given that 1Password is already the trust root for the entire infrastructure. + +If this surface area becomes a concern, an alternative would be to add dedicated Tailscale Ingress tags for Loki/Prometheus write endpoints and restrict `tag:flyio-proxy` to only those. + ## Secrets | Secret | Source | Description |