collabora: migrate to new infra

group_vars/infra/firewall.yml

@@ -119,6 +119,10 @@ firewall__zones:
     addrs:
       - 2a09:6840:215::1:1
       - 45.66.111.206
+  collabora.ext:
+    addrs:
+      - 2a09:6840:211::1:1
+      - 10.211.1.1
 
 firewall__input:
   - iif:
@@ -287,6 +291,22 @@ firewall__forward:
     protocols:
       icmp: true
     verdict: accept
+  # Proxy -> Collabora
+  - src: proxy.pub
+    dst: collabora.ext
+    protocols:
+      tcp:
+        dport: 9980
+    verdict: accept
+  # Collabora -> Proxy
+  - src: collabora.ext
+    dst: proxy.pub
+    protocols:
+      tcp:
+        dport:
+          - 80
+          - 443
+    verdict: accept
 
 firewall__nat:
   - src: 10.0.0.0/8

host_vars/ns-master.int.infra.auro.re/knotd.yml

@@ -281,6 +281,7 @@ knotd__zones:
           - grafana
           - nextcloud
           - cloud
+          - office
         target: proxy.pub.infra
       - name:
           - netbox
@@ -290,7 +291,6 @@ knotd__zones:
           - gitea
           - re2o
           - vote
-          - office
         target: proxy
       - name: intranet
         target: re2o
@@ -494,10 +494,10 @@ knotd__zones:
         - 2a09:6840:211::1:5
         - 10.211.1.5
       collabora.ext:
-        #- 2a09:6840:128::220
+        - 2a09:6840:211::1:1
-        - 10.128.0.220
+        - 10.211.1.1
       proxy.pub:
-        - 2a09:6840:214::1:1
+        - 2a09:6840:215::1:1
         - 45.66.111.206
 
   108.66.45.in-addr.arpa:

host_vars/proxy.pub.infra.auro.re.yml

@@ -37,6 +37,10 @@ caddy__routes_https:
     reverse:
       - "[2a09:6840:128::98]:3000"
       - 10.128.0.98:3000
+  office.auro.re:
+    reverse:
+      - "[2a09:6840:211::1:1]:9980"
+      - 10.211.1.1:9980
   nextcloud.auro.re:
     headers:
       location: "https://cloud.auro.re{http.request.uri}"