grafana-ng: configuration firewall, dns, caddy
This commit is contained in:
parent
1deba6ebf8
commit
b7c1b86056
4 changed files with 46 additions and 10 deletions
|
@ -90,6 +90,14 @@ firewall__zones:
|
|||
addrs:
|
||||
- 2a09:6840:128::98
|
||||
- 10.128.0.98
|
||||
re2o-ldap.adm:
|
||||
addrs:
|
||||
- 2a09:6840:128::21
|
||||
- 10.128.0.21
|
||||
ldap-replica-edc.adm:
|
||||
addrs:
|
||||
- 2a09:6840:128::4:249
|
||||
- 10.128.4.249
|
||||
nextcloud.adm:
|
||||
addrs:
|
||||
- 2a09:6840:128::58
|
||||
|
@ -123,6 +131,10 @@ firewall__zones:
|
|||
addrs:
|
||||
- 2a09:6840:211::1:1
|
||||
- 10.211.1.1
|
||||
grafana.ext:
|
||||
addrs:
|
||||
- 2a09:6840:211::1:7
|
||||
- 10.211.1.7
|
||||
ns-1.pub:
|
||||
addrs:
|
||||
- 2a09:6840:215::1:2
|
||||
|
@ -268,6 +280,25 @@ firewall__forward:
|
|||
tcp:
|
||||
dport: 9090
|
||||
verdict: accept
|
||||
# Prometheus for Grafana nixos
|
||||
- src: grafana.ext
|
||||
dst: prometheus.int
|
||||
protocols:
|
||||
tcp:
|
||||
dport: 9090
|
||||
verdict: accept
|
||||
- src: grafana.ext
|
||||
dst: re2o-ldap.adm
|
||||
protocols:
|
||||
tcp:
|
||||
dport: 389
|
||||
verdict: accept
|
||||
- src: grafana.ext
|
||||
dst: ldap-replica-edc.adm
|
||||
protocols:
|
||||
tcp:
|
||||
dport: 389
|
||||
verdict: accept
|
||||
# Admin VPN clients
|
||||
- src: vpn-clients
|
||||
dst: infra
|
||||
|
@ -342,6 +373,12 @@ firewall__forward:
|
|||
tcp:
|
||||
dport: 3000
|
||||
verdict: accept
|
||||
- src: proxy.pub
|
||||
dst: grafana.ext
|
||||
protocols:
|
||||
tcp:
|
||||
dport: 80
|
||||
verdict: accept
|
||||
- src: proxy.pub
|
||||
dst: nextcloud.adm
|
||||
protocols:
|
||||
|
|
|
@ -343,6 +343,9 @@ knotd__hosts:
|
|||
collabora.ext:
|
||||
- 2a09:6840:211::1:1
|
||||
- 10.211.1.1
|
||||
grafana.ext:
|
||||
- 2a09:6840:211::1:7
|
||||
- 10.211.1.7
|
||||
proxy.pub:
|
||||
- 2a09:6840:215::1:1
|
||||
- 45.66.111.206
|
||||
|
@ -378,17 +381,14 @@ knotd__zones:
|
|||
- target:
|
||||
- ns-1.pub.infra
|
||||
- ns-2.pub.infra
|
||||
- ns-3.ovh.infra
|
||||
- name: infra
|
||||
target:
|
||||
- ns-1.pub.infra
|
||||
- ns-2.pub.infra
|
||||
- ns-3.ovh.infra
|
||||
- name: test
|
||||
target:
|
||||
- ns-1.pub.infra
|
||||
- ns-2.pub.infra
|
||||
- ns-3.ovh.infra
|
||||
- name: adm
|
||||
target:
|
||||
- serge
|
||||
|
@ -436,6 +436,7 @@ knotd__zones:
|
|||
target: proxy-ovh
|
||||
- name:
|
||||
- grafana
|
||||
- grafana-ng
|
||||
- nextcloud
|
||||
- cloud
|
||||
- office
|
||||
|
@ -495,7 +496,6 @@ knotd__zones:
|
|||
- target:
|
||||
- ns-1.pub.infra.auro.re.
