blumeops

History

Erich Blume c5d82b0942 Trust k3s CNI interfaces in ringtail NixOS firewall The NixOS firewall was blocking pod-to-host TCP traffic because only tailscale0 was trusted. Pods could ping the host but not reach the API server (port 6443), breaking Tailscale Ingress TLS cert refresh and all ringtail services (authentik, frigate, ntfy, ollama). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-03 11:15:02 -08:00
..
ringtail	Trust k3s CNI interfaces in ringtail NixOS firewall	2026-03-03 11:15:02 -08:00

Erich Blume c5d82b0942 Trust k3s CNI interfaces in ringtail NixOS firewall

The NixOS firewall was blocking pod-to-host TCP traffic because only
tailscale0 was trusted. Pods could ping the host but not reach the
API server (port 6443), breaking Tailscale Ingress TLS cert refresh
and all ringtail services (authentik, frigate, ntfy, ollama).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-03-03 11:15:02 -08:00

ringtail

Trust k3s CNI interfaces in ringtail NixOS firewall

2026-03-03 11:15:02 -08:00