unkin/puppet-prod
2
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request 'feat: haproxy for *arr stack' (#83) from neoloc/haproxy_backends into develop

Browse Source 
Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/83
This commit is contained in:
Ben Vincent 2024-06-29 01:56:52 +10:00
commit 9b9f64ca95
6 changed files with 170 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

95
hieradata/country/au/region/syd1/infra/halb/haproxy.yaml
View File

@ -6,11 +6,21 @@ profiles::haproxy::mappings:
mappings: mappings:
- 'au-syd1-pve.main.unkin.net be_ausyd1pve_web' - 'au-syd1-pve.main.unkin.net be_ausyd1pve_web'
- 'au-syd1-pve-api.main.unkin.net be_ausyd1pve_api' - 'au-syd1-pve-api.main.unkin.net be_ausyd1pve_api'
- 'sonarr.main.unkin.net be_sonarr'
- 'radarr.main.unkin.net be_radarr'
- 'lidarr.main.unkin.net be_lidarr'
- 'readarr.main.unkin.net be_readarr'
- 'prowlarr.main.unkin.net be_prowlarr'
fe_https: fe_https:
ensure: present ensure: present
mappings: mappings:
- 'au-syd1-pve.main.unkin.net be_ausyd1pve_web' - 'au-syd1-pve.main.unkin.net be_ausyd1pve_web'
- 'au-syd1-pve-api.main.unkin.net be_ausyd1pve_api' - 'au-syd1-pve-api.main.unkin.net be_ausyd1pve_api'
- 'sonarr.main.unkin.net be_sonarr'
- 'radarr.main.unkin.net be_radarr'
- 'lidarr.main.unkin.net be_lidarr'
- 'readarr.main.unkin.net be_readarr'
- 'prowlarr.main.unkin.net be_prowlarr'
profiles::haproxy::frontends: profiles::haproxy::frontends:
fe_http: fe_http:
@ -63,6 +73,86 @@ profiles::haproxy::backends:
- set-header X-Forwarded-Port %[dst_port] - set-header X-Forwarded-Port %[dst_port]
- add-header X-Forwarded-Proto https if { dst_port 443 } - add-header X-Forwarded-Proto https if { dst_port 443 }
redirect: 'scheme https if !{ ssl_fc }' redirect: 'scheme https if !{ ssl_fc }'
be_sonarr:
description: Backend for au-syd1 sonarr
collect_exported: false # handled in custom function
options:
balance: roundrobin
option:
- httpchk GET /
- forwardfor
- http-keep-alive
- prefer-last-server
cookie: SRVNAME insert indirect nocache
http-reuse: always
http-request:
- set-header X-Forwarded-Port %[dst_port]
- add-header X-Forwarded-Proto https if { dst_port 443 }
redirect: 'scheme https if !{ ssl_fc }'
be_radarr:
description: Backend for au-syd1 radarr
collect_exported: false # handled in custom function
options:
balance: roundrobin
option:
- httpchk GET /
- forwardfor
- http-keep-alive
- prefer-last-server
cookie: SRVNAME insert indirect nocache
http-reuse: always
http-request:
- set-header X-Forwarded-Port %[dst_port]
- add-header X-Forwarded-Proto https if { dst_port 443 }
redirect: 'scheme https if !{ ssl_fc }'
be_lidarr:
description: Backend for au-syd1 lidarr
collect_exported: false # handled in custom function
options:
balance: roundrobin
option:
- httpchk GET /
- forwardfor
- http-keep-alive
- prefer-last-server
cookie: SRVNAME insert indirect nocache
http-reuse: always
http-request:
- set-header X-Forwarded-Port %[dst_port]
- add-header X-Forwarded-Proto https if { dst_port 443 }
redirect: 'scheme https if !{ ssl_fc }'
be_readarr:
description: Backend for au-syd1 readarr
collect_exported: false # handled in custom function
options:
balance: roundrobin
option:
- httpchk GET /
- forwardfor
- http-keep-alive
- prefer-last-server
cookie: SRVNAME insert indirect nocache
http-reuse: always
http-request:
- set-header X-Forwarded-Port %[dst_port]
- add-header X-Forwarded-Proto https if { dst_port 443 }
redirect: 'scheme https if !{ ssl_fc }'
be_prowlarr:
description: Backend for au-syd1 prowlarr
collect_exported: false # handled in custom function
options:
balance: roundrobin
option:
- httpchk GET /
- forwardfor
- http-keep-alive
- prefer-last-server
cookie: SRVNAME insert indirect nocache
http-reuse: always
http-request:
- set-header X-Forwarded-Port %[dst_port]
- add-header X-Forwarded-Proto https if { dst_port 443 }
redirect: 'scheme https if !{ ssl_fc }'
profiles::haproxy::certlist::enabled: true profiles::haproxy::certlist::enabled: true
profiles::haproxy::certlist::certificates: profiles::haproxy::certlist::certificates:
@ -72,6 +162,11 @@ profiles::haproxy::certlist::certificates:
profiles::pki::vault::alt_names: profiles::pki::vault::alt_names:
- au-syd1-pve.main.unkin.net - au-syd1-pve.main.unkin.net
- au-syd1-pve-api.main.unkin.net - au-syd1-pve-api.main.unkin.net
- sonarr.main.unkin.net
- radarr.main.unkin.net
- lidarr.main.unkin.net
- readarr.main.unkin.net
- prowlarr.main.unkin.net
# additional cnames # additional cnames
profiles::haproxy::dns::cnames: profiles::haproxy::dns::cnames:

