From 0f3b4ae8f8df935eb7566c5f723b2248594078df Mon Sep 17 00:00:00 2001
From: Tobias Manske <mail@tobiasmanske.de>
Date: Thu, 1 Feb 2024 01:08:03 +0100
Subject: [PATCH] Traefik: add vpn whitelist

---
 ansible/plays/services/traefik/dynamic.yaml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/ansible/plays/services/traefik/dynamic.yaml b/ansible/plays/services/traefik/dynamic.yaml
index 97bd6be..de9252e 100644
--- a/ansible/plays/services/traefik/dynamic.yaml
+++ b/ansible/plays/services/traefik/dynamic.yaml
@@ -7,6 +7,14 @@ http:
           - "192.168.0.0/16"
           - "172.16.0.0/16"
           - "10.254.1.0/16"
+    vpn-ipwhitelist:
+      ipWhiteList:
+        sourceRange:
+          - "10.2.0.0/24" # vpn
+          - "127.0.0.1/32" # or local nets used by deployments
+          - "192.168.0.0/16"
+          - "172.16.0.0/16"
+          - "10.254.1.0/16"
     auth-headers:
       headers:
         sslRedirect: true