Compare commits
37 Commits
07f8227679
...
3970841a8c
Author | SHA1 | Date |
---|---|---|
Renovate | 3970841a8c | |
Jake Howard | ee96e6ab08 | |
Jake Howard | ffbba254fb | |
Jake Howard | c472411801 | |
Jake Howard | 7564911da3 | |
Jake Howard | 7ff44ee238 | |
Jake Howard | 7c8d224c4a | |
Renovate | 7bc0ebeb26 | |
Jake Howard | 33f9c544fd | |
Jake Howard | b6583cc823 | |
Jake Howard | 9c02017fed | |
Renovate | 91ec56717f | |
Renovate | 3318656730 | |
Renovate | 9d98d88089 | |
Renovate | c882e246ab | |
Renovate | 67af033fcd | |
Renovate | cee3679504 | |
Renovate | 5330fdc56f | |
Renovate | 2e0b562f5d | |
Renovate | 989a804bad | |
Jake Howard | 8424b3211b | |
Jake Howard | b83e239123 | |
Jake Howard | 5157940f20 | |
Jake Howard | eb6fe3a23b | |
Jake Howard | b2656bdf43 | |
Jake Howard | 124b83526d | |
Jake Howard | 0295507d0b | |
Jake Howard | f88d224168 | |
Jake Howard | 451a114262 | |
Jake Howard | 119b3212a9 | |
Renovate | fb0830e9fc | |
Renovate | 5aae711cb8 | |
Renovate | f552332598 | |
Jake Howard | 82451784a8 | |
Jake Howard | 000f3d3348 | |
Jake Howard | 0dcc3f7c30 | |
Jake Howard | 8a1e21c79d |
|
@ -19,7 +19,7 @@ jobs:
|
|||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: Set up Python
|
||||
uses: actions/setup-python@v4
|
||||
uses: actions/setup-python@v5
|
||||
with:
|
||||
python-version: 3.11
|
||||
- uses: taiki-e/install-action@just
|
||||
|
|
|
@ -1,9 +1,8 @@
|
|||
# {{ ansible_managed }}
|
||||
|
||||
server {
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
http2 on;
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
|
||||
server_name {{ server_name }};
|
||||
set $upstream {{ upstream }};
|
||||
|
|
|
@ -10,15 +10,15 @@ roles:
|
|||
- src: geerlingguy.docker
|
||||
version: 6.2.0
|
||||
- src: geerlingguy.ntp
|
||||
version: 2.3.3
|
||||
version: 2.4.0
|
||||
- src: realorangeone.reflector
|
||||
- src: ironicbadger.proxmox_nag_removal
|
||||
version: 1.0.2
|
||||
- src: ironicbadger.snapraid
|
||||
version: 1.0.0
|
||||
- src: dokku_bot.ansible_dokku
|
||||
version: v2022.10.17
|
||||
version: v2024.4.11
|
||||
- src: geerlingguy.certbot
|
||||
version: 5.1.0
|
||||
- src: artis3n.tailscale
|
||||
version: v4.4.2
|
||||
version: v4.4.4
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
pve_hosts:
|
||||
internal_cidr: 10.23.1.0/24
|
||||
internal_cidr_ipv6: fde3:15e9:e883::1/48
|
||||
pve:
|
||||
ip: 10.23.1.1
|
||||
external_ip: 192.168.2.200
|
||||
|
@ -7,15 +8,19 @@ pve_hosts:
|
|||
ip: 10.23.1.11
|
||||
forrest:
|
||||
ip: 10.23.1.13
|
||||
ipv6: fde3:15e9:e883::103
|
||||
jellyfin:
|
||||
ip: 10.23.1.101
|
||||
dokku:
|
||||
ip: 10.23.1.102
|
||||
docker:
|
||||
ip: 10.23.1.103
|
||||
ipv6: fde3:15e9:e883::203
|
||||
ingress:
|
||||
ip: 10.23.1.10
|
||||
external_ip: 192.168.2.201
|
||||
external_ipv6: "{{ vault_ingress_ipv6 }}"
|
||||
ipv6: fde3:15e9:e883::100
|
||||
homeassistant:
|
||||
ip: 192.168.2.203
|
||||
qbittorrent:
|
||||
|
|
|
@ -2,5 +2,6 @@
|
|||
tailscale_up_skip: true
|
||||
|
||||
tailscale_cidr: 100.64.0.0/24 # It's really /10, but I don't use that many IPs
|
||||
tailscale_cidr_ipv6: fd7a:115c:a1e0::/120 # It's really /48, but I don't use that many IPs
|
||||
|
||||
tailscale_port: 41641
|
||||
|
|
|
@ -1,41 +1,44 @@
|
|||
$ANSIBLE_VAULT;1.1;AES256
|
||||
63376661396632313137666432623833393836313463393466663331306566633734313864386538
|
||||
6365623730303762613261346138613733323664306361660a303762663233366462653363313038
|
||||
64333230383538653136663630336664653435356438666261316366626238343535386431653930
|
||||
3432393363373533340a613664306366383533326637626238336638376435313730666433393439
|
||||
30623336653365383939333936346661383663383535633562353130363861386264336539303566
|
||||
62636634366363306536633532336664336164373739643834366431626635393762323634626436
|
||||
31333936376466616261376239643961616431333461386165393762656363353964353031356538
|
||||
37353466353037306236323562396264633966353932633461353964616661666363313432396236
|
||||
35343065666636663632376264346263623065383266383039373132336339343030633231623636
|
||||
61383765636366326231346130386562323630326161663536636534666434343035653535303961
|
||||
65336661366534613631343566623136626163363664303364306364313635633962333961333639
|
||||
61666431393134313032633730623532383765636334666462303234313530316331646463623965
|
||||
66323435313561623136636264393362323530343661303562623365636431633431636361343765
|
||||
64366465613936363065303463323432646562343031363764616637623136633034383235656565
|
||||
65623066653538313966376532373564633062326164643234376365623936376632623136363263
|
||||
34363630613364393133343565383630623036376134353633373836636232653261633337323366
|
||||
30376263613862663966396539663834313066303163663636366330316535373634346463666636
|
||||
38663335336565616462613838346435353330643533326164353532646436643031666166636465
|
||||
30653735396537376536613239613166323665393066616366303431336662646363613536373861
|
||||
36643838633832303866363032396335626234623863656432336431666333373235373539666638
|
||||
63383130363333646135333630323230393231396262363039666336326436613831633831313331
|
||||
38333038353338643532343830346436353331313763323264303031396137376336643834363837
|
||||
