Revert "fix: Traefik | remove custom tls option"

This reverts commit 5b76226801.
Revert "chore: remove importFrom calls"
2025-12-11 21:03:39 +05:00 · 2025-12-11 21:03:36 +05:00
6 changed files with 44 additions and 2 deletions
--- a/core-services/index.ts
+++ b/core-services/index.ts
@@ -29,7 +29,7 @@ export class CoreServices extends TerraformStack {
      metadata: {
        name: namespace,
      },
-    });
+    }).importFrom("homelab");

    new TerraformOutput(this, "namespace-output", {
      value: namespace,
--- a/netbird/index.ts
+++ b/netbird/index.ts
@@ -91,7 +91,7 @@ export class Netbird extends TerraformStack {
      repository: "https://netbirdio.github.io/helms",
      chart: "netbird",
      values: [fs.readFileSync(path.join(__dirname, "values.yaml"), "utf8")],
-    });
+    }).importFrom("netbird/netbird");

    new OnePasswordSecret(this, "netbird-setup-key", {
      name: "netbird-setup-key",
--- a/network-security/index.ts
+++ b/network-security/index.ts
@@ -7,6 +7,7 @@ import {
  RateLimitMiddleware,
  IpAllowListMiddleware,
  IpAllowListMiddlewareTCP,
+  TLSOptions,
 } from "./traefik";
 import { ValkeyCluster } from "./valkey";
 import { InternalIngressRoute, PrivateCertificate } from "../utils";
@@ -67,6 +68,11 @@ export class NetworkSecurity extends TerraformStack {
      name: "rate-limit",
    });

+    new TLSOptions(this, "tls-options", {
+      provider: kubernetes,
+      namespace,
+    });
+
    new IpAllowListMiddleware(this, "internal-ip-allow-list", {
      provider: kubernetes,
      namespace,
--- a/network-security/traefik/index.ts
+++ b/network-security/traefik/index.ts
@@ -1,2 +1,3 @@
 export { RateLimitMiddleware } from "./rateLimit";
 export { IpAllowListMiddleware, IpAllowListMiddlewareTCP } from "./ipAllowList";
+export { TLSOptions } from "./tlsOpts";
--- a/network-security/traefik/tlsOpts.ts
+++ b/network-security/traefik/tlsOpts.ts
@@ -0,0 +1,31 @@
+import { Construct } from "constructs";
+import { Manifest } from "@cdktf/provider-kubernetes/lib/manifest";
+import { KubernetesProvider } from "@cdktf/provider-kubernetes/lib/provider";
+
+export class TLSOptions extends Construct {
+  constructor(
+    scope: Construct,
+    id: string,
+    opts: { provider: KubernetesProvider; namespace: string },
+  ) {
+    super(scope, id);
+
+    const { provider, namespace } = opts;
+
+    new Manifest(this, "traefik-tls-options", {
+      provider,
+      manifest: {
+        apiVersion: "traefik.io/v1alpha1",
+        kind: "TLSOption",
+        metadata: {
+          namespace,
+          name: "tls-options",
+        },
+        spec: {
+          minVersion: "VersionTLS13",
+          sniStrict: true,
+        },
+      },
+    });
+  }
+}
--- a/utils/traefik/ingress/ingress.ts
+++ b/utils/traefik/ingress/ingress.ts
@@ -110,6 +110,10 @@ export class IngressRoute extends Construct {
    if (opts.tlsSecretName) {
      spec.tls = {
        secretName: opts.tlsSecretName,
+        options: {
+          name: "tls-options",
+          namespace: "homelab",
+        },
      };
    }
Author	SHA1	Message	Date
Shahab Dogar	afb071bcbe	Revert "fix: Traefik \| remove custom tls option" This reverts commit `5b76226801`.	2025-12-11 21:03:39 +05:00
Shahab Dogar	8b206f005b	Revert "chore: remove importFrom calls" This reverts commit `9743cd3371`.	2025-12-11 21:03:36 +05:00