286 lines
9.3 KiB
YAML
286 lines
9.3 KiB
YAML
---
|
|
public_address: 15.161.166.194
|
|
|
|
gateway:
|
|
proxied_services:
|
|
- domain_name: sync.troubles.io
|
|
internal_ip: 192.168.122.11
|
|
internal_port: 8384
|
|
cert_email: blallo@troubles.ga
|
|
redirect_to_https: yes
|
|
- domain_name: drone.troubles.io
|
|
internal_ip: 192.168.122.10
|
|
internal_port: 8080
|
|
cert_email: blallo@troubles.ga
|
|
redirect_to_https: yes
|
|
- domain_name: bt.troubles.io
|
|
internal_ip: 192.168.122.11
|
|
internal_port: 8081
|
|
cert_email: blallo@troubles.ga
|
|
redirect_to_https: no
|
|
websockets:
|
|
path: /service
|
|
internal_ip: 192.168.122.11
|
|
internal_port: 8412
|
|
- domain_name: flix.troubles.io
|
|
internal_ip: 192.168.122.11
|
|
internal_port: 8080
|
|
redirect_to_https: no
|
|
http_opts:
|
|
- proxy_http_version 1.1;
|
|
- proxy_set_header Upgrade $http_upgrade;
|
|
- proxy_set_header Connection $http_connection;
|
|
- domain_name: repo.troubles.io
|
|
internal_ip: 192.168.122.10
|
|
internal_port: 8081
|
|
cert_email: blallo@troubles.ga
|
|
redirect_to_https: yes
|
|
- domain_name: minos.cockpit.troubles.io
|
|
internal_ip: 127.0.0.1
|
|
internal_port: 9090
|
|
cert_email: blallo@troubles.ga
|
|
redirect_to_https: yes
|
|
https_opts:
|
|
- proxy_http_version 1.1;
|
|
- proxy_set_header Upgrade $http_upgrade;
|
|
- proxy_set_header Connection $http_connection;
|
|
websockets:
|
|
path: /cockpit/socket
|
|
internal_ip: 127.0.0.1
|
|
internal_port: 9090
|
|
- domain_name: srv.cockpit.troubles.io
|
|
internal_ip: 192.168.122.11
|
|
internal_port: 9090
|
|
cert_email: blallo@troubles.ga
|
|
redirect_to_https: yes
|
|
https_opts:
|
|
- proxy_http_version 1.1;
|
|
- proxy_set_header Upgrade $http_upgrade;
|
|
- proxy_set_header Connection $http_connection;
|
|
websockets:
|
|
path: /cockpit/socket
|
|
internal_ip: 192.168.122.11
|
|
internal_port: 9090
|
|
- domain_name: mercury.cockpit.troubles.io
|
|
internal_ip: 192.168.122.10
|
|
internal_port: 9090
|
|
cert_email: blallo@troubles.ga
|
|
redirect_to_https: yes
|
|
https_opts:
|
|
- proxy_http_version 1.1;
|
|
- proxy_set_header Upgrade $http_upgrade;
|
|
- proxy_set_header Connection $http_connection;
|
|
websockets:
|
|
path: /cockpit/socket
|
|
internal_ip: 192.168.122.10
|
|
internal_port: 9090
|
|
- domain_name: athena.cockpit.troubles.io
|
|
internal_ip: 192.168.122.254
|
|
internal_port: 9090
|
|
cert_email: blallo@troubles.ga
|
|
redirect_to_https: yes
|
|
https_opts:
|
|
- proxy_http_version 1.1;
|
|
- proxy_set_header Upgrade $http_upgrade;
|
|
- proxy_set_header Connection $http_connection;
|
|
websockets:
|
|
path: /cockpit/socket
|
|
internal_ip: 192.168.122.254
|
|
internal_port: 9090
|
|
- domain_name: stakhanov.cockpit.troubles.io
|
|
internal_ip: 192.168.122.1
|
|
internal_port: 9090
|
|
cert_email: blallo@troubles.ga
|
|
redirect_to_https: yes