38633739613534613837643432663465366632383732333437633663643136376139363633636465
|
||||
62623261663462333162313938376261386439633964626664393439356561306433333661366239
|
||||
39633739333830303730353663663863623539376333373161663237663862623333626633343836
|
||||
32386135636639306161303865643633616431373563626461386562626336643638336436333631
|
||||
63656136363235393761366664626531313566646537343930663633393337643264633731366165
|
||||
65326165376466333537653733303463363431383963343561366530343335353561613438643339
|
||||
64646136336362393339323565353835376237346538396165653763343030373732633065643436
|
||||
37336532313939306265303731663430613237666534616463343633313837323532666532363238
|
||||
62376638343862356231323165326561653637666232646437316234376638366333313732373266
|
||||
64633365613630306265303664366536616332323435356234616334323733363131366532363562
|
||||
64613631333931626263356538633831396261653038633535643437643332396436653233646438
|
||||
35613861363438333463643935636232346639353763323663396366356537633339353664616636
|
||||
64386133653531313039306631386136353638333066353765613761353532393662633564666130
|
||||
39306534383434333733396134393163633136376633633565326331373637393231613934623638
|
||||
37626130353035326230656364393164633538356466623635366230643331663634636330363561
|
||||
34326465643464376565346163393834616166366464313635396463396639353965303831353564
|
||||
65313534646662636636613066653938396666303733623238613662393536643364323331363961
|
||||
65613037313332346665
|
||||
30343832393233616534663738346461303836323930373663613438353339353433636530323132
|
||||
3139396237376638376536653263346165323066623864650a666264643966386463353161306664
|
||||
61393739636336343338656635303462656232356162616666343238336161613730626363616133
|
||||
3663623465366130640a306164396662343262623065366431306163636564646136653730306434
|
||||
38346633376533646638396164613837663437356266646430373731383161626336373837303539
|
||||
37373939393431336435636336663739633335326430373864653831613964646137323136303634
|
||||
62346237313061356630323335306366643131366565343566376666643161666136376337666335
|
||||
30633262616666326464326436623136366639363930663061343434396138366336646538363135
|
||||
32393061663530333532666331376661623137343635646265613364346531383635366363613265
|
||||
65366265666538396438643130396437636562653538303634316465623136333036646432383735
|
||||
31643364323265363731383665316338366139343130346536303538623565633662653062323531
|
||||
38323630623231633032386663343736616566303166386433633062653530386561366661653663
|
||||
63353537623339323134386162376366313132393631613931663738356430623337333262633838
|
||||
31316362666639326365663164626263356464623139376166333962356238353637623431623137
|
||||
63633361336161373564306631646638386537303238616239646234646332393536316437336466
|
||||
61666235343466333539363566613530313761326161346464356363633330373862653033303936
|
||||
30666335633663393565303835306662666462633130353163383663333062633731306262613532
|
||||
33303866643334343535663632353235313262623231656536313636646564653636396663326632
|
||||
65353434633135363630356464636130303262363436633761353161356636646361626165316563
|
||||
31666165646135643961383032313532623431376531393231613436376337386537393466343036
|
||||
30633262316439303636393739393462653938313965643137373266323465663164653365376537
|
||||
30333361626335623836303463613734663138396535656664353730383933386530346130353064
|
||||
39653939623261306134323961353562623834333738613338396461343761346461386338333265
|
||||
65343932623634663033623163666663303735656633663236366235343066336162303136373332
|
||||
64383430653863333238656565383762623962636431323033396234646665616430383561366331
|
||||
32643230303962623633663632376566626534633935653832656263333236396366653035633561
|
||||
61646161356132383733636639653163346466316230303763623666376238653964376363656539
|
||||
63386238373266653732316539643261363662356261383834636637373639656137303935613663
|
||||
62653433646366326331636464303537386161383832376164303738353134653138393137313438
|
||||
63376262343335313832306466313338396266386535373465313765356638396665356332363539
|
||||
32643266636633343332653139636330656331313938613833333662666638366534346235613164
|
||||
39373431336637633936376632303131306339653131636163303539653862326566663239646366
|
||||
63643936343138663461303530623863663763633235373337616331326361386561663633373362
|
||||
31623234353832373961306663633262396437336665616335643064656534306136636236633662
|
||||
37646363386564336136396166306630653735313137373266326662376663626139373064326536
|
||||
39666633666262666263663265626634346333316466366661313538383734636361376261663333
|
||||
30636466306661353034623863616635666433646239343339613130633834303362633835366234
|
||||
65346632636166393664333266333266313062313734323239666239396364623162363861613661
|
||||
62623732633735666164663138323961666131656336633362373730306631633939343435323633
|
||||
31363834393365303530313837356264633262643264393639306236303163353933303830393566
|
||||
62316164393231326139623833666639623637616238383236303933323964386664623961336634
|
||||
39363062613439666433623863613435626133303032393938613934353562356436656564336339
|
||||
643332616661636236363164623461623466
|
||||
|
|
|
