my-ansible/inventories/cave/group_vars/all/gateway.yml
2021-02-23 19:12:00 +01:00

286 lines
9.3 KiB
YAML

---
public_address: 15.161.166.194
gateway:
proxied_services:
- domain_name: sync.troubles.io
internal_ip: 192.168.122.11
internal_port: 8384
cert_email: blallo@troubles.ga
redirect_to_https: yes
- domain_name: drone.troubles.io
internal_ip: 192.168.122.10
internal_port: 8080
cert_email: blallo@troubles.ga
redirect_to_https: yes
- domain_name: bt.troubles.io
internal_ip: 192.168.122.11
internal_port: 8081
cert_email: blallo@troubles.ga
redirect_to_https: no
websockets:
path: /service
internal_ip: 192.168.122.11
internal_port: 8412
- domain_name: flix.troubles.io
internal_ip: 192.168.122.11
internal_port: 8080
redirect_to_https: no
http_opts:
- proxy_http_version 1.1;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection $http_connection;
- domain_name: repo.troubles.io
internal_ip: 192.168.122.10
internal_port: 8081
cert_email: blallo@troubles.ga
redirect_to_https: yes
- domain_name: minos.cockpit.troubles.io
internal_ip: 127.0.0.1
internal_port: 9090
cert_email: blallo@troubles.ga
redirect_to_https: yes
https_opts:
- proxy_http_version 1.1;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection $http_connection;
websockets:
path: /cockpit/socket
internal_ip: 127.0.0.1
internal_port: 9090
- domain_name: srv.cockpit.troubles.io
internal_ip: 192.168.122.11
internal_port: 9090
cert_email: blallo@troubles.ga
redirect_to_https: yes
https_opts:
- proxy_http_version 1.1;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection $http_connection;
websockets:
path: /cockpit/socket
internal_ip: 192.168.122.11
internal_port: 9090
- domain_name: mercury.cockpit.troubles.io
internal_ip: 192.168.122.10
internal_port: 9090
cert_email: blallo@troubles.ga
redirect_to_https: yes
https_opts:
- proxy_http_version 1.1;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection $http_connection;
websockets:
path: /cockpit/socket
internal_ip: 192.168.122.10
internal_port: 9090
- domain_name: athena.cockpit.troubles.io
internal_ip: 192.168.122.254
internal_port: 9090
cert_email: blallo@troubles.ga
redirect_to_https: yes
https_opts:
- proxy_http_version 1.1;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection $http_connection;
websockets:
path: /cockpit/socket
internal_ip: 192.168.122.254
internal_port: 9090
- domain_name: stakhanov.cockpit.troubles.io
internal_ip: 192.168.122.1
internal_port: 9090
cert_email: blallo@troubles.ga
redirect_to_https: yes
https_opts:
- proxy_http_version 1.1;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection $http_connection;
websockets:
path: /cockpit/socket
internal_ip: 192.168.122.1
internal_port: 9090
- domain_name: proro.ga
internal_ip: 192.168.122.254
internal_port: 230
cert_email: blallo@troubles.ga
redirect_to_https: yes
https_opts:
- proxy_http_version 1.1;
- proxy_set_header Upgrade $http_upgrade;
- proxy_set_header Connection $http_connection;
- domain_name: los.troubles.io
internal_ip: 192.168.122.10
internal_port: 8082
cert_email: blallo@troubles.ga
redirect_to_https: yes
https_custom_locations:
- rule: /builds/
conf_lines:
- "proxy_pass http://192.168.122.10:8083"
- "proxy_set_header Host $remote_addr"
- "proxy_set_header X-Forwarded-Proto $scheme"
- "proxy_set_header X-Forwarded-Port $server_port"
- "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for"
- rule: /builds.json
conf_lines:
- "proxy_pass http://192.168.122.10:8083"
- "proxy_set_header Host $remote_addr"
- "proxy_set_header X-Forwarded-Proto $scheme"
- "proxy_set_header X-Forwarded-Port $server_port"
- "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for"
https_custom_configurations:
- "rewrite ^/builds$ /builds/ permanent"
