ansible/host_vars/proxy.pub.infra.auro.re.yml

---
systemd_link__links:
  pub0: ae:ae:ae:3a:71:0b

ifupdown2__interfaces:
  pub0:
    addresses:
      - 2a09:6840:215::1:1/64
      - 45.66.111.206/30
    gateways: "{{ ifupdown2__gateways.pub }}"

caddy__matrix_headers:
  access-control-allow-headers: "Origin, X-Requested-With, Content-Type, Accept, Authorization"
  access-control-allow-methods: "GET, POST, PUT, DELETE, OPTIONS"
  access-control-allow-origin: "*"

caddy__routes_https:
  www1.test.auro.re:
    - root: /var/www/auro.re
    - path: /.well-known/matrix/server
      headers: "{{ caddy__matrix_headers }}"
      body: '{"m.server": "matrix.auro.re:8448"}'
      status: 200
    - path: /.well-known/matrix/client
      headers: "{{ caddy__matrix_headers }}"
      body: '{"m.homeserver": {"base_url": "https://matrix.auro.re"}}'
      status: 200
  www2.test.auro.re:
    headers:
      location: "https://auro.re{http.request.uri}"
    status: 301
  www3.test.auro.re:
    reverse:
      - "[2a09:6840:128::198]:3000"
      - 10.128.0.198:3000
  grafana.auro.re:
    reverse:
      - "[2a09:6840:128::98]:3000"
      - 10.128.0.98:3000
  nextcloud.auro.re:
    headers:
      location: "https://cloud.auro.re{http.request.uri}"
    status: 301
  cloud.auro.re:
    - path: /.well-known/carddav
      headers:
        location: /remote.php/dav/
      status: 301
    - path: /.well-known/caldav
      headers:
        location: /remote.php/dav/
      status: 301
    - path: /.well-known/webfinger
      headers:
        location: /index.php/.well-known/webfinger
      status: 301
    - path: /.well-known/nodeinfo
      headers:
        location: /index.php/.well-known/nodeinfo
      status: 301
    - path: /remote/*
      rewrite: /remote.php
    - path: /ocm-provider/*
      rewrite: /index.php
    - path: "*.mjs"
      headers:
        content-type: text/javascript
    - reverse:
        - "[2a09:6840:128::58]:8080"
        - 10.128.0.58:8080
      headers:
        x-robots-tag: noindex, nofollow
        referrer-policy: no-referrer
        x-content-type-options: nosniff
        x-frame-options: SAMEORIGIN
        x-permitted-cross-domain-policies: none
        x-xss-protection: "1; mode=block"

caddy__contact_email: tech.aurore@lists.crans.org

caddy__errors:
  - root: "{{ caddy__error_dir }}"
  - rewrite: /error.html
  - file_server: true
    templates: true

caddy__servers:
  https:
    listen: ":443"
    routes: "{{ caddy__routes_https }}"
    errors: "{{ caddy__errors }}"
  http:
    listen: ":80"

...