more progress on proxy routing and stuff

author: Elizabeth Hunt <me@liz.coffee> 2025-04-01 00:23:21 -0700
committer: Elizabeth Hunt <me@liz.coffee> 2025-04-01 00:23:21 -0700
commit: ce8931e6fe1fc1e9bd004f9357e15309d1265975 (patch)
tree: a6d588cf48e2fc628ef3c2d261e68224ea95f787 /playbooks
parent: aeab0e7c54e3995312490e7c4476f162b880f625 (diff)
download: infra-ce8931e6fe1fc1e9bd004f9357e15309d1265975.tar.gz
infra-ce8931e6fe1fc1e9bd004f9357e15309d1265975.zip
4 files changed, 29 insertions, 10 deletions
diff --git a/playbooks/roles/outbound/templates/proxy/docker-compose.yml b/playbooks/roles/outbound/templates/proxy/docker-compose.yml
index 3074047..7deea56 100644
--- a/playbooks/roles/outbound/templates/proxy/docker-compose.yml
+++ b/playbooks/roles/outbound/templates/proxy/docker-compose.yml
@@ -7,6 +7,10 @@ services:
       - TS_STATE_DIR=/var/lib/tailscale
       - TS_USERSPACE=false
       - TZ={{ timezone }}
+
+      - VIRTUAL_HOST=*.{{ domain }},{{ domain }}
+      - VIRTUAL_PORT=80
+      - LETSENCRYPT_HOST=*.{{ domain }},{{ domain }}
     hostname: headscale-outbound
     restart: unless-stopped
     cap_add:
@@ -16,21 +20,16 @@ services:
       - ./data:/var/lib/tailscale
       - /dev/net/tun:/dev/net/tun
     networks:
-      - headnet
+      - proxy
   proxy:
     image: nginx:latest
+    network_mode: service:headscale-client
     depends_on:
       - headscale-client
-    networks:
-      - proxy
-      - headnet
-    environment:
-      - VIRTUAL_HOST=*.{{ domain }},{{ domain }}
-      - VIRTUAL_PORT=80
-      - LETSENCRYPT_HOST=*.{{ domain }},{{ domain }}
+    volumes:
+      - ./sites-enabled:/etc/nginx/conf.d
 
 networks:
-  headnet:
   proxy:
     external: true
 
diff --git a/playbooks/roles/outbound/templates/proxy/sites-enabled/default.conf b/playbooks/roles/outbound/templates/proxy/sites-enabled/default.conf
new file mode 100644
index 0000000..d127cc5
--- /dev/null
+++ b/playbooks/roles/outbound/templates/proxy/sites-enabled/default.conf
@@ -0,0 +1,7 @@
+server {
+    listen 80 default_server;
+
+    location / {
+        return 404;
+    }
+}
diff --git a/playbooks/roles/outbound/templates/proxy/sites-enabled/idm.conf b/playbooks/roles/outbound/templates/proxy/sites-enabled/idm.conf
new file mode 100644
index 0000000..c85ebcf
--- /dev/null
+++ b/playbooks/roles/outbound/templates/proxy/sites-enabled/idm.conf
@@ -0,0 +1,13 @@
+server {
+    listen 80;
+    server_name idm.liz.coffee;
+
+    location / {
+        proxy_pass https://{{ loadbalancer_ip }};
+        proxy_ssl_verify off;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}
diff --git a/playbooks/roles/traefik/templates/stacks/docker-compose.yml b/playbooks/roles/traefik/templates/stacks/docker-compose.yml
index dfdd6ba..deb5329 100644
--- a/playbooks/roles/traefik/templates/stacks/docker-compose.yml
+++ b/playbooks/roles/traefik/templates/stacks/docker-compose.yml
@@ -5,7 +5,7 @@ services:
     restart: unless-stopped
     environment:
       - TS_AUTHKEY={{ headscale_user_auth_key }}
-      - TS_EXTRA_ARGS=--login-server=https://{{ headscale_host }} --accept-dns --stateful-filtering=false
+      - TS_EXTRA_ARGS=--login-server=https://{{ headscale_host }} --accept-dns --stateful-filtering=false --advertise-routes={{ loadbalancer_ip }}/32
       - TS_STATE_DIR=/var/lib/tailscale
       - TS_USERSPACE=false
       - TZ={{ timezone }}
author	Elizabeth Hunt <me@liz.coffee>	2025-04-01 00:23:21 -0700
committer	Elizabeth Hunt <me@liz.coffee>	2025-04-01 00:23:21 -0700
commit	ce8931e6fe1fc1e9bd004f9357e15309d1265975 (patch)
tree	a6d588cf48e2fc628ef3c2d261e68224ea95f787 /playbooks
parent	aeab0e7c54e3995312490e7c4476f162b880f625 (diff)
download	infra-ce8931e6fe1fc1e9bd004f9357e15309d1265975.tar.gz infra-ce8931e6fe1fc1e9bd004f9357e15309d1265975.zip