From ce8931e6fe1fc1e9bd004f9357e15309d1265975 Mon Sep 17 00:00:00 2001
From: Elizabeth Hunt <me@liz.coffee>
Date: Tue, 1 Apr 2025 00:23:21 -0700
Subject: more progress on proxy routing and stuff

---
 .../roles/outbound/templates/proxy/docker-compose.yml   | 17 ++++++++---------
 .../outbound/templates/proxy/sites-enabled/default.conf |  7 +++++++
 .../outbound/templates/proxy/sites-enabled/idm.conf     | 13 +++++++++++++
 3 files changed, 28 insertions(+), 9 deletions(-)
 create mode 100644 playbooks/roles/outbound/templates/proxy/sites-enabled/default.conf
 create mode 100644 playbooks/roles/outbound/templates/proxy/sites-enabled/idm.conf

(limited to 'playbooks/roles/outbound/templates')

diff --git a/playbooks/roles/outbound/templates/proxy/docker-compose.yml b/playbooks/roles/outbound/templates/proxy/docker-compose.yml
index 3074047..7deea56 100644
--- a/playbooks/roles/outbound/templates/proxy/docker-compose.yml
+++ b/playbooks/roles/outbound/templates/proxy/docker-compose.yml
@@ -7,6 +7,10 @@ services:
       - TS_STATE_DIR=/var/lib/tailscale
       - TS_USERSPACE=false
       - TZ={{ timezone }}
+
+      - VIRTUAL_HOST=*.{{ domain }},{{ domain }}
+      - VIRTUAL_PORT=80
+      - LETSENCRYPT_HOST=*.{{ domain }},{{ domain }}
     hostname: headscale-outbound
     restart: unless-stopped
     cap_add:
@@ -16,21 +20,16 @@ services:
       - ./data:/var/lib/tailscale
       - /dev/net/tun:/dev/net/tun
     networks:
-      - headnet
+      - proxy
   proxy:
     image: nginx:latest
+    network_mode: service:headscale-client
     depends_on:
       - headscale-client
-    networks:
-      - proxy
-      - headnet
-    environment:
-      - VIRTUAL_HOST=*.{{ domain }},{{ domain }}
-      - VIRTUAL_PORT=80
-      - LETSENCRYPT_HOST=*.{{ domain }},{{ domain }}
+    volumes:
+      - ./sites-enabled:/etc/nginx/conf.d
 
 networks:
-  headnet:
   proxy:
     external: true
 
diff --git a/playbooks/roles/outbound/templates/proxy/sites-enabled/default.conf b/playbooks/roles/outbound/templates/proxy/sites-enabled/default.conf
new file mode 100644
index 0000000..d127cc5
--- /dev/null
+++ b/playbooks/roles/outbound/templates/proxy/sites-enabled/default.conf
@@ -0,0 +1,7 @@
+server {
+    listen 80 default_server;
+
+    location / {
+        return 404;
+    }
+}
diff --git a/playbooks/roles/outbound/templates/proxy/sites-enabled/idm.conf b/playbooks/roles/outbound/templates/proxy/sites-enabled/idm.conf
new file mode 100644
index 0000000..c85ebcf
--- /dev/null
+++ b/playbooks/roles/outbound/templates/proxy/sites-enabled/idm.conf
@@ -0,0 +1,13 @@
+server {
+    listen 80;
+    server_name idm.liz.coffee;
+
+    location / {
+        proxy_pass https://{{ loadbalancer_ip }};
+        proxy_ssl_verify off;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}
-- 
cgit v1.2.3-70-g09d2