@ -1,3 +1,5 @@
|
|||
"vps_hosts":
|
||||
"casey_ip": "213.219.38.11"
|
||||
"private_ipv6_marker": "2a01:7e00:e000:7f7::1"
|
||||
"private_ipv6_range": "2a01:7e00:e000:7f7::1/128"
|
||||
"walker_ip": "192.248.168.230"
|
||||
|
|
|
@ -4,6 +4,7 @@ traefik_provider_jellyfin: true
|
|||
traefik_provider_homeassistant: true
|
||||
traefik_provider_grafana: true
|
||||
traefik_provider_dokku: true
|
||||
traefik_provider_uptime_kuma: true
|
||||
|
||||
with_fail2ban: true
|
||||
|
||||
|
|
|
@ -25,7 +25,7 @@ sanoid_datasets:
|
|||
|
||||
sanoid_templates:
|
||||
production:
|
||||
frequently: 2
|
||||
frequently: 4
|
||||
hourly: 48
|
||||
daily: 28
|
||||
monthly: 3
|
||||
|
|
|
@ -11,3 +11,5 @@ certbot_certs:
|
|||
- domains:
|
||||
- plausible.theorangeone.net
|
||||
- elbisualp.theorangeone.net
|
||||
- domains:
|
||||
- slides.jakehoward.tech
|
||||
|
|
|
@ -95,7 +95,8 @@
|
|||
|
||||
- hosts: forrest
|
||||
roles:
|
||||
- forrest
|
||||
- prometheus
|
||||
- uptime_kuma
|
||||
- pve_nebula_route
|
||||
- pve_tailscale_route
|
||||
|
||||
|
@ -118,6 +119,7 @@
|
|||
- website
|
||||
- remark42
|
||||
- artis3n.tailscale
|
||||
- slides
|
||||
|
||||
- hosts: jellyfin
|
||||
roles:
|
||||
|
|
|
@ -2,10 +2,6 @@
|
|||
errors
|
||||
cancel
|
||||
|
||||
view nov6 {
|
||||
expr type() != 'AAAA'
|
||||
}
|
||||
|
||||
forward . tls://9.9.9.9 tls://149.112.112.112 tls://2620:fe::fe tls://2620:fe::9 {
|
||||
tls_servername dns.quad9.net
|
||||
health_check 15s
|
||||
|
@ -13,6 +9,7 @@
|
|||
|
||||
hosts {
|
||||
{{ pve_hosts.ingress.external_ip }} pve.sys.theorangeone.net
|
||||
{{ pve_hosts.ingress.external_ipv6 }} pve.sys.theorangeone.net
|
||||
fallthrough
|
||||
ttl 300
|
||||
}
|
||||
|
|
|
@ -21,7 +21,7 @@ x-env: &env
|
|||
|
||||
services:
|
||||
server:
|
||||
image: ghcr.io/goauthentik/server:2023.10
|
||||
image: ghcr.io/goauthentik/server:2024.2
|
||||
restart: unless-stopped
|
||||
command: server
|
||||
user: "{{ docker_user.id }}"
|
||||
|
@ -44,7 +44,7 @@ services:
|
|||
- traefik
|
||||
|
||||
worker:
|
||||
image: ghcr.io/goauthentik/server:2023.10
|
||||
image: ghcr.io/goauthentik/server:2024.2
|
||||
restart: unless-stopped
|
||||
command: worker
|
||||
user: "{{ docker_user.id }}"
|
||||
|
|
|
@ -4,4 +4,4 @@ bantime = 600
|
|||
findtime = 30
|
||||
maxretry = 5
|
||||
port = {{ ssh_port }},ssh
|
||||
ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ tailscale_cidr }}
|
||||
ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ pve_hosts.internal_cidr_ipv6 }},{{ tailscale_cidr }}
|
||||
|
|
|
@ -1,8 +0,0 @@
|
|||
- name: Include vault
|
||||
include_vars: vault.yml
|
||||
|
||||
- name: Grafana
|
||||
include_tasks: grafana.yml
|
||||
|
||||
- name: Prometheus
|
||||
include_tasks: prometheus.yml
|
|
@ -4,8 +4,7 @@ proxy_cache_path /var/lib/nginx/cache levels=1:2 keys_zone=cdncache:20m max_size
|
|||
|
||||
{% for domain in cdn_domains %}
|
||||
server {
|
||||
listen 8800 ssl proxy_protocol;
|
||||
http2 on;
|
||||
listen 8800 ssl http2 proxy_protocol;
|
||||
|
||||
server_name {{ domain }};
|
||||
|
||||
|
|
|
@ -6,9 +6,9 @@ maxretry = 100
|
|||
filter = nginx-tcp
|
||||
logpath = /var/log/nginx/ips.log
|
||||
port = http,https,8448
|
||||
ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ vps_hosts.values()|sort|join(",") }},{{ tailscale_cidr }}
|
||||
ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ pve_hosts.internal_cidr_ipv6 }},{{ vps_hosts.values()|sort|join(",") }},{{ tailscale_cidr }}
|
||||
|
||||
[traefik]
|
||||
enabled = true
|
||||
port = http,https,8448
|
||||
ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ vps_hosts.values()|sort|join(",") }},{{ tailscale_cidr }}
|
||||
ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ pve_hosts.internal_cidr_ipv6 }},{{ vps_hosts.values()|sort|join(",") }},{{ tailscale_cidr }}
|
||||
|
|
|
@ -21,6 +21,20 @@ map $ssl_preread_server_name $gateway_destination {
|
|||
server {
|
||||
listen 443;
|
||||
listen 8448;
|
||||
listen [::]:443;
|
||||
listen [::]:8448;
|
||||
proxy_pass $gateway_destination;
|
||||
proxy_protocol on;
|
||||
}
|
||||
|
||||
server {
|
||||
listen [{{ vps_hosts.private_ipv6_marker }}]:443;
|
||||
listen [{{ vps_hosts.private_ipv6_marker }}]:8448;
|
||||
|
||||
access_log off;
|
||||
|
||||
deny all;
|
||||
|
||||
# This is never used, but need to keep nginx happy
|
||||
proxy_pass 127.0.0.1:80;
|
||||
}
|
||||
|
|
|
@ -1,4 +0,0 @@
|
|||
User-agent: *
|
||||
|
||||
# Ignore mirrored repos
|
||||
Disallow: /mirror/
|
|
@ -28,15 +28,6 @@
|
|||
notify: restart gitea
|
||||
become: true
|
||||
|
||||
- name: Install robots.txt
|
||||
template:
|
||||
src: files/robots.txt
|
||||
dest: "{{ app_data_dir }}/gitea/data/custom/robots.txt"
|
||||
mode: "{{ docker_compose_file_mask }}"
|
||||
owner: "{{ docker_user.name }}"
|
||||
notify: restart gitea
|
||||
become: true
|
||||
|
||||
- name: Create public images directory
|
||||
file:
|
||||
path: "{{ app_data_dir }}/gitea/data/custom/public/assets/img"
|
||||
|
|
|
@ -0,0 +1,13 @@
|
|||
{
|
||||
"tagOwners": {
|
||||
"tag:client": []
|
||||
|
||||
},
|
||||
"acls": [
|
||||
{
|
||||
"action": "accept",
|
||||
"src": ["tag:client"],
|
||||
"dst": ["*:*"]
|
||||
}
|
||||
]
|
||||
}
|
|
@ -188,7 +188,7 @@ log:
