144 lines
3.7 KiB
YAML
144 lines
3.7 KiB
YAML
---
|
|
certbot_certificates:
|
|
- domains:
|
|
- monitor.kill0.net
|
|
email: rcavicchioni@gmail.com
|
|
- domains:
|
|
- git.kill0.net
|
|
email: rcavicchioni@gmail.com
|
|
- domains:
|
|
- stats.kill0.net
|
|
email: rcavicchioni@gmail.com
|
|
- domains:
|
|
- jump0.kill0.net
|
|
email: rcavicchioni@gmail.com
|
|
- domains:
|
|
- dl.kill0.net
|
|
email: rcavicchioni@gmail.com
|
|
- domains:
|
|
- cavi.cc
|
|
email: rcavicchioni@gmail.com
|
|
- domains:
|
|
- proxy.kill0.net
|
|
email: rcavicchioni@gmail.com
|
|
|
|
lego_user_environ:
|
|
GCE_PROJECT: kill0-net
|
|
GCE_SERVICE_ACCOUNT_FILE: "{{ lego_etc_dir_path }}/credentials.json"
|
|
|
|
lego_bin_user_args:
|
|
- --email rcavicchioni@gmail.com
|
|
- --dns gcloud
|
|
|
|
lego_bin_renew_user_args:
|
|
- --renew-hook "systemctl reload nginx"
|
|
|
|
lego_domains:
|
|
- name: cavi.cc
|
|
- name: dl.kill0.net
|
|
- name: git.kill0.net
|
|
- name: monitor.kill0.net
|
|
- name: proxy.kill0.net
|
|
- name: stats.kill0.net
|
|
|
|
autossh_config: []
|
|
|
|
wireguard_interfaces:
|
|
wg0:
|
|
address:
|
|
- 169.254.0.1/24
|
|
- fc00::ffff:169.254.0.1/64
|
|
private_key: "{{ vault_wireguard_private_keys.wg0 }}"
|
|
listen_port: 51820
|
|
table: 'off'
|
|
wg1:
|
|
address:
|
|
- 192.168.255.1/24
|
|
- fc01::ffff:192.168.255.1/128
|
|
- 2600:3c00:e000:343::ffff:192.168.255.1/128
|
|
private_key: "{{ vault_wireguard_private_keys.wg1 }}"
|
|
listen_port: 51821
|
|
|
|
restic_tidy_enabled: true
|
|
|
|
nginx_htpasswd_files: "{{ vault_nginx_htpasswd_files }}"
|
|
|
|
nginx_vhosts:
|
|
cavicc:
|
|
server:
|
|
- server_name: cavi.cc
|
|
root: /var/www/cavicc
|
|
listen:
|
|
- 80
|
|
- "[::]:80"
|
|
raw: |
|
|
location / {
|
|
return 301 https://$server_name$request_uri;
|
|
}
|
|
- server_name: cavi.cc
|
|
root: /var/www/cavicc
|
|
listen:
|
|
- 443 ssl
|
|
- "[::]:443 ssl"
|
|
ssl_certificate: /var/lib/lego/certificates/cavi.cc.crt
|
|
ssl_certificate_key: /var/lib/lego/certificates/cavi.cc.key
|
|
# ssl_certificate: /etc/letsencrypt/live/cavi.cc/fullchain.pem
|
|
# ssl_certificate_key: /etc/letsencrypt/live/cavi.cc/privkey.pem
|
|
raw: |
|
|
location / {
|
|
add_header Alt-Svc 'h3=":$server_port"; ma=86400';
|
|
}
|
|
|
|
proxy:
|
|
upstream:
|
|
- name: loki_backend
|
|
server:
|
|
- localhost:3100
|
|
#- name: prometheus_backend
|
|
# server:
|
|
# - localhost:9090
|
|
map:
|
|
- name: $http_upgrade
|
|
variable: $connection_upgrade
|
|
content:
|
|
default: upgrade
|
|
'': close
|
|
server:
|
|
- server_name: proxy.kill0.net
|
|
root: /var/empty
|
|
listen:
|
|
- 80
|
|
- "[::]:80"
|
|
raw: |
|
|
location / {
|
|
return 301 https://$server_name$request_uri;
|
|
}
|
|
- server_name: proxy.kill0.net
|
|
root: /var/empty
|
|
listen:
|
|
- 443 ssl
|
|
- "[::]:443 ssl"
|
|
# ssl_certificate: /etc/letsencrypt/live/proxy.kill0.net/fullchain.pem
|
|
# ssl_certificate_key: /etc/letsencrypt/live/proxy.kill0.net/privkey.pem
|
|
ssl_certificate: /var/lib/lego/certificates/proxy.kill0.net.crt
|
|
ssl_certificate_key: /var/lib/lego/certificates/proxy.kill0.net.key
|
|
raw: |
|
|
auth_basic "Proxy";
|
|
auth_basic_user_file /etc/nginx/proxy.htpasswd;
|
|
|
|
location / {
|
|
add_header Alt-Svc 'h3=":$server_port"; ma=86400';
|
|
}
|
|
|
|
location /loki {
|
|
proxy_http_version 1.1;
|
|
proxy_pass http://loki_backend;
|
|
proxy_set_header Connection $connection_upgrade;
|
|
proxy_set_header Host $http_host;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
}
|
|
|
|
location /prometheus/ {
|
|
proxy_pass http://prometheus_backend/;
|
|
}
|