|
|
https_opts:
|
|
- proxy_http_version 1.1;
|
|
- proxy_set_header Upgrade $http_upgrade;
|
|
- proxy_set_header Connection $http_connection;
|
|
websockets:
|
|
path: /cockpit/socket
|
|
internal_ip: 192.168.122.1
|
|
internal_port: 9090
|
|
- domain_name: proro.ga
|
|
internal_ip: 192.168.122.254
|
|
internal_port: 230
|
|
cert_email: blallo@troubles.ga
|
|
redirect_to_https: yes
|
|
https_opts:
|
|
- proxy_http_version 1.1;
|
|
- proxy_set_header Upgrade $http_upgrade;
|
|
- proxy_set_header Connection $http_connection;
|
|
- domain_name: los.troubles.io
|
|
internal_ip: 192.168.122.10
|
|
internal_port: 8082
|
|
cert_email: blallo@troubles.ga
|
|
redirect_to_https: yes
|
|
https_custom_locations:
|
|
- rule: /builds/
|
|
conf_lines:
|
|
- "proxy_pass http://192.168.122.10:8083"
|
|
- "proxy_set_header Host $remote_addr"
|
|
- "proxy_set_header X-Forwarded-Proto $scheme"
|
|
- "proxy_set_header X-Forwarded-Port $server_port"
|
|
- "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for"
|
|
- rule: /builds.json
|
|
conf_lines:
|
|
- "proxy_pass http://192.168.122.10:8083"
|
|
- "proxy_set_header Host $remote_addr"
|
|
- "proxy_set_header X-Forwarded-Proto $scheme"
|
|
- "proxy_set_header X-Forwarded-Port $server_port"
|
|
- "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for"
|
|
https_custom_configurations:
|
|
- "rewrite ^/builds$ /builds/ permanent"
|
|
- domain_name: cam.troubles.io
|
|
internal_ip: 192.168.1.8
|
|
internal_port: 8080
|
|
cert_email: blallo@troubles.ga
|
|
redirect_to_https: yes
|
|
password_protect: yes
|
|
password_file: /etc/nginx/.cam.troubles.io-htpasswd
|
|
username: leo
|
|
password: !vault |
|
|
$ANSIBLE_VAULT;1.2;AES256;cave
|
|
65636138313034316234643236313733343361623337356464643937666439633535343930343166
|
|
3935646261386666343535303734666166336562353539310a643733653163666333636531366139
|
|
63343764616135306661646433346435376334636431303033363364313930613864373834343036
|
|
6636376437643466380a363633323731663430386237623632383164643161643934636331633338
|
|
66333538353864326162313234616262633831663638396564386337343235336661
|
|
https_custom_locations:
|
|
- rule: /0/
|
|
conf_lines:
|
|
- "proxy_pass http://192.168.1.8:8081/0/stream"
|
|
- "proxy_set_header Host $remote_addr"
|
|
- "proxy_set_header X-Forwarded-Proto $scheme"
|
|
- "proxy_set_header X-Forwarded-Port $server_port"
|
|
- "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for"
|
|
|
|
firewall:
|
|
home_iface: enp0s0
|
|
public_iface: internet
|
|
vm_iface: eth0
|
|
forwarded_ports:
|
|
- zone: home
|
|
from:
|
|
port: 16493
|
|
addr: 192.168.1.20
|
|
proto: "tcp"
|
|
to:
|
|
port: 16493
|
|
addr: 192.168.122.11
|
|
- zone: home
|
|
from:
|
|
port: 16309
|
|
addr: 192.168.1.20
|
|
proto: "udp"
|
|
to:
|
|
port: 16309
|
|
addr: 192.168.122.11
|
|
- zone: home
|
|
from:
|
|
port: 16362
