From 805bacb2224ed0fd0bc6af3372d39fd7d4170ae2 Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Thu, 12 Jan 2023 12:17:47 +0100
Subject: [PATCH] fix(jellyfin): Restrict network access

---
 apps/k8s01/jellyfin/ingress.yaml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/apps/k8s01/jellyfin/ingress.yaml b/apps/k8s01/jellyfin/ingress.yaml
index 7d517c607..4d2ab9d21 100644
--- a/apps/k8s01/jellyfin/ingress.yaml
+++ b/apps/k8s01/jellyfin/ingress.yaml
@@ -10,6 +10,8 @@ metadata:
         forecastle.stakater.com/expose: "true"
         forecastle.stakater.com/appName: Jellyfin
         forecastle.stakater.com/group: Apps
+        forecastle.stakater.com/network-restricted: "true"
+        nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,100.64.0.0/24
 spec:
     rules:
         - host: ENC[AES256_GCM,data:4+LBVSF1Hcsjjqc7/6sw5rjt+qhgkwnoeQ==,iv:8ydyWqCkYv7kItxoQxGFxVp4iSODurIe69xU+e64KIQ=,tag:/TSKzTs1e8AOc+pVuYy5xA==,type:str]
@@ -32,8 +34,8 @@ sops:
     azure_kv: []
     hc_vault: []
     age: []
-    lastmodified: "2023-01-11T14:00:50Z"
-    mac: ENC[AES256_GCM,data:HH4pkFe3U8o1xgnAHMCEtlOZQkAprV4Oz4bCugufQWTsYKvuwVIh8sYoe89SyR0bEGx+wVd43aHQau2khuZa/0YiEUSL2AiV5MLidKDfHRQb5j8WjZnkbHQ8BlMQWi+oSq2yAd1hJ4FetRcgwSJoeIOZZ1SIRXWMZzv9r+UOSlQ=,iv:1Y+qoh9lS607CtX7Ft3zhwzt7RVk90p8Zw/z8Vz24YU=,tag:J7d6fRyYDX/WmuF0yiO2Ww==,type:str]
+    lastmodified: "2023-01-12T11:17:37Z"
+    mac: ENC[AES256_GCM,data:tCDj/sZ8IyKAkEtR4kHgy+mJCSlk6VBmuoz3McgoAFSREQg7elT1HyDofy0WkQ+3/zvrd0DP57nDJTO5HPJdTZpSsrHWkNHJwIE+EzQDyzeCfsYA+8mjQAhrShItuIk00Bx5lRmso7FnZ4uFmLKQJmzeTnKFIesMUJ1/Ikj6+hE=,iv:D5mmYFF8C1A2h5qfeFrf4W86pOVRsWLAdfxjUQS9xH4=,tag:P/QwQoTEtW6GdUAXJ0fZkg==,type:str]
     pgp:
         - created_at: "2023-01-11T09:22:23Z"
           enc: |-
-- 
GitLab