diff options
| author | Elizabeth Alexander Hunt <me@liz.coffee> | 2025-05-07 18:10:57 -0700 |
|---|---|---|
| committer | Elizabeth Alexander Hunt <me@liz.coffee> | 2025-05-07 18:10:57 -0700 |
| commit | b8ffbfe27eae919750ef4d3facf02393d1004287 (patch) | |
| tree | 78a22cffd1a387a1f482aac78a93fb951dcc81bb /playbooks/roles/outbound/templates | |
| parent | 59417f290463d3aabbf3ec2ab8e75703928db217 (diff) | |
| download | infra-b8ffbfe27eae919750ef4d3facf02393d1004287.tar.gz infra-b8ffbfe27eae919750ef4d3facf02393d1004287.zip | |
.git was corrupted on the machine i worked on these many commits. so here it is all at once :P
Diffstat (limited to 'playbooks/roles/outbound/templates')
| -rw-r--r-- | playbooks/roles/outbound/templates/headscale/config/acl.json | 15 | ||||
| -rw-r--r-- | playbooks/roles/outbound/templates/proxy/nginx/conf.d/oci.conf | 19 |
2 files changed, 30 insertions, 4 deletions
diff --git a/playbooks/roles/outbound/templates/headscale/config/acl.json b/playbooks/roles/outbound/templates/headscale/config/acl.json index 449207d..242d01e 100644 --- a/playbooks/roles/outbound/templates/headscale/config/acl.json +++ b/playbooks/roles/outbound/templates/headscale/config/acl.json @@ -1,17 +1,24 @@ { "groups": { - "group:internal": ["liz{{ oauth_user_suffix }}", "lucina{{ oauth_user_suffix }}", "riley{{ oauth_user_suffix }}"], + "group:coffee_admins": ["liz{{ oauth_user_suffix }}", "lucina{{ oauth_user_suffix }}"], }, "acls": [ +{% for user in ["liz", "lucina", "riley"] %} + { + "action": "accept", + "src": ["{{ user }}{{ oauth_user_suffix }}"], + "dst": ["{{ user }}{{ oauth_user_suffix }}:*"] + }, +{% endfor %} { "action": "accept", "src": ["{{ auth_key_user }}"], - "dst": ["{{ auth_key_user }}:*", "10.0.0.0/8:*"] + "dst": ["{{ auth_key_user }}:*", "{{ loadbalancer_ip }}/32:*"] }, { "action": "accept", - "src": ["group:internal"], - "dst": ["10.0.0.0/8:*"] + "src": ["group:coffee_admins"], + "dst": ["{{ loadbalancer_ip }}/32:*"] } ] } diff --git a/playbooks/roles/outbound/templates/proxy/nginx/conf.d/oci.conf b/playbooks/roles/outbound/templates/proxy/nginx/conf.d/oci.conf new file mode 100644 index 0000000..5e68fc3 --- /dev/null +++ b/playbooks/roles/outbound/templates/proxy/nginx/conf.d/oci.conf @@ -0,0 +1,19 @@ +server { + listen 80; + server_name oci.liz.coffee; + + real_ip_header X-Forwarded-For; + real_ip_recursive on; + set_real_ip_from {{ docker_network }}; + + location / { + proxy_pass https://{{ loadbalancer_ip }}; + proxy_ssl_verify off; + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + } +} |