--- public_address: 15.161.166.194 gateway: proxied_services: - domain_name: feeds.troubles.io internal_ip: 192.168.122.11 internal_port: 8082 cert_email: blallo@troubles.ga redirect_to_https: yes password_protect: yes password_file: /etc/nginx/.feeds.troubles.io-htpasswd username: leo password: !vault | $ANSIBLE_VAULT;1.2;AES256;cave 65623634313061616164396262613433643132333838353662343136623932333935646435376261 3663376338353466653465356136613236623261313934630a346234653438366362306538393966 35653139643361633639343035633461623338626139653262323632633038313935613362363932 3930386463366238640a636631663265633962336134656462653536663539663666623164633165 38653838383766306430336233393662373765333533366438343665663561613535393561363034 3538343630313964306334346563393563663865656663396664 - domain_name: sync.troubles.io internal_ip: 192.168.122.11 internal_port: 8384 cert_email: blallo@troubles.ga redirect_to_https: yes - domain_name: drone.troubles.io internal_ip: 192.168.122.10 internal_port: 8080 cert_email: blallo@troubles.ga redirect_to_https: yes - domain_name: bt.troubles.io internal_ip: 192.168.122.11 internal_port: 8081 cert_email: blallo@troubles.ga redirect_to_https: no websockets: path: /service internal_ip: 192.168.122.11 internal_port: 8412 - domain_name: flix.troubles.io internal_ip: 192.168.122.11 internal_port: 8080 redirect_to_https: no http_opts: - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $http_connection; - domain_name: repo.troubles.io internal_ip: 192.168.122.10 internal_port: 8081 cert_email: blallo@troubles.ga redirect_to_https: yes - domain_name: minos.cockpit.troubles.io internal_ip: 127.0.0.1 internal_port: 9090 cert_email: blallo@troubles.ga redirect_to_https: yes https_opts: - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $http_connection; websockets: path: /cockpit/socket internal_ip: 127.0.0.1 internal_port: 9090 - domain_name: srv.cockpit.troubles.io internal_ip: 192.168.122.11 internal_port: 9090 cert_email: blallo@troubles.ga redirect_to_https: yes https_opts: - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $http_connection; websockets: path: /cockpit/socket internal_ip: 192.168.122.11 internal_port: 9090 - domain_name: mercury.cockpit.troubles.io internal_ip: 192.168.122.10 internal_port: 9090 cert_email: blallo@troubles.ga redirect_to_https: yes https_opts: - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $http_connection; websockets: path: /cockpit/socket internal_ip: 192.168.122.10 internal_port: 9090 - domain_name: athena.cockpit.troubles.io internal_ip: 192.168.122.254 internal_port: 9090 cert_email: blallo@troubles.ga redirect_to_https: yes https_opts: - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $http_connection; websockets: path: /cockpit/socket internal_ip: 192.168.122.254 internal_port: 9090 - domain_name: stakhanov.cockpit.troubles.io internal_ip: 192.168.122.1 internal_port: 9090 cert_email: blallo@troubles.ga redirect_to_https: yes https_opts: - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $http_connection; websockets: path: /cockpit/socket internal_ip: 192.168.122.1 internal_port: 9090 - domain_name: proro.ga internal_ip: 192.168.122.254 internal_port: 230 cert_email: blallo@troubles.ga redirect_to_https: yes https_opts: - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $http_connection; - domain_name: los.troubles.io internal_ip: 192.168.122.10 internal_port: 8082 cert_email: blallo@troubles.ga redirect_to_https: yes https_custom_locations: - rule: /builds/ conf_lines: - "proxy_pass http://192.168.122.10:8083" - "proxy_set_header Host $remote_addr" - "proxy_set_header X-Forwarded-Proto $scheme" - "proxy_set_header X-Forwarded-Port $server_port" - "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for" - rule: /builds.json conf_lines: - "proxy_pass http://192.168.122.10:8083" - "proxy_set_header Host $remote_addr" - "proxy_set_header X-Forwarded-Proto $scheme" - "proxy_set_header X-Forwarded-Port $server_port" - "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for" https_custom_configurations: - "rewrite ^/builds$ /builds/ permanent" - domain_name: cam.troubles.io internal_ip: 192.168.1.8 internal_port: 8080 cert_email: blallo@troubles.ga redirect_to_https: yes