ProjectSegfault/ansible
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' of git.projectsegfau.lt:ProjectSegfault/ansible

Browse Source
This commit is contained in:
Midou36O 2024-03-03 11:41:11 +01:00
commit 4c762f1436
Signed by: midou
GPG Key ID: 1D134A95FE521A7A
5 changed files with 42 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
inventory.yml
View File

@ -10,8 +10,8 @@ all:
docker_dir: /opt/docker-privfrontends docker_dir: /opt/docker-privfrontends
server_prefix: eu server_prefix: eu
ansible_become: true # Run everything as root ansible_become: true # Run everything as root
country: Netherlands country: Germany
isp: Nonic Cloud isp: Avoro
wiki_page: Pizza-1 wiki_page: Pizza-1
watchtower_mtrx_username: psf-watchtower-pizza watchtower_mtrx_username: psf-watchtower-pizza
rsyncnet_slug: pizza1 rsyncnet_slug: pizza1

5
pizza1/configs/wireguard/wg0.conf
View File

@ -2,9 +2,8 @@
Address = 10.7.0.1/24, fddd:2c4:2c4:2c4::1/64 Address = 10.7.0.1/24, fddd:2c4:2c4:2c4::1/64
PrivateKey = {{wireguard_private_key}} PrivateKey = {{wireguard_private_key}}
ListenPort = 51820 ListenPort = 51820
PostUp = iptables -I FORWARD -s 10.7.0.0/24 -j ACCEPT; iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT; ip6tables -I FORWARD -s fddd:2c4:2c4:2c4::/64 -j ACCEPT; ip6tables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT; iptables -t nat -I POSTROUTING -s 10.7.0.0/24 ! -d 10.7.0.0/24 -j SNAT --to 89.33.85.209; ip6tables -t nat -I POSTROUTING -s fddd:2c4:2c4:2c4::/64 ! -d fddd:2c4:2c4:2c4::/64 -j SNAT --to 2a12:bec0:20b:21fe::1 PostUp = iptables -I FORWARD -s 10.7.0.0/24 -j ACCEPT; iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT; ip6tables -I FORWARD -s fddd:2c4:2c4:2c4::/64 -j ACCEPT; ip6tables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT; iptables -t nat -I POSTROUTING -s 10.7.0.0/24 ! -d 10.7.0.0/24 -j SNAT --to 45.145.41.226; ip6tables -t nat -I POSTROUTING -s fddd:2c4:2c4:2c4::/64 ! -d fddd:2c4:2c4:2c4::/64 -j SNAT --to 2a0d:5940:99:3::1
PostUp = iptables -D FORWARD -s 10.7.0.0/24 -j ACCEPT; iptables -D FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT; ip6tables -D FORWARD -s fddd:2c4:2c4:2c4::/64 -j ACCEPT; ip6tables -D FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT; iptables -t nat -D POSTROUTING -s 10.7.0.0/24 ! -d 10.7.0.0/24 -j SNAT --to 89.33.85.209; ip6tables -t nat -D POSTROUTING -s fddd:2c4:2c4:2c4::/64 ! -d fddd:2c4:2c4:2c4::/64 -j SNAT --to 2a12:bec0:20b:21fe::1 PostDown = iptables -D FORWARD -s 10.7.0.0/24 -j ACCEPT; iptables -D FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT; ip6tables -D FORWARD -s fddd:2c4:2c4:2c4::/64 -j ACCEPT; ip6tables -D FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT; iptables -t nat -D POSTROUTING -s 10.7.0.0/24 ! -d 10.7.0.0/24 -j SNAT --to 45.145.41.226; ip6tables -t nat -D POSTROUTING -s fddd:2c4:2c4:2c4::/64 ! -d fddd:2c4:2c4:2c4::/64 -j SNAT --to 2a0d:5940:99:3::1
[Peer] [Peer]
PublicKey = {{wireguard_pubnix_pubkey}} PublicKey = {{wireguard_pubnix_pubkey}}
AllowedIPs = 10.7.0.2/32, fddd:2c4:2c4:2c4::2/128 AllowedIPs = 10.7.0.2/32, fddd:2c4:2c4:2c4::2/128

2
privfrontends/templates/Caddyfile.j2
View File

@ -33,7 +33,7 @@
key_name "dynupd" key_name "dynupd"
key_alg "hmac-sha256" key_alg "hmac-sha256"
key "{{ rfc2136_key }}" key "{{ rfc2136_key }}"
server "89.33.85.209:53" server "45.145.41.226:53"
} }
} }
} }

14
privfrontends/templates/in/apps.Caddyfile
View File

@ -236,6 +236,20 @@ rssbridge.projectsegfau.lt, rb.psf.lt {
import def import def
} }
# MatriXMPP Ejabberd
matrixmpp.projectsegfau.lt https://matrixmpp.projectsegfau.lt:8448 {
reverse_proxy :8446 {
header_up X-Real-IP {remote_host}
}
header /.well-known/matrix/* Content-Type application/json
header /.well-known/matrix/* Access-Control-Allow-Origin *
handle_path /.well-known/* {
root * /var/www/matrixmpp-well-known
file_server
}
import acmedns
}
gothub.dev.projectsegfau.lt gh.dev.psf.lt { gothub.dev.projectsegfau.lt gh.dev.psf.lt {
reverse_proxy :1025 reverse_proxy :1025
import def import def

27
privfrontends/templates/in/misc.Caddyfile
View File

@ -1,8 +1,4 @@
# PERSONAL # PERSONAL
https://m.in.projectsegfau.lt:8448 m.in.projectsegfau.lt {
import def
reverse_proxy http://192.168.1.47:8008
}
files.perso.in.projectsegfau.lt files.perso.in.projectsegfau.lt:6942 { files.perso.in.projectsegfau.lt files.perso.in.projectsegfau.lt:6942 {
file_server { file_server {
browse browse
@ -17,3 +13,26 @@ tnfiles.perso.in.projectsegfau.lt {
root * /zfspool/files/tn-sw root * /zfspool/files/tn-sw
import acmedns import acmedns
} }
mozhi.aryak.me {
reverse_proxy :5046
}
dhairya.aryak.me {
header /.well-known/matrix/* Content-Type application/json
header /.well-known/matrix/* Access-Control-Allow-Origin *
handle_path /.well-known/* {
root * /var/www/perso-well-known
file_server
}
}
http://*.tildevarsh.in https://tildevarsh.in {
respond `R.I.P ~varsh, you'll be missed. :q!
If you are a varsh user and want to get your data, email me@aryak.me with your username from your registered email address.
`
}
schfiles.aryak.me {
file_server {
browse
}
root * /zfspool/schfiles
}