|
|||
# Path to a file containg ACL policies.
|
||||
# ACLs can be defined as YAML or HUJSON.
|
||||
# https://tailscale.com/kb/1018/acls/
|
||||
acl_policy_path: ""
|
||||
acl_policy_path: /etc/headscale/acls.json
|
||||
|
||||
## DNS
|
||||
#
|
||||
|
|
|
@ -3,8 +3,7 @@
|
|||
limit_req_zone $binary_remote_addr zone=headscale:10m rate=1r/m;
|
||||
|
||||
server {
|
||||
listen 8888 ssl proxy_protocol;
|
||||
http2 on;
|
||||
listen 8888 ssl http2 proxy_protocol;
|
||||
|
||||
server_name headscale.jakehoward.tech;
|
||||
|
||||
|
@ -13,6 +12,10 @@ server {
|
|||
ssl_trusted_certificate /etc/letsencrypt/live/headscale.jakehoward.tech/chain.pem;
|
||||
include includes/ssl.conf;
|
||||
|
||||
real_ip_header proxy_protocol;
|
||||
|
||||
set_real_ip_from 127.0.0.1;
|
||||
|
||||
location / {
|
||||
proxy_pass http://localhost:8416;
|
||||
}
|
||||
|
|
|
@ -11,7 +11,16 @@
|
|||
src: files/headscale.yml
|
||||
dest: /etc/headscale/config.yaml
|
||||
owner: headscale
|
||||
mode: "0644"
|
||||
mode: "0600"
|
||||
notify: restart headscale
|
||||
become: true
|
||||
|
||||
- name: Install ACLs
|
||||
template:
|
||||
src: files/acls.json
|
||||
dest: /etc/headscale/acls.json
|
||||
owner: headscale
|
||||
mode: "0600"
|
||||
notify: restart headscale
|
||||
become: true
|
||||
|
||||
|
|
|
@ -30,7 +30,7 @@ table inet filter {
|
|||
|
||||
# NAT - because the proxmox machines may not have routes back
|
||||
ip saddr {{ nebula.cidr }} ip daddr {{ pve_hosts.internal_cidr }} counter masquerade
|
||||
ip saddr {{ tailscale_cidr }} ip daddr {{ pve_hosts.internal_cidr }} counter masquerade
|
||||
ip saddr {{ tailscale_cidr }} counter masquerade
|
||||
}
|
||||
|
||||
chain FORWARD {
|
||||
|
@ -44,8 +44,9 @@ table inet filter {
|
|||
# Allow monitoring of nebula network
|
||||
ip saddr {{ pve_hosts.forrest.ip }}/32 ip daddr {{ nebula.cidr }} accept
|
||||
|
||||
# Allow traffic from Tailscale to proxmox network
|
||||
ip saddr {{ tailscale_cidr }} ip daddr {{ pve_hosts.internal_cidr }} accept
|
||||
ip saddr {{ pve_hosts.internal_cidr }} ip daddr {{ tailscale_cidr }} ct state related,established accept
|
||||
# Allow Tailscale exit node
|
||||
ip saddr {{ tailscale_cidr }} ip daddr 192.168.0.0/16 drop
|
||||
ip saddr {{ tailscale_cidr }} accept
|
||||
ip daddr {{ tailscale_cidr }} ct state related,established accept
|
||||
}
|
||||
}
|
||||
|
|
|
@ -9,6 +9,8 @@ access_log /var/log/nginx/access.log access;
|
|||
server {
|
||||
listen 443;
|
||||
listen 8448;
|
||||
listen [::]:443;
|
||||
listen [::]:8448;
|
||||
proxy_pass {{ pve_hosts.docker.ip }}:443;
|
||||
proxy_protocol on;
|
||||
proxy_socket_keepalive on;
|
||||
|
|
|
@ -2,7 +2,7 @@ version: "2.3"
|
|||
|
||||
services:
|
||||
mastodon:
|
||||
image: lscr.io/linuxserver/mastodon:4.2.7
|
||||
image: lscr.io/linuxserver/mastodon:4.2.8
|
||||
environment:
|
||||
- TZ={{ timezone }}
|
||||
- PUID={{ docker_user.id }}
|
||||
|
|
|
@ -8,8 +8,7 @@ ssl_dhparam dhparams.pem;
|
|||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
|
||||
ssl_prefer_server_ciphers off;
|
||||
# HSTS (ngx_http_headers_module is required) (63072000 seconds)
|
||||
#add_header Strict-Transport-Security "max-age=63072000" always;
|
||||
more_set_headers "Strict-Transport-Security: max-age=2592000";
|
||||
|
||||
# OCSP stapling
|
||||
ssl_stapling on;
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
- name: Install nginx
|
||||
package:
|
||||
name: "{{ 'nginx-mainline' if ansible_os_family == 'Archlinux' else 'nginx' }}"
|
||||
name: nginx
|
||||
become: true
|
||||
|
||||
- name: Install nginx modules
|
||||
|
@ -17,8 +17,8 @@
|
|||
kewlfft.aur.aur:
|
||||
name: "{{ item }}"
|
||||
loop:
|
||||
- nginx-mainline-mod-headers-more
|
||||
- nginx-mainline-mod-brotli
|
||||
- nginx-mod-headers-more
|
||||
- nginx-mod-brotli
|
||||
when: ansible_os_family == 'Archlinux'
|
||||
become: true
|
||||
|
||||
|
|
|
@ -2,8 +2,6 @@ modules:
|
|||
http:
|
||||
prober: http
|
||||
timeout: 10s
|
||||
http:
|
||||
preferred_ip_protocol: ip4 # Docker network is v4 only
|
||||
|
||||
https_redir:
|
||||
prober: http
|
||||
|
@ -16,7 +14,6 @@ modules:
|
|||
fail_if_header_not_matches:
|
||||
- header: Location
|
||||
regexp: ^https
|
||||
preferred_ip_protocol: ip4 # Docker network is v4 only
|
||||
|
||||
icmp:
|
||||
prober: icmp
|
|
@ -56,3 +56,5 @@ services:
|
|||
networks:
|
||||
grafana:
|
||||
external: true
|
||||
default:
|
||||
enable_ipv6: true
|
|
@ -0,0 +1,35 @@
|
|||
- name: Include vault
|
||||
include_vars: vault.yml
|
||||
|
||||
- name: Grafana
|
||||
include_tasks: grafana.yml
|
||||
|
||||
- name: Prometheus
|
||||
include_tasks: prometheus.yml
|
||||
|
||||
- name: Get routes
|
||||
command:
|
||||
argv:
|
||||
- ip
|
||||
- -6
|
||||
- route
|
||||
- show
|
||||
- "{{ vps_hosts.private_ipv6_range }}"
|
||||
register: routes
|
||||
changed_when: false
|
||||
become: true
|
||||
|
||||
- name: Add route to private services via ingress
|
||||
command:
|
||||
argv:
|
||||
- ip
|
||||
- -6
|
||||
- route
|
||||
- add
|
||||
- "{{ vps_hosts.private_ipv6_range }}"
|
||||
- via
|
||||
- "{{ pve_hosts.ingress.ipv6 }}"
