From 2a90ffc7a9d6c37d1658370655209b85cf8d81f2 Mon Sep 17 00:00:00 2001
From: "Dustin C. Hatch" <dustin@hatch.name>
Date: Fri, 22 Nov 2024 22:43:16 -0600
Subject: [PATCH] invoice-ninja: Update trusted proxies addresses

Since _ingress-nginx_ no longer runs in the host network namespace,
traffic will appear to come from pods' internal IP addresses now.
Similarly, the network policy for Invoice Ninja needs to be updated to
allow traffic _to_ the ingress controllers' new addresses.
---
 invoice-ninja/invoice-ninja.env   | 2 +-
 invoice-ninja/network-policy.yaml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/invoice-ninja/invoice-ninja.env b/invoice-ninja/invoice-ninja.env
index 71e304c..895855f 100644
--- a/invoice-ninja/invoice-ninja.env
+++ b/invoice-ninja/invoice-ninja.env
@@ -1,6 +1,6 @@
 APP_LOGO=https://invoiceninja.pyrocufflink.net/images/logo.png
 APP_URL=https://invoiceninja.pyrocufflink.net
-TRUSTED_PROXIES=172.30.0.171,172.30.0.172,172.30.0.173
+TRUSTED_PROXIES=10.149.0.0/16
 
 MAIL_MAILER=smtp
 MAIL_HOST=mail.pyrocufflink.blue
diff --git a/invoice-ninja/network-policy.yaml b/invoice-ninja/network-policy.yaml
index e718c22..ccc6f3a 100644
--- a/invoice-ninja/network-policy.yaml
+++ b/invoice-ninja/network-policy.yaml
@@ -30,7 +30,7 @@ spec:
     - port: 25
   - to:
     - ipBlock:
-        cidr: 172.30.0.160/28
+        cidr: 172.30.0.147/32
     ports:
     - port: 80
     - port: 443