- domain_name: cam.troubles.io
internal_ip: 192.168.1.8
internal_port: 8080
cert_email: blallo@troubles.ga
redirect_to_https: yes
password_protect: yes
password_file: /etc/nginx/.cam.troubles.io-htpasswd
username: leo
password: !vault |
$ANSIBLE_VAULT;1.2;AES256;cave
65636138313034316234643236313733343361623337356464643937666439633535343930343166
3935646261386666343535303734666166336562353539310a643733653163666333636531366139
63343764616135306661646433346435376334636431303033363364313930613864373834343036
6636376437643466380a363633323731663430386237623632383164643161643934636331633338
66333538353864326162313234616262633831663638396564386337343235336661
https_custom_locations:
- rule: /0/
conf_lines:
- "proxy_pass http://192.168.1.8:8081/0/stream"
- "proxy_set_header Host $remote_addr"
- "proxy_set_header X-Forwarded-Proto $scheme"
- "proxy_set_header X-Forwarded-Port $server_port"
- "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for"
firewall:
home_iface: enp0s0
public_iface: internet
vm_iface: eth0
forwarded_ports:
- zone: home
from:
port: 16493
addr: 192.168.1.20
proto: "tcp"
to:
port: 16493
addr: 192.168.122.11
- zone: home
from:
port: 16309
addr: 192.168.1.20
proto: "udp"
to:
port: 16309
addr: 192.168.122.11
- zone: home
from:
port: 16362
addr: 192.168.1.20
proto: "udp"
to:
port: 16362
addr: 192.168.122.11
- zone: home
from:
port: 445
addr: 192.168.1.20
proto: "tcp"
to:
port: 445
addr: 192.168.122.11
- zone: home
from:
port: 139
addr: 192.168.1.20
proto: "tcp"
to:
port: 139
addr: 192.168.122.11
- zone: home
from:
port: 138
addr: 192.168.1.20
proto: "udp"
to:
port: 138
addr: 192.168.122.11
- zone: home
from:
port: 137
addr: 192.168.1.20
proto: "udp"
to:
port: 137
addr: 192.168.122.11
- zone: home
from:
port: 22000
addr: 192.168.1.20
proto: "tcp"
to:
port: 22000
addr: 192.168.122.11
- zone: public
from:
port: 31337
addr: "{{ public_address }}"
proto: "tcp"
to:
port: 22
addr: 192.168.122.254
- zone: public
from:
port: 22000
addr: "{{ public_address }}"
proto: "tcp"
to:
port: 22000
addr: 192.168.122.11
- zone: public
from:
port: 21027
addr: "{{ public_address }}"
proto: "udp"
to:
port: 21027
addr: 192.168.122.11
ivacy:
username: ivacy0d8560848
password: !vault |
$ANSIBLE_VAULT;1.2;AES256;cave
30633462393336626266333038653734303835656533303139326330633864313765643839323266
6239396539393265623837343530363962303664323639630a313563313464663134613166393131
38653731636562346363656466366464366139303935643866373431633631663063353633326337
3433613030373832390a353830626531353161383133643765343362393563383565386136643736
6465
vpn:
name: internet
this_ip: 10.255.255.2
listen_port: 10666
private_key: !vault |
$ANSIBLE_VAULT;1.2;AES256;cave
37393062623161343361356130626630393065616162646535366265386363643063343261326462
3030383034383638386233393434346132323238633565660a393231623939626532643435363136
31653734636337633738376561316137303861373339323131326632316539646262626138323764
3064346233613934390a396663393236323733323930363162613937623064643637303839333339
35383638313137353966663531326432623661336165303036353162393135656362633037386639
3531323065623833336435323561393066333166396536653333
endpoint:
url: 15.161.228.33
this_ip: 10.255.255.1
port: 21212
public_key: !vault |
$ANSIBLE_VAULT;1.2;AES256;sea
34323535393334613237396532333836383734626538393066386630613838663236633832336330
6333653838326438313634633966336431383066646633340a383930306430363662306161633966
34623333613935613434323631383961386266643765386164333965643661356333363834373565
3633343833306164660a313164353466343032643937633934653830386234323361343433626635
30653132636230346338323332386363343266316666643137613239366263336238643535353162
3565643330643833383531343937323839626434646565346439