password_protect: yes password_file: /etc/nginx/.cam.troubles.io-htpasswd username: leo password: !vault | $ANSIBLE_VAULT;1.2;AES256;cave 65636138313034316234643236313733343361623337356464643937666439633535343930343166 3935646261386666343535303734666166336562353539310a643733653163666333636531366139 63343764616135306661646433346435376334636431303033363364313930613864373834343036 6636376437643466380a363633323731663430386237623632383164643161643934636331633338 66333538353864326162313234616262633831663638396564386337343235336661 https_custom_locations: - rule: /0/ conf_lines: - "proxy_pass http://192.168.1.8:8081/0/stream" - "proxy_set_header Host $remote_addr" - "proxy_set_header X-Forwarded-Proto $scheme" - "proxy_set_header X-Forwarded-Port $server_port" - "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for" - domain_name: insta.troubles.io internal_ip: 192.168.122.11 internal_port: 10407 cert_email: blallo@troubles.ga redirect_to_https: yes password_protect: yes password_file: /etc/nginx/.insta.troubles.io-htpasswd username: insta password: !vault | $ANSIBLE_VAULT;1.2;AES256;cave 33313434396138353666356631616436323566653237383661623433393362373736666236633465 3132666533303532643137663632303337333265383261310a646235326639303433626466356462 66303631633961353738336633616139333239336231613936386535313634626132306163646430 6131373761353966380a336530396564666665346135323038646438303832613132616431346534 31363561346464353632353636353838393937306332653565306632343033396130 firewall: home_iface: enp0s0 public_iface: internet vm_iface: eth0 forwarded_ports: - zone: home from: port: 16493 addr: 192.168.1.20 proto: "tcp" to: port: 16493 addr: 192.168.122.11 - zone: home from: port: 16309 addr: 192.168.1.20 proto: "udp" to: port: 16309 addr: 192.168.122.11 - zone: home from: port: 16362 addr: 192.168.1.20 proto: "udp" to: port: 16362 addr: 192.168.122.11 - zone: home from: port: 445 addr: 192.168.1.20 proto: "tcp" to: port: 445 addr: 192.168.122.11 - zone: home from: port: 139 addr: 192.168.1.20 proto: "tcp" to: port: 139 addr: 192.168.122.11 - zone: home from: port: 138 addr: 192.168.1.20 proto: "udp" to: port: 138 addr: 192.168.122.11 - zone: home from: port: 137 addr: 192.168.1.20 proto: "udp" to: port: 137 addr: 192.168.122.11 - zone: home from: port: 22000 addr: 192.168.1.20 proto: "tcp" to: port: 22000 addr: 192.168.122.11 - zone: public from: port: 31337 addr: "{{ public_address }}" proto: "tcp" to: port: 22 addr: 192.168.122.254 - zone: public from: port: 22000 addr: "{{ public_address }}" proto: "tcp" to: port: 22000 addr: 192.168.122.11 - zone: public from: port: 21027 addr: "{{ public_address }}" proto: "udp" to: port: 21027 addr: 192.168.122.11 ivacy: username: ivacy0d8560848 password: !vault | $ANSIBLE_VAULT;1.2;AES256;cave 30633462393336626266333038653734303835656533303139326330633864313765643839323266 6239396539393265623837343530363962303664323639630a313563313464663134613166393131 38653731636562346363656466366464366139303935643866373431633631663063353633326337 3433613030373832390a353830626531353161383133643765343362393563383565386136643736 6465 vpn: name: internet this_ip: 10.255.255.2 listen_port: 10666 private_key: !vault | $ANSIBLE_VAULT;1.2;AES256;cave 37393062623161343361356130626630393065616162646535366265386363643063343261326462 3030383034383638386233393434346132323238633565660a393231623939626532643435363136 31653734636337633738376561316137303861373339323131326632316539646262626138323764 3064346233613934390a396663393236323733323930363162613937623064643637303839333339 35383638313137353966663531326432623661336165303036353162393135656362633037386639 3531323065623833336435323561393066333166396536653333 endpoint: url: 15.161.228.33 this_ip: 10.255.255.1 port: 21212 public_key: !vault | $ANSIBLE_VAULT;1.2;AES256;sea 34323535393334613237396532333836383734626538393066386630613838663236633832336330 6333653838326438313634633966336431383066646633340a383930306430363662306161633966 34623333613935613434323631383961386266643765386164333965643661356333363834373565 3633343833306164660a313164353466343032643937633934653830386234323361343433626635 30653132636230346338323332386363343266316666643137613239366263336238643535353162 3565643330643833383531343937323839626434646565346439