|
||||
- ns-2.pub.infra.auro.re.
|
||||
- ns-3.ovh.infra.auro.re.
|
||||
mx:
|
||||
- exchange: mx
|
||||
preference: 5
|
||||
|
@ -524,7 +524,6 @@ knotd__zones:
|
|||
- target:
|
||||
- ns-1.pub.infra.auro.re.
|
||||
- ns-2.pub.infra.auro.re.
|
||||
- ns-3.ovh.infra.auro.re.
|
||||
hosts: "{{ knotd__hosts['infra.auro.re'] }}"
|
||||
|
||||
108.66.45.in-addr.arpa:
|
||||
|
@ -541,7 +540,6 @@ knotd__zones:
|
|||
- target:
|
||||
- ns-1.pub.infra.auro.re.
|
||||
- ns-2.pub.infra.auro.re.
|
||||
- ns-3.ovh.infra.auro.re.
|
||||
109.66.45.in-addr.arpa:
|
||||
dnssec_policy: ripe
|
||||
notify:
|
||||
|
@ -556,7 +554,6 @@ knotd__zones:
|
|||
- target:
|
||||
- ns-1.pub.infra.auro.re.
|
||||
- ns-2.pub.infra.auro.re.
|
||||
- ns-3.ovh.infra.auro.re.
|
||||
110.66.45.in-addr.arpa:
|
||||
dnssec_policy: ripe
|
||||
notify:
|
||||
|
@ -571,7 +568,6 @@ knotd__zones:
|
|||
- target:
|
||||
- ns-1.pub.infra.auro.re.
|
||||
- ns-2.pub.infra.auro.re.
|
||||
- ns-3.ovh.infra.auro.re.
|
||||
reverse_hosts: "{{ knotd__hosts['adh.auro.re']
|
||||
| ip_filter(['45.66.110.0/24'])
|
||||
| add_origin_keys('adh.auro.re.') }}"
|
||||
|
@ -589,7 +585,6 @@ knotd__zones:
|
|||
- target:
|
||||
- ns-1.pub.infra.auro.re.
|
||||
- ns-2.pub.infra.auro.re.
|
||||
- ns-3.ovh.infra.auro.re.
|
||||
reverse_hosts: "{{ knotd__hosts['auro.re']
|
||||
| ip_filter(['45.66.111.0/24'])
|
||||
| add_origin_keys('auro.re.') }}"
|
||||
|
@ -607,7 +602,6 @@ knotd__zones:
|
|||
- target:
|
||||
- ns-1.pub.infra.auro.re.
|
||||
- ns-2.pub.infra.auro.re.
|
||||
- ns-3.ovh.infra.auro.re.
|
||||
reverse_hosts: "{{ knotd__hosts['auro.re']
|
||||
| ip_filter(['2a09:6840::/32'])
|
||||
| add_origin_keys('auro.re.')
|
||||
|
|
|
@ -37,6 +37,10 @@ caddy__routes_https:
|
|||
reverse:
|
||||
- "[2a09:6840:128::98]:3000"
|
||||
- 10.128.0.98:3000
|
||||
grafana-ng.auro.re:
|
||||
reverse:
|
||||
- "[2a09:6840:211::1:7]:80"
|
||||
- 10.211.1.7:80
|
||||
office.auro.re:
|
||||
reverse:
|
||||
- "[2a09:6840:211::1:1]:9980"
|
||||
|
|
|
@ -4,6 +4,7 @@
|
|||
ansible_2_16
|
||||
python313Packages.jinja2
|
||||
python313Packages.requests
|
||||
python313Packages.pydantic_1
|
||||
python313Packages.pysocks
|
||||
python313Packages.dns
|
||||
];
|
||||
|
|
Loading…
Reference in a new issue