diff options
Diffstat (limited to 'group_vars')
| -rw-r--r-- | group_vars/all.yml | 70 | ||||
| -rw-r--r-- | group_vars/bin.yml | 2 | ||||
| -rw-r--r-- | group_vars/coffee.yml | 4 | ||||
| -rw-r--r-- | group_vars/mon.yml | 2 | ||||
| -rw-r--r-- | group_vars/outbound.yml | 9 | ||||
| -rw-r--r-- | group_vars/silverbullet.yml | 2 | ||||
| -rw-r--r-- | group_vars/traefik.yml | 4 |
7 files changed, 79 insertions, 14 deletions
diff --git a/group_vars/all.yml b/group_vars/all.yml index a285422..d1c7a24 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -11,7 +11,7 @@ ansible_user: serve # -- <networking> -- loadbalancer_ip: "10.128.0.200" homelab_network: "10.128.0.0/16" -swarm_network: "10.0.0.0/16" +swarm_network: "10.0.0.0/8" docker_network: "172.16.0.0/12" headnet_network: "100.64.0.0/10" rfc1918_cgnat_networks: @@ -29,6 +29,8 @@ headscale_nodes_domain: "in.{{ domain }}" mail_domain: "mail.{{ domain }}" oci_domain: "oci.{{ domain }}" passwd_domain: "passwd.{{ domain }}" +oauth_proxy_domain: "fwdauth.{{ domain }}" +outbound_domain: "outbound.{{ domain }}" # -- </shared_services> -- # -- <docker> -- @@ -56,6 +58,10 @@ homelab_build: false deployment_time: "{{ now(utc=true,fmt='%s') }}" # -- </unique_deployment> -- +# -- <groups> -- +admins: "coffee_admins@{{ idm_domain }}" +# -- </groups> -- + # -- <keys> -- me_lizcoffee_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDRHu3h9mDjQyFbojcxGKW0hPUDfgUmb2WCzd4Dv2qISM3GGt9LjD8o0IbWRNaTf5UyId5lu7wNHtygs5ZDfUVnlfxrI1CmoExuqkYFjy+R9Cu0x1J2w7+MrKPBd5akLCuKTTnXbyv79T0tLb07rCpGHojW8HH6wdDtg0siVqsPqZVTjg7WGbBYqiqlA5p8s+V9xN1q8lTOZrRI0PdgoU8W+1oIr9OHSG1ZeUBQx60izTEwMnWBxY2aA8SQolIVvsJCcMMc/EAnaz/rdJ5IkeqXGslIhUI7WCPHnPWN8CSdwMOLi5BNaOAK7Y2FkfKTUlO7I52BL87Cl3YpMxR0mTDrfSJTSp0B3ZAbUIXDA7biSh04YLwGQVI799vcyJf355A60btPaiuiBgI0am3h0WxnOACg7K6eV023EiUQ24UjlQ8pufHcJ1oDW8v6LHlp/atCWOl9KQIun9UUg8DD8/BLPprc0wzAV6Nco0ZIedouxZuUhduYYvUrLJ+ICpaZg6oPGitVJPIgyyI+WTfjRN4WTj/Z3Yhuj0RqF8b5ea4FNWuJtfF724t7SVnZsYlZGSCqL8gaEzbIATVe3THn5VwbK+S4ELD/9W6MOd6aZcTOK2yP3jlwjcjnW8sLuX+2qNwtSVVa4o5VsRZU40Da+3flzoBsyUwSE3H2PsFPH29lIQ== lizzy@yubikey" # -- </keys> -- @@ -68,11 +74,24 @@ mesh: forward_dns: true split_vpn_dns_to: "10.128.0.44" private_records: [] + public_healthchecks: [] + private_healthchecks: [] liz: gateway: "{{ loadbalancer_ip }}" domain: "{{ domain }}" forward_dns: false split_vpn_dns_to: "{{ loadbalancer_ip }}" + public_healthchecks: + - "https://{{ domain }}" + - "https://{{ idm_domain }}/status" + - "https://{{ headscale_host }}/health" + - "https://fwdauth.{{ domain }}/oauth2/sign_in" + - "https://test.