|
||||
- dev
|
||||
- eth0
|
||||
become: true
|
||||
when: vps_hosts.private_ipv6_marker not in routes.stdout
|
|
@ -19,7 +19,7 @@ $CONFIG = array (
|
|||
0 => 'intersect.jakehoward.tech',
|
||||
),
|
||||
'dbtype' => 'mysql',
|
||||
'version' => '28.0.2.5',
|
||||
'version' => '28.0.4.1',
|
||||
'overwrite.cli.url' => 'https://intersect.jakehoward.tech',
|
||||
'dbname' => 'nextcloud',
|
||||
'dbhost' => 'mariadb',
|
||||
|
|
|
@ -2,7 +2,7 @@ version: "2.3"
|
|||
|
||||
services:
|
||||
nextcloud:
|
||||
image: lscr.io/linuxserver/nextcloud:28.0.2
|
||||
image: lscr.io/linuxserver/nextcloud:28.0.4
|
||||
environment:
|
||||
- PUID={{ docker_user.id }}
|
||||
- PGID={{ docker_user.id }}
|
||||
|
|
|
@ -3,7 +3,7 @@ version: "2.3"
|
|||
services:
|
||||
|
||||
synapse:
|
||||
image: matrixdotorg/synapse:v1.101.0
|
||||
image: matrixdotorg/synapse:v1.104.0
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
- SYNAPSE_CONFIG_PATH=/etc/homeserver.yaml
|
||||
|
|
|
@ -7,7 +7,7 @@ x-app: &app
|
|||
- TTRSS_DB_USER=tt-rss
|
||||
- TTRSS_DB_NAME=tt-rss
|
||||
- TTRSS_DB_PASS=tt-rss
|
||||
- TTRSS_SELF_URL_PATH=https://tt-rss.jakehoward.tech/tt-rss/
|
||||
- TTRSS_SELF_URL_PATH=https://tt-rss.jakehoward.tech
|
||||
- TTRSS_ENABLE_REGISTRATION=false
|
||||
- TTRSS_CHECK_FOR_UPDATES=false
|
||||
- TTRSS_ENABLE_GZIP_OUTPUT=true
|
||||
|
@ -16,6 +16,8 @@ x-app: &app
|
|||
- OWNER_GID={{ docker_user.id }}
|
||||
- PHP_WORKER_MAX_CHILDREN=50
|
||||
- PHP_WORKER_MEMORY_LIMIT=512M
|
||||
- APP_WEB_ROOT=/var/www/html/tt-rss
|
||||
- APP_BASE=
|
||||
volumes:
|
||||
- ./tt-rss:/var/www/html
|
||||
- "{{ app_data_dir }}/tt-rss/feed-icons:/var/www/html/tt-rss/feed-icons"
|
||||
|
|
|
@ -2,7 +2,7 @@ version: "2.3"
|
|||
|
||||
services:
|
||||
wallabag:
|
||||
image: wallabag/wallabag:2.6.8
|
||||
image: wallabag/wallabag:2.6.9
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
- SYMFONY__ENV__SECRET={{ wallabag_secret }}
|
||||
|
|
|
@ -7,6 +7,9 @@ services:
|
|||
labels:
|
||||
- traefik.enable=true
|
||||
- traefik.http.routers.whoami.rule=Host(`whoami.theorangeone.net`) || Host(`whoami-cdn.theorangeone.net`)
|
||||
|
||||
- traefik.http.routers.whoami-private.rule=Host(`whoami-private.theorangeone.net`)
|
||||
- traefik.http.routers.whoami-private.middlewares=tailscale-only@file
|
||||
networks:
|
||||
- default
|
||||
- traefik
|
||||
|
|
|
@ -0,0 +1,19 @@
|
|||
version: "2.3"
|
||||
|
||||
services:
|
||||
slides:
|
||||
image: ghcr.io/realorangeone/slides:latest
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
- TZ={{ timezone }}
|
||||
- PUID={{ docker_user.id }}
|
||||
volumes:
|
||||
- ./htpasswd:/etc/nginx/.htpasswd:ro
|
||||
- ./slides:/srv
|
||||
networks:
|
||||
- default
|
||||
- coredns
|
||||
|
||||
networks:
|
||||
coredns:
|
||||
external: true
|
|
@ -0,0 +1,4 @@
|
|||
- name: restart slides
|
||||
shell:
|
||||
chdir: /opt/slides
|
||||
cmd: "{{ docker_update_command }}"
|
|
@ -0,0 +1,47 @@
|
|||
- name: Include vault
|
||||
include_vars: vault.yml
|
||||
|
||||
- name: Create install directory
|
||||
file:
|
||||
path: /opt/slides
|
||||
state: directory
|
||||
owner: "{{ docker_user.name }}"
|
||||
mode: "{{ docker_compose_directory_mask }}"
|
||||
become: true
|
||||
|
||||
- name: Install compose file
|
||||
template:
|
||||
src: files/docker-compose.yml
|
||||
dest: /opt/slides/docker-compose.yml
|
||||
mode: "{{ docker_compose_file_mask }}"
|
||||
owner: "{{ docker_user.name }}"
|
||||
validate: docker-compose -f %s config
|
||||
notify: restart slides
|
||||
become: true
|
||||
|
||||
- name: Create credentials
|
||||
htpasswd:
|
||||
path: /opt/slides/htpasswd
|
||||
name: "{{ item.user }}"
|
||||
password: "{{ item.password }}"
|
||||
owner: "{{ docker_user.name }}"
|
||||
mode: "0600"
|
||||
loop: "{{ webdav_credentials }}"
|
||||
loop_control:
|
||||
label: "{{ item.user }}"
|
||||
notify: restart slides
|
||||
become: true
|
||||
|
||||
- name: Install nginx config
|
||||
template:
|
||||
src: files/nginx-docker.conf
|
||||
dest: /etc/nginx/http.d/slides.conf
|
||||
mode: "0644"
|
||||
notify: reload nginx
|
||||
become: true
|
||||
vars:
|
||||
server_name: slides.jakehoward.tech
|
||||
upstream: slides-slides-1.docker:80
|
||||
ssl_cert_path: /etc/letsencrypt/live/slides.jakehoward.tech
|
||||
location_extra: |
|
||||
client_max_body_size 15m;
|
|
@ -0,0 +1,14 @@
|
|||
$ANSIBLE_VAULT;1.1;AES256
|
||||
39346133313638313030663139356637666666346665356161383332613836656131353830323530
|
||||
6636613939346437633430316436363538623339643439300a363464383763613631333161613034
|
||||
31336138386639306166313532633439343763363563616130633165323166376265303663643130
|
||||
3634303836383737340a643834373666386261363533353936623335396633396366373230653932
|
||||
38316662333932646636623839396630383339393135643533323832623330323666613465626431
|
||||
36356663653861666362376265636162336531663266616432636635333537656661396263643631
|
||||
36653462663365646338623434393738346566633266643634633430336235343531613631383562
|
||||
30333165313438363966626264643732353833366662653164666631636465636538303961316465
|
||||
