diff --git a/group_vars/infra/firewall.yml b/group_vars/infra/firewall.yml index 6af8fee..ccd4510 100644 --- a/group_vars/infra/firewall.yml +++ b/group_vars/infra/firewall.yml @@ -119,6 +119,10 @@ firewall__zones: addrs: - 2a09:6840:215::1:1 - 45.66.111.206 + collabora.ext: + addrs: + - 2a09:6840:211::1:1 + - 10.211.1.1 firewall__input: - iif: @@ -287,6 +291,22 @@ firewall__forward: protocols: icmp: true verdict: accept + # Proxy -> Collabora + - src: proxy.pub + dst: collabora.ext + protocols: + tcp: + dport: 9980 + verdict: accept + # Collabora -> Proxy + - src: collabora.ext + dst: proxy.pub + protocols: + tcp: + dport: + - 80 + - 443 + verdict: accept firewall__nat: - src: 10.0.0.0/8 diff --git a/host_vars/ns-master.int.infra.auro.re/knotd.yml b/host_vars/ns-master.int.infra.auro.re/knotd.yml index 2a74758..227d535 100644 --- a/host_vars/ns-master.int.infra.auro.re/knotd.yml +++ b/host_vars/ns-master.int.infra.auro.re/knotd.yml @@ -281,6 +281,7 @@ knotd__zones: - grafana - nextcloud - cloud + - office target: proxy.pub.infra - name: - netbox @@ -290,7 +291,6 @@ knotd__zones: - gitea - re2o - vote - - office target: proxy - name: intranet target: re2o @@ -494,10 +494,10 @@ knotd__zones: - 2a09:6840:211::1:5 - 10.211.1.5 collabora.ext: - #- 2a09:6840:128::220 - - 10.128.0.220 + - 2a09:6840:211::1:1 + - 10.211.1.1 proxy.pub: - - 2a09:6840:214::1:1 + - 2a09:6840:215::1:1 - 45.66.111.206 108.66.45.in-addr.arpa: diff --git a/host_vars/proxy.pub.infra.auro.re.yml b/host_vars/proxy.pub.infra.auro.re.yml index 3a41c3d..0e4883a 100644 --- a/host_vars/proxy.pub.infra.auro.re.yml +++ b/host_vars/proxy.pub.infra.auro.re.yml @@ -37,6 +37,10 @@ caddy__routes_https: reverse: - "[2a09:6840:128::98]:3000" - 10.128.0.98:3000 + office.auro.re: + reverse: + - "[2a09:6840:211::1:1]:9980" + - 10.211.1.1:9980 nextcloud.auro.re: headers: location: "https://cloud.auro.re{http.request.uri}"