{{ domain }}/" + private_healthchecks: + - "https://bin.{{ domain }}" + - "https://ci.{{ domain }}" + - "https://notes.{{ domain }}" + - "https://passwd.{{ domain }}/alive" private_records: - type: "A" name: "piplup.{{ domain }}" @@ -97,9 +116,6 @@ mesh: name: "bin.{{ domain }}" ip: "{{ loadbalancer_ip }}" - type: "A" - name: "ci.{{ domain }}" - ip: "{{ loadbalancer_ip }}" - - type: "A" name: "idm.{{ domain }}" ip: "{{ loadbalancer_ip }}" - type: "A" @@ -124,19 +140,51 @@ mesh: name: "src.{{ domain }}" ip: "{{ loadbalancer_ip }}" - type: "A" + name: "fwdauth.{{ domain }}" + ip: "{{ loadbalancer_ip }}" + - type: "A" name: "swarm.{{ domain }}" ip: "{{ loadbalancer_ip }}" - type: "A" name: "traefik.{{ domain }}" ip: "{{ loadbalancer_ip }}" - type: "A" - name: "piplup.pocket.{{ domain }}" - ip: "10.128.0.101" - - type: "A" - name: "togepi.pocket.{{ domain }}" - ip: "10.128.0.102" + name: "prometheus.{{ domain }}" + ip: "{{ loadbalancer_ip }}" - type: "A" - name: "roton.pocket.{{ domain }}" - ip: "10.128.0.103" + name: "mon.{{ domain }}" + ip: "{{ loadbalancer_ip }}" # -- </mesh> -- +# -- <logo> -- + +logo: | + --| |-- + --| ~ welcome to ~ |-- + --| |-- + --| .-. _ .--. .--. |-- + --| :.: :_; : .-': .-' |-- + --| :.: .-..---. .--. .--. : `; : `;.--. .--. |-- + --| :.:_ : :`-'_.' _ ' ..'' .; :: : : :' '_.'' '_.' |-- + --| `.__;:_;`.___;:_;`.__.'`.__.':_; :_;`.__.'`.__.' |-- + --| |-- + --| ~₊˚⊹ ⋆˚✿˖°~ -────୨ৎ────- ~₊˚⊹ ⋆˚✿˖°~ |-- + --| ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣀⣀⣀⣀⣀⣀⣀⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ |-- + --| ⠀⠀⠀⠀⠀⠀⠀⠀⠀⣀⠤⠒⠉⠉⠉⣀⣂⣅⠬⡉⠭⢛⠿⢟⡶⣄⡀⠀⠀⠀⠀ we'll get brewing |-- + --| ⠀⠀⠀⠀⠀⠀⠀⣠⠞⠁⠀⣄⢎⢩⢸⢉⣵⡖⢰⣶⣮⢹⣦⣡⢊⢻⡿⣦⠀⠀⠀ right away! |-- + --| ⠀⠀⠀⠀⠀⠀⢠⡇⠀⠀⢎⠕⢭⢪⡶⠈⢿⣷⣿⠟⣋⣚⣯⣒⣣⡑⢨⢻⡇⠀⣀⣀⠀⠀⠀ |-- + --| ⠀⠀⠀⠀⠀⣀⡼⣧⠀⠄⡊⢼⡩⣾⢌⠳⡜⣉⡠⡜⡞⣵⣊⡧⡠⠝⣣⡾⠁⠀⠻⠿⠗⠀⠀ /) /) (\ (\ |-- + --| ⠀⠀⠀⣢⣾⡟⣥⠻⣷⣌⡀⠬⡘⢅⡟⡇⡮⣷⡾⡿⢋⣉⢣⢔⣎⠿⠊⠀⠀⡴⣛⠆⠌⠀⠀ ( . .) (. . ) |-- + --| ⠀⢀⣶⡟⣡⣿⣿⣟⢯⣟⢿⣷⣶⣯⣬⣵⣾⣷⣶⡾⠧⠞⠓⠉⠀⠀⠀⢀⠘⠈⠀⠠⢘⡤⠀ ( づ ˚♡︎˖ ⊂ ) |-- + --| ⠄⣾⠏⣐⣛⡻⢿⣿⣯⣿⣿⣿⣾⣽⣛⣍⢃⡂⢄⠀⡀⠀⡀⠄⢂⠄⠡⢈⠒⡈⢒⠘⠴⢀⠀ |-- + --| ⢰⣿⠀⠈⠻⣜⣄⠈⢙⣾⢿⣿⣿⣿⡿⣜⢣⡜⢢⠁⠄⡐⢠⢉⠂⠌⠀⡀⠄⠐⡀⠄⠐⠀⢐ ___ |-- + --| ⠸⣟⠀⡐⡅⠈⠑⠀⠊⠝⠈⢖⡿⠿⣿⣾⡱⢊⠅⡌⡰⢌⢆⠣⠈⢀⠐⠀⠄⠂⠠⡈⠠⣈⡧ (...) |-- + --| ⠀⢿⣆⠱⣘⣧⣤⣀⣀⡀⢒⡥⣑⢨⠒⡰⠯⠾⡼⠶⠙⢈⠀⣀⠂⡄⢂⣁⢢⣑⣶⡽⣳⠟⠁ _ \ _ |-- + --| ⠀⠀⠻⣧⡜⢹⣿⣿⣿⣿⣿⣿⣿⣿⣷⣦⣴⡀⡀⠀⠛⠺⢿⣶⣿⣾⣷⣿⣿⣿⢟⣵⠏⠀⠀ ('> <') |-- + --| ⠀⠀⠀⠈⠿⣶⣉⠻⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣷⣧⣤⢀⠀⠀⠈⠉⠙⠻⣯⡷⠟⠁⠀⠀⠀ (v) (v) |-- + --| ⠀⠀⠀⠀⠀⠈⠙⠿⣶⣽⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣾⣞⣤⠀⠀⠀⠈⠀⠀⠀⠀⠀⠀\(__w w__)/ |-- + --| ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠈⠉⠛⠛⠛⠿⠿⠿⠿⠿⠿⠛⠛⠛⠉⠉⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ |-- + --| |-- + --| |-- + +# -- </logo> -- diff --git a/group_vars/bin.yml b/group_vars/bin.yml index 8f0701e..3cf546a 100644 --- a/group_vars/bin.yml +++ b/group_vars/bin.yml @@ -1,4 +1,4 @@ --- -bin_domain: bin.liz.coffee +bin_domain: bin.