62356132643837646638376334343935313338316266393261316538393561356264313932623236
|
||||
62326235303139353034636365663434383439366163646635626563666434636564623336653634
|
||||
35363834306534333531383131323830623438323736656234623263353930666130363132343464
|
||||
32363433653066656364393732366366353033663332366166343139616433303439623631663537
|
||||
65313539663333626333623966313864623639353031313131346635666138613032
|
|
@ -2,7 +2,7 @@ version: "2.3"
|
|||
|
||||
services:
|
||||
tandoor:
|
||||
image: vabene1111/recipes:1.5.13
|
||||
image: vabene1111/recipes:latest
|
||||
environment:
|
||||
- TIMEZONE={{ timezone }}
|
||||
- DEBUG=0
|
||||
|
|
|
@ -2,5 +2,6 @@ traefik_provider_jellyfin: false
|
|||
traefik_provider_homeassistant: false
|
||||
traefik_provider_grafana: false
|
||||
traefik_provider_dokku: false
|
||||
traefik_provider_uptime_kuma: false
|
||||
|
||||
with_fail2ban: false
|
||||
|
|
|
@ -2,7 +2,7 @@ version: "2.3"
|
|||
|
||||
services:
|
||||
traefik:
|
||||
image: traefik:v2.10
|
||||
image: traefik:v2.11
|
||||
user: "{{ docker_user.id }}"
|
||||
environment:
|
||||
- CF_DNS_API_TOKEN={{ vault_cloudflare_api_token }}
|
||||
|
|
|
@ -6,5 +6,5 @@ maxretry = 5
|
|||
filter = traefik
|
||||
logpath = /tmp/traefik-logs/access.log
|
||||
port = http,https
|
||||
ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ vps_hosts.values()|sort|join(",") }},{{ tailscale_cidr }}
|
||||
ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ pve_hosts.internal_cidr_ipv6 }},{{ vps_hosts.values()|sort|join(",") }},{{ tailscale_cidr }}
|
||||
action = gateway
|
||||
|
|
|
@ -3,6 +3,8 @@ http:
|
|||
router-homeassistant:
|
||||
rule: Host(`homeassistant.jakehoward.tech`)
|
||||
service: service-homeassistant
|
||||
middlewares:
|
||||
- tailscale-only@file
|
||||
services:
|
||||
service-homeassistant:
|
||||
loadBalancer:
|
||||
|
|
|
@ -8,3 +8,20 @@ http:
|
|||
headers:
|
||||
customResponseHeaders:
|
||||
Permissions-Policy: interest-cohort=()
|
||||
|
||||
tailscale-only:
|
||||
ipWhiteList:
|
||||
sourceRange:
|
||||
- "{{ tailscale_cidr }}"
|
||||
- "{{ tailscale_cidr_ipv6 }}"
|
||||
- "{{ pve_hosts.forrest.ip }}"
|
||||
- "{{ pve_hosts.forrest.ipv6 }}"
|
||||
|
||||
private-access:
|
||||
ipWhiteList:
|
||||
sourceRange:
|
||||
- "{{ tailscale_cidr }}"
|
||||
- "{{ tailscale_cidr_ipv6 }}"
|
||||
- "{{ nebula.cidr }}"
|
||||
- "{{ pve_hosts.internal_cidr }}"
|
||||
- "{{ pve_hosts.internal_cidr_ipv6 }}"
|
||||
|
|
|
@ -0,0 +1,10 @@
|
|||
http:
|
||||
routers:
|
||||
router-uptime-kuma:
|
||||
rule: Host(`uptime.jakehoward.tech`)
|
||||
service: service-uptime-kuma
|
||||
services:
|
||||
service-uptime-kuma:
|
||||
loadBalancer:
|
||||
servers:
|
||||
- url: http://{{ pve_hosts.forrest.ip }}:3001
|
|
@ -101,6 +101,16 @@
|
|||
when: traefik_provider_dokku
|
||||
become: true
|
||||
|
||||
- name: Install dokku provider
|
||||
template:
|
||||
src: files/file-provider-uptime-kuma.yml
|
||||
dest: /opt/traefik/traefik/conf/uptime-kuma.yml
|
||||
mode: "{{ docker_compose_file_mask }}"
|
||||
owner: "{{ docker_user.name }}"
|
||||
notify: restart traefik
|
||||
when: traefik_provider_uptime_kuma
|
||||
become: true
|
||||
|
||||
- name: logrotate config
|
||||
template:
|
||||
src: files/logrotate.conf
|
||||
|
|
|
@ -0,0 +1,18 @@
|
|||
version: "2.3"
|
||||
|
||||
services:
|
||||
uptime-kuma:
|
||||
image: louislam/uptime-kuma:1.23.11-alpine
|
||||
environment:
|
||||
- TZ={{ timezone }}
|
||||
- PUID={{ docker_user.id }}
|
||||
- PGID={{ docker_user.id }}
|
||||
ports:
|
||||
- "{{ pve_hosts.forrest.ip }}:3001:3001"
|
||||
volumes:
|
||||
- "{{ app_data_dir }}/uptime-kuma:/app/data"
|
||||
restart: unless-stopped
|
||||
|
||||
networks:
|
||||
default:
|
||||
enable_ipv6: true
|
|
@ -0,0 +1,4 @@
|
|||
- name: restart uptime-kuma
|
||||
shell:
|
||||
chdir: /opt/uptime-kuma
|
||||
cmd: "{{ docker_update_command }}"
|
|
@ -0,0 +1,17 @@
|
|||
- name: Create install directory
|
||||
file:
|
||||
path: /opt/uptime-kuma
|
||||
state: directory
|
||||
owner: "{{ docker_user.name }}"
|
||||
mode: "{{ docker_compose_directory_mask }}"
|
||||
become: true
|
||||
|
||||
- name: Install compose file
|
||||
template:
|
||||
src: files/docker-compose.yml
|
||||
dest: /opt/uptime-kuma/docker-compose.yml
|
||||
mode: "{{ docker_compose_file_mask }}"
|
||||
owner: "{{ docker_user.name }}"
|
||||
validate: docker-compose -f %s config
|
||||
notify: restart uptime-kuma
|
||||
become: true
|
|
@ -2,7 +2,7 @@ version: "2.3"
|
|||
|
||||
services:
|
||||
vaultwarden:
|
||||
image: vaultwarden/server:1.30.3-alpine
|
||||
image: vaultwarden/server:1.30.5-alpine
|
||||
restart: unless-stopped
|
||||
user: "{{ docker_user.id }}:{{ docker_user.id }}"
|
||||
volumes:
|
||||
|
@ -22,7 +22,7 @@ services:
|
|||
- traefik.http.middlewares.vaultwarden-ratelimit.ratelimit.average=5
|
||||
- traefik.http.middlewares.vaultwarden-ratelimit.ratelimit.burst=200
|
||||
|
||||
- traefik.http.routers.vaultwarden.middlewares=vaultwarden-ratelimit
|
||||
- traefik.http.routers.vaultwarden.middlewares=vaultwarden-ratelimit,tailscale-only@file
|
||||
environment:
