Merge branch 'develop' into neoloc/nzbget
This commit is contained in:
@@ -132,7 +132,9 @@ lookup_options:
|
||||
profiles::nginx::simpleproxy::locations:
|
||||
merge:
|
||||
strategy: deep
|
||||
|
||||
certbot::client::domains:
|
||||
merge:
|
||||
strategy: deep
|
||||
|
||||
facts_path: '/opt/puppetlabs/facter/facts.d'
|
||||
|
||||
|
||||
@@ -1,2 +1,3 @@
|
||||
---
|
||||
timezone::timezone: 'Australia/Sydney'
|
||||
certbot::client::webserver: ausyd1nxvm1021.main.unkin.net
|
||||
|
||||
@@ -12,6 +12,7 @@ profiles::haproxy::mappings:
|
||||
- 'readarr.main.unkin.net be_readarr'
|
||||
- 'prowlarr.main.unkin.net be_prowlarr'
|
||||
- 'jellyfin.main.unkin.net be_jellyfin'
|
||||
- 'fafflix.unkin.net be_jellyfin'
|
||||
fe_https:
|
||||
ensure: present
|
||||
mappings:
|
||||
@@ -23,6 +24,7 @@ profiles::haproxy::mappings:
|
||||
- 'readarr.main.unkin.net be_readarr'
|
||||
- 'prowlarr.main.unkin.net be_prowlarr'
|
||||
- 'jellyfin.main.unkin.net be_jellyfin'
|
||||
- 'fafflix.unkin.net be_jellyfin'
|
||||
|
||||
profiles::haproxy::frontends:
|
||||
fe_http:
|
||||
@@ -32,12 +34,14 @@ profiles::haproxy::frontends:
|
||||
fe_https:
|
||||
options:
|
||||
acl:
|
||||
- 'acl_ausyd1pve req.hdr(host) -i https://au-syd1-pve.main.unkin.net'
|
||||
- 'acl_sonarr req.hdr(host) -i https://sonarr.main.unkin.net'
|
||||
- 'acl_radarr req.hdr(host) -i https://radarr.main.unkin.net'
|
||||
- 'acl_lidarr req.hdr(host) -i https://lidarr.main.unkin.net'
|
||||
- 'acl_readarr req.hdr(host) -i https://readarr.main.unkin.net'
|
||||
- 'acl_prowlarr req.hdr(host) -i https://prowlarr.main.unkin.net'
|
||||
- 'acl_ausyd1pve req.hdr(host) -i au-syd1-pve.main.unkin.net'
|
||||
- 'acl_sonarr req.hdr(host) -i sonarr.main.unkin.net'
|
||||
- 'acl_radarr req.hdr(host) -i radarr.main.unkin.net'
|
||||
- 'acl_lidarr req.hdr(host) -i lidarr.main.unkin.net'
|
||||
- 'acl_readarr req.hdr(host) -i readarr.main.unkin.net'
|
||||
- 'acl_prowlarr req.hdr(host) -i prowlarr.main.unkin.net'
|
||||
- 'acl_jellyfin req.hdr(host) -i jellyfin.main.unkin.net'
|
||||
- 'acl_fafflix req.hdr(host) -i fafflix.unkin.net'
|
||||
- 'acl_internalsubnets src 198.18.0.0/16 10.10.12.0/24'
|
||||
use_backend:
|
||||
- "%[req.hdr(host),lower,map(/etc/haproxy/fe_https.map,be_default)]"
|
||||
@@ -50,6 +54,8 @@ profiles::haproxy::frontends:
|
||||
- 'set-header X-Frame-Options DENY if acl_lidarr'
|
||||
- 'set-header X-Frame-Options DENY if acl_readarr'
|
||||
- 'set-header X-Frame-Options DENY if acl_prowlarr'
|
||||
- 'set-header X-Frame-Options DENY if acl_jellyfin'
|
||||
- 'set-header X-Frame-Options DENY if acl_fafflix'
|
||||
- 'set-header X-Content-Type-Options nosniff'
|
||||
- 'set-header X-XSS-Protection 1;mode=block'
|
||||
|
||||
@@ -184,10 +190,29 @@ profiles::haproxy::backends:
|
||||
|
||||
profiles::haproxy::certlist::enabled: true
|
||||
profiles::haproxy::certlist::certificates:
|
||||
- /etc/pki/tls/letsencrypt/au-syd1-pve.main.unkin.net/fullchain_combined.pem
|
||||
- /etc/pki/tls/letsencrypt/au-syd1-pve-api.main.unkin.net/fullchain_combined.pem
|
||||
- /etc/pki/tls/letsencrypt/sonarr.main.unkin.net/fullchain_combined.pem
|
||||
- /etc/pki/tls/letsencrypt/radarr.main.unkin.net/fullchain_combined.pem
|
||||
- /etc/pki/tls/letsencrypt/lidarr.main.unkin.net/fullchain_combined.pem
|
||||
- /etc/pki/tls/letsencrypt/readarr.main.unkin.net/fullchain_combined.pem
|
||||
- /etc/pki/tls/letsencrypt/prowlarr.main.unkin.net/fullchain_combined.pem
|
||||
- /etc/pki/tls/letsencrypt/fafflix.unkin.net/fullchain_combined.pem
|
||||
- /etc/pki/tls/vault/certificate.pem
|
||||
|
||||
# additional altnames
|
||||
profiles::pki::vault::alt_names:
|
||||
- au-syd1-pve.main.unkin.net
|
||||
- au-syd1-pve-api.main.unkin.net
|
||||
- jellyfin.main.unkin.net
|
||||
|
||||
# additional cnames
|
||||
profiles::haproxy::dns::cnames:
|
||||
- au-syd1-pve.main.unkin.net
|
||||
- au-syd1-pve-api.main.unkin.net
|
||||
|
||||
# letsencrypt certificates
|
||||
certbot::client::domains:
|
||||
- au-syd1-pve.main.unkin.net
|
||||
- au-syd1-pve-api.main.unkin.net
|
||||
- sonarr.main.unkin.net
|
||||
@@ -195,9 +220,4 @@ profiles::pki::vault::alt_names:
|
||||
- lidarr.main.unkin.net
|
||||
- readarr.main.unkin.net
|
||||
- prowlarr.main.unkin.net
|
||||
- jellyfin.main.unkin.net
|
||||
|
||||
# additional cnames
|
||||
profiles::haproxy::dns::cnames:
|
||||
- au-syd1-pve.main.unkin.net
|
||||
- au-syd1-pve-api.main.unkin.net
|
||||
- fafflix.unkin.net
|
||||
|
||||
@@ -0,0 +1,7 @@
|
||||
---
|
||||
networking::interfaces:
|
||||
eth0:
|
||||
ipaddress: 198.18.13.58
|
||||
networking::routes:
|
||||
default:
|
||||
gateway: 198.18.13.254
|
||||
@@ -73,4 +73,5 @@ profiles::yum::global::repos