|
|
addr: 192.168.1.20
|
|
proto: "udp"
|
|
to:
|
|
port: 16362
|
|
addr: 192.168.122.11
|
|
- zone: home
|
|
from:
|
|
port: 445
|
|
addr: 192.168.1.20
|
|
proto: "tcp"
|
|
to:
|
|
port: 445
|
|
addr: 192.168.122.11
|
|
- zone: home
|
|
from:
|
|
port: 139
|
|
addr: 192.168.1.20
|
|
proto: "tcp"
|
|
to:
|
|
port: 139
|
|
addr: 192.168.122.11
|
|
- zone: home
|
|
from:
|
|
port: 138
|
|
addr: 192.168.1.20
|
|
proto: "udp"
|
|
to:
|
|
port: 138
|
|
addr: 192.168.122.11
|
|
- zone: home
|
|
from:
|
|
port: 137
|
|
addr: 192.168.1.20
|
|
proto: "udp"
|
|
to:
|
|
port: 137
|
|
addr: 192.168.122.11
|
|
- zone: home
|
|
from:
|
|
port: 22000
|
|
addr: 192.168.1.20
|
|
proto: "tcp"
|
|
to:
|
|
port: 22000
|
|
addr: 192.168.122.11
|
|
- zone: public
|
|
from:
|
|
port: 31337
|
|
addr: "{{ public_address }}"
|
|
proto: "tcp"
|
|
to:
|
|
port: 22
|
|
addr: 192.168.122.254
|
|
- zone: public
|
|
from:
|
|
port: 22000
|
|
addr: "{{ public_address }}"
|
|
proto: "tcp"
|
|
to:
|
|
port: 22000
|
|
addr: 192.168.122.11
|
|
- zone: public
|
|
from:
|
|
port: 21027
|
|
addr: "{{ public_address }}"
|
|
proto: "udp"
|
|
to:
|
|
port: 21027
|
|
addr: 192.168.122.11
|
|
|
|
ivacy:
|
|
username: ivacy0d8560848
|
|
password: !vault |
|
|
$ANSIBLE_VAULT;1.2;AES256;cave
|
|
30633462393336626266333038653734303835656533303139326330633864313765643839323266
|
|
6239396539393265623837343530363962303664323639630a313563313464663134613166393131
|
|
38653731636562346363656466366464366139303935643866373431633631663063353633326337
|
|
3433613030373832390a353830626531353161383133643765343362393563383565386136643736
|
|
6465
|
|
|
|
vpn:
|
|
name: internet
|
|
this_ip: 10.255.255.2
|
|
listen_port: 10666
|
|
private_key: !vault |
|
|
$ANSIBLE_VAULT;1.2;AES256;cave
|
|
37393062623161343361356130626630393065616162646535366265386363643063343261326462
|
|
3030383034383638386233393434346132323238633565660a393231623939626532643435363136
|
|
31653734636337633738376561316137303861373339323131326632316539646262626138323764
|
|
3064346233613934390a396663393236323733323930363162613937623064643637303839333339
|
|
35383638313137353966663531326432623661336165303036353162393135656362633037386639
|
|
3531323065623833336435323561393066333166396536653333
|
|
endpoint:
|
|
url: 15.161.228.33
|
|
this_ip: 10.255.255.1
|
|
port: 21212
|
|
public_key: !vault |
|
|
$ANSIBLE_VAULT;1.2;AES256;sea
|
|
34323535393334613237396532333836383734626538393066386630613838663236633832336330
|
|
6333653838326438313634633966336431383066646633340a383930306430363662306161633966
|
|
34623333613935613434323631383961386266643765386164333965643661356333363834373565
|
|
3633343833306164660a313164353466343032643937633934653830386234323361343433626635
|
|
30653132636230346338323332386363343266316666643137613239366263336238643535353162
|
|
3565643330643833383531343937323839626434646565346439
|