From a957fd137266ff98bada42c63ec23a9c5197df36 Mon Sep 17 00:00:00 2001
From: m3ta-chiron <m3ta-chiron@agentmail.to>
Date: Mon, 11 May 2026 17:15:16 +0200
Subject: [PATCH] fix(m3-atlas): remove netbird-only middleware from dashboard
 router
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Access control is handled at DNS level — dash.m3ta.dev resolves to
Netbird IP (100.81.142.56) which is unreachable from the public internet.
No need for IP whitelist middleware.
---
 hosts/m3-atlas/services/traefik.nix | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/hosts/m3-atlas/services/traefik.nix b/hosts/m3-atlas/services/traefik.nix
index 83e4a1b..0fba395 100644
--- a/hosts/m3-atlas/services/traefik.nix
+++ b/hosts/m3-atlas/services/traefik.nix
@@ -56,12 +56,6 @@
           };
         };
         middlewares = {
-          # Hermes Dashboard — Netbird mesh only
-          netbird-only = {
-            ipWhiteList = {
-              sourceRange = ["100.64.0.0/16"];
-            };
-          };
           domain-redirect = {
             redirectRegex = {
               regex = "^https://www\\.m3tam3re\\.com(.*)";
@@ -95,7 +89,6 @@
           hermes-dashboard = {
             rule = "Host(`dash.m3ta.dev`)";
             service = "hermes-dashboard";
-            middlewares = ["netbird-only"];
             entrypoints = ["websecure"];
             tls = {
               certResolver = "godaddy";