15
site/profiles/manifests/media/lidarr.pp
View File

@ -13,4 +13,19 @@ class profiles::media::lidarr (
cephfs_fs => 'mediafs', cephfs_fs => 'mediafs',
require => Profiles::Ceph::Keyring['media'], require => Profiles::Ceph::Keyring['media'],
} }
# export haproxy balancemember
profiles::haproxy::balancemember { "${facts['networking']['fqdn']}_443":
service => 'be_lidarr',
ports => [443],
options => [
"cookie ${facts['networking']['hostname']}",
'ssl',
'verify none',
'check',
'inter 2s',
'rise 3',
'fall 2',
]
}
} }

15
site/profiles/manifests/media/prowlarr.pp
View File

@ -13,4 +13,19 @@ class profiles::media::prowlarr (
cephfs_fs => 'mediafs', cephfs_fs => 'mediafs',
require => Profiles::Ceph::Keyring['media'], require => Profiles::Ceph::Keyring['media'],
} }
# export haproxy balancemember
profiles::haproxy::balancemember { "${facts['networking']['fqdn']}_443":
service => 'be_prowlarr',
ports => [443],
options => [
"cookie ${facts['networking']['hostname']}",
'ssl',
'verify none',
'check',
'inter 2s',
'rise 3',
'fall 2',
]
}
} }

15
site/profiles/manifests/media/radarr.pp
View File

@ -13,4 +13,19 @@ class profiles::media::radarr (
cephfs_fs => 'mediafs', cephfs_fs => 'mediafs',
require => Profiles::Ceph::Keyring['media'], require => Profiles::Ceph::Keyring['media'],
} }
# export haproxy balancemember
profiles::haproxy::balancemember { "${facts['networking']['fqdn']}_443":
service => 'be_radarr',
ports => [443],
options => [
"cookie ${facts['networking']['hostname']}",
'ssl',
'verify none',
'check',
'inter 2s',
'rise 3',
'fall 2',
]
}
} }

15
site/profiles/manifests/media/readarr.pp
View File

@ -13,4 +13,19 @@ class profiles::media::readarr (
cephfs_fs => 'mediafs', cephfs_fs => 'mediafs',
require => Profiles::Ceph::Keyring['media'], require => Profiles::Ceph::Keyring['media'],
} }
# export haproxy balancemember
profiles::haproxy::balancemember { "${facts['networking']['fqdn']}_443":
service => 'be_readarr',
ports => [443],
options => [
"cookie ${facts['networking']['hostname']}",
'ssl',
'verify none',
'check',
'inter 2s',
'rise 3',
'fall 2',
]
}
} }

15
site/profiles/manifests/media/sonarr.pp
View File

@ -13,4 +13,19 @@ class profiles::media::sonarr (
cephfs_fs => 'mediafs', cephfs_fs => 'mediafs',
require => Profiles::Ceph::Keyring['media'], require => Profiles::Ceph::Keyring['media'],
} }
# export haproxy balancemember
profiles::haproxy::balancemember { "${facts['networking']['fqdn']}_443":
service => 'be_sonarr',
ports => [443],
options => [
"cookie ${facts['networking']['hostname']}",
'ssl',
'verify none',
'check',
'inter 2s',
'rise 3',
'fall 2',
]
}
} }