{{ domain }} bin_base: "{{ swarm_base }}/bin" diff --git a/group_vars/coffee.yml b/group_vars/coffee.yml new file mode 100644 index 0000000..90ddc7b --- /dev/null +++ b/group_vars/coffee.yml @@ -0,0 +1,4 @@ +--- + +coffee_domain: coffee.liz.coffee +coffee_base: "{{ swarm_base }}/coffee" diff --git a/group_vars/mon.yml b/group_vars/mon.yml index 51566f2..1d0944e 100644 --- a/group_vars/mon.yml +++ b/group_vars/mon.yml @@ -2,3 +2,5 @@ mon_domain: mon.liz.coffee mon_base: "{{ swarm_base }}/mon" + +prometheus_domain: prometheus.liz.coffee diff --git a/group_vars/outbound.yml b/group_vars/outbound.yml index e9d7e94..14a6b22 100644 --- a/group_vars/outbound.yml +++ b/group_vars/outbound.yml @@ -4,10 +4,15 @@ headscale_url: 'https://{{ headscale_host }}' headscale_base_domain: '{{ headscale_nodes_domain }}' headscale_base: '/etc/docker/compose/headscale' headscale_port: '8080' +headscale_metrics_port: '5577' headscale_listen_addr: '0.0.0.0:{{ headscale_port }}' +headscale_metrics_listen_addr: '0.0.0.0:{{ headscale_metrics_port }}' -headscale_dns_for_connected_clients_1: '{{ loadbalancer_ip }}' -headscale_dns_for_connected_clients_2: '1.0.0.1' +headscale_dns_for_connected_clients: +# - '{{ mesh.lucina.gateway }}' + - '{{ mesh.liz.gateway }}' + - '1.0.0.1' + - '8.8.8.8' vpn_proxy_filter_container_name: 'headscale-proxy' proxy_base: '/etc/docker/compose/proxy' diff --git a/group_vars/silverbullet.yml b/group_vars/silverbullet.yml index d24cb47..4d4623e 100644 --- a/group_vars/silverbullet.yml +++ b/group_vars/silverbullet.yml @@ -2,3 +2,5 @@ silverbullet_base: "{{ swarm_base }}/silverbullet" silverbullet_domain: "notes.{{ domain }}" + +notes_user_group: "notes_users@{{ idm_domain }}" diff --git a/group_vars/traefik.yml b/group_vars/traefik.yml index 35c1483..5e2a056 100644 --- a/group_vars/traefik.yml +++ b/group_vars/traefik.yml @@ -3,3 +3,7 @@ certs_email: "{{ cloudflare_email }}" traefik_base: "{{ swarm_base }}/traefik" traefik_domain: "proxy.{{ domain }}" + +forwardauth_headers: "Set-Cookie,Authorization,X-Forwarded-User,X-Forwarded-Email,X-Forwarded-Preferred-Username,X-Forwarded-Groups,X-Forwarded-{{ oauth_proxy_super_secret_header }},X-Auth-Request-User,X-Auth-Request-Email,X-Auth-Request-Preferred-Username,X-Auth-Request-Groups,X-Auth-Request-{{ oauth_proxy_super_secret_header }}" + +oauth_proxy_group: "oauth_proxy_users@{{ idm_domain }}" |