|
||||
- SIGNUPS_ALLOWED=false
|
||||
- DOMAIN=https://vaultwarden.jakehoward.tech
|
||||
|
|
|
@ -2,17 +2,17 @@
|
|||
# Manual edits may be lost in future updates.
|
||||
|
||||
provider "registry.terraform.io/backblaze/b2" {
|
||||
version = "0.8.7"
|
||||
constraints = "0.8.7"
|
||||
version = "0.8.9"
|
||||
constraints = "0.8.9"
|
||||
hashes = [
|
||||
"h1:00oWKpRLaWlwNwebBlsy4ZDN9dsYPZv6G3VoYxz5SSE=",
|
||||
"h1:GLJrlMQ3CxORGarOlpbdKNjfdVxwWF7D1Sa5Svtsi2Q=",
|
||||
"h1:R+Ota2rVe+KaYwJIrlVGgRxtTGgkqXgsMRApg6r/+5M=",
|
||||
"h1:hSsgVZdn6G7G8Zp03Ij9lLQYEQ0aWGy3j3loEsjkJMQ=",
|
||||
"zh:832081241cdf62ea27af5e9999c7c94bbec1816dc552c53da1caa8a2ff7b987f",
|
||||
"zh:c130917d8da3e85392fb3c8c7b2be3b2fd1d1eb5023993d33e3d0838e8375d05",
|
||||
"zh:f9f7dbf09d818c5a05570d73facaf0bb840c541de07439b0891381df4c75875a",
|
||||
"zh:fc142bb2370c541ae14ea4f8f8c5437efa07911a8c36be60820cba6671fa6c81",
|
||||
"h1:2I1FrwnkverfdRHyoCMHeoLJcWIdoLw0uSyvFJDj+40=",
|
||||
"h1:Gp0no9DUhxEAPPED0/AG8wSaaT6023dtA1Q8oIPmgz0=",
|
||||
"h1:N5oxkisGmkDIdAmncwcmcN5KilDdOG1kJu2+k0ARj80=",
|
||||
"h1:PSLTea0VOv61sttOED7lEvonSQuIik2CFDXyljVpeHU=",
|
||||
"zh:3534b7737d5d555187faec4db6abeb202a90559f2f68e569e48b0acbbdaabe9d",
|
||||
"zh:372e97f55308babb98e175e3464d7088c8182d649e899e3067bb042e655a62c8",
|
||||
"zh:59935a938882daccf93a76ddfdd24113aac7349e0ae555028f340acb211cbaff",
|
||||
"zh:da2d510b081ed9683acd201318f096ea6848843f325eaf8db555702244149532",
|
||||
]
|
||||
}
|
||||
|
||||
|
@ -52,22 +52,33 @@ provider "registry.terraform.io/cloudflare/cloudflare" {
|
|||
}
|
||||
|
||||
provider "registry.terraform.io/go-gandi/gandi" {
|
||||
version = "2.2.3"
|
||||
constraints = "2.2.3"
|
||||
version = "2.3.0"
|
||||
constraints = "2.3.0"
|
||||
hashes = [
|
||||
"h1:2SFGp4KWheP2bjuD0sIzbcuM91uSFiMVr2qYBRUJ7HU=",
|
||||
"zh:1059865208c4ce9a827d0e1fa09a74297476d064d5aebd598633b10036cdff5d",
|
||||
"zh:1e912145a1819fc7516353369332a41558a3c6e9edac8bdcc09aa8c2735d29e3",
|
||||
"zh:2977e335cb1df04baa200933679048a7b4151f48cbd551917abe45dc3b62f85d",
|
||||
"zh:4211fa55947c3b7841931a2f944fe02fa50d2dca5fe850113d7dc5713574c0de",
|
||||
"zh:509f2262f4d682504eb412eeb58968c23208ddab8ebd0b0371a9eb1332b57f33",
|
||||
"zh:784ee8dd57193dfcb38fe06fedc2931b02a887ce887744ce92b856f121d6fb50",
|
||||
"zh:81a9bcbae602d32d71fa8ff3b2140c3d86692736a4c3379ebcfa06c858fae549",
|
||||
"zh:9e296c6b33a4b3042c030a44368a45c95a531b7c6c369db30a7fd2e9503bb4d8",
|
||||
"zh:a030027413d3dc7695691917f328fecb9b15d6b9e0d72b35439534cc22abb782",
|
||||
"zh:a5019df0ce14c20483f397eef4e91d9f60ad78644acb3134130c4ebbc26059b5",
|
||||
"zh:d03f6bd478f2b57091f2e82dde17a4adfe0b423eaaa0f99c59838fc64dd965ab",
|
||||
"zh:e1b23742e9d98391fb84a4fad4e577ca2827bb25c40e310f3faaa3dcbde3a508",
|
||||
"h1:+QRivNRiQfXbOzSJwIKOmpqRLjfSbgGTVIot5HHaxzU=",
|
||||
"h1:9kqWL+eFk/ogrQSltL9zVqjMcOqbvs3EgIJEeyNPb8U=",
|
||||
"h1:Fv/rdRU74oVDL6Tmu63qNl3fUrlOfMVPUFeLaPfWAGY=",
|
||||
"h1:GC+kfSRx3FdF0dhh0LZrWXV+hLSFQd3cQ3mjQ3lBloU=",
|
||||
"h1:M6MNub0wFKc/2MKOns9uWsgkFEjqNx1oucz+wGemBRM=",
|
||||
"h1:Os/cyXb2LCyYLvaQ7inZPBdgjR7Ie5AsyIIHvYaMZB4=",
|
||||
"h1:PH6KI61eli5OL/aN3Oi7NV9qkNbjGLoOYjJK3gvULj4=",
|
||||
"h1:ZYWkA1hdIjQySftM5bWAQjiH50V5qMl9nJroYzCoqb0=",
|
||||
"h1:aRZN5KmJwfLJ+sSYo4xd6MHS2oNk3Zlk417md3e9ry0=",
|
||||
"h1:iTw/xbYXtScXLdhbjzF15Bf9wWu/r41ZertHYl9vDec=",
|
||||
"h1:q/JXh50l2WZKxRpVTXzWp7nToqaU4TXD883k6Xi+8Jk=",
|
||||
"h1:sSjatD9sHwGI8jJYF7Ps7BTBbmmCmLAdlUPDs3i/vQA=",
|
||||
"zh:0936d011cf75bb5162c6027d00575a586807adc9008f4152def157b6ad22bae9",
|
||||
"zh:2170e671f04d3346ea416fcc404be6d05f637eab7df77e289a6898a928885f0b",
|
||||
"zh:250329baae3cb09cfb88dd004d45f003ba76fbe7b8daf9d18fd640b93a2b7252",
|
||||
"zh:2ccd9f253424738ca5fbbcb2127bf3713c20e87bfb3829f8c4565569424fd0bd",
|
||||
"zh:3607b48bc4691cd209528f9ffe16a6cc666bd284b0d0bdfe8c4e1d538559a408",
|
||||
"zh:3bc1d2b770fe0f50027da59c405b2468d1322243235367014f75f765124f458d",
|
||||
"zh:6c8a9092847ee2e2890825432b54424c456638d494e49b7d1845f055214714f5",
|
||||
"zh:8e0b62a330876005d52bcd65d7b1d9a679a7ac79c626e0f86661519e8f9b5698",
|
||||
"zh:8f44f4d52583ff249e2001ea2a8b8841010489dd43e1a01a9ec3a6813d121c28",
|
||||
"zh:9a617927d4a3a2897ff10999a19a6d1f0ef634b8c6b8fc3be12cf53948cfd9cf",
|
||||
"zh:cab3c82c54e38e6001eed5b80a2d16b7824921f8f8b3909049e174c48e6e8804",
|
||||
"zh:f78cc685aa4ba5056ea53a7f8ce585f87a911f0a8a387a44a33d7dfb69db7663",
|
||||
]
|
||||
}
|
||||
|
||||
|
|
|
@ -6,6 +6,16 @@ resource "linode_instance" "casey" {
|
|||
private_ip = true
|
||||
}
|
||||
|
||||
resource "linode_ipv6_range" "casey_extra" {
|
||||
linode_id = linode_instance.casey.id
|
||||
prefix_length = 64
|
||||
}
|
||||
|
||||
locals {
|
||||
private_ipv6_marker = cidrhost(linode_ipv6_range.casey_extra.id, 1)
|
||||
private_ipv6_range = cidrsubnet(linode_ipv6_range.casey_extra.id, 64, 1)
|
||||
}
|
||||
|
||||
resource "linode_firewall" "casey" {
|
||||
label = "casey"
|
||||
linodes = [linode_instance.casey.id]
|
||||
|
|
|
@ -2,6 +2,8 @@ resource "local_file" "hosts" {
|
|||
content = yamlencode({
|
||||
vps_hosts : {
|
||||
casey_ip : linode_instance.casey.ip_address,
|
||||
private_ipv6_marker : local.private_ipv6_marker,
|
||||
private_ipv6_range : local.private_ipv6_range,
|
||||
walker_ip : vultr_instance.walker.main_ip,
|
||||
}
|
||||
})
|
||||
|
|
|
@ -127,7 +127,7 @@ resource "cloudflare_record" "jakehowardtech_calibre" {
|
|||
resource "cloudflare_record" "jakehowardtech_homeassistant" {
|
||||
zone_id = cloudflare_zone.jakehowardtech.id
|
||||
name = "homeassistant"
|
||||
value = cloudflare_record.sys_domain_pve.hostname
|
||||
value = cloudflare_record.sys_domain_pve_private.hostname
|
||||
type = "CNAME"
|
||||
ttl = 1
|
||||
}
|
||||
|
@ -143,7 +143,7 @@ resource "cloudflare_record" "jakehowardtech_grafana" {
|
|||
resource "cloudflare_record" "jakehowardtech_vaultwarden" {
|
||||
zone_id = cloudflare_zone.jakehowardtech.id
|
||||
name = "vaultwarden"
|
||||
value = cloudflare_record.sys_domain_pve.hostname
|
||||
value = cloudflare_record.sys_domain_pve_private.hostname
|
||||
type = "CNAME"
|
||||
ttl = 1
|
||||
}
|
||||
|
@ -253,6 +253,22 @@ resource "cloudflare_record" "jakehowardtech_headscale" {
|
|||
ttl = 1
|
||||
}
|
||||
|
||||
resource "cloudflare_record" "jakehowardtech_slides" {
|
||||
zone_id = cloudflare_zone.jakehowardtech.id
|
||||
name = "slides"
|
||||
value = cloudflare_record.sys_domain_walker.hostname
|
||||
type = "CNAME"
|
||||
ttl = 1
|
||||
}
|
||||
|
||||
resource "cloudflare_record" "jakehowardtech_uptime" {
|
||||
zone_id = cloudflare_zone.jakehowardtech.id
|
||||
name = "uptime"
|
||||
value = cloudflare_record.sys_domain_pve.hostname
|
||||
type = "CNAME"
|
||||
ttl = 1
|
||||
}
|
||||
|
||||
resource "cloudflare_record" "jakehowardtech_caa" {
|
||||
zone_id = cloudflare_zone.jakehowardtech.id
|
||||
name = "@"
|
||||
|
|
|
@ -37,3 +37,11 @@ resource "cloudflare_record" "sys_domain_pve" {
|
|||
type = "A"
|
||||
ttl = 1
|
||||
}
|
||||
|
||||
resource "cloudflare_record" "sys_domain_pve_private" {
|
||||
zone_id = cloudflare_zone.theorangeonenet.id
|
||||
name = "pve-private.sys"
|
||||
value = local.private_ipv6_marker
|
||||
type = "AAAA"
|
||||
ttl = 1
|
||||
}
|
||||
|
|
|
@ -18,11 +18,11 @@ terraform {
|
|||
}
|
||||
gandi = {
|
||||
source = "go-gandi/gandi"
|
||||
version = "2.2.3"
|
||||
version = "2.3.0"
|
||||
}
|
||||
b2 = {
|
||||
source = "Backblaze/b2"
|
||||
version = "0.8.7"
|
||||
version = "0.8.9"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -26,6 +26,14 @@ resource "cloudflare_record" "theorangeonenet_whoami_cdn" {
|
|||
ttl = 1
|
||||
}
|
||||
|
||||
resource "cloudflare_record" "theorangeonenet_whoami_private" {
|
||||
zone_id = cloudflare_zone.theorangeonenet.id
|
||||
name = "whoami-private"
|
||||
value = cloudflare_record.sys_domain_pve_private.hostname
|
||||
type = "CNAME"
|
||||
ttl = 1
|
||||
}
|
||||
|
||||
resource "cloudflare_record" "theorangeonenet_mx1" {
|
||||
zone_id = cloudflare_zone.theorangeonenet.id
|
||||
name = "@"
|
||||
|
|
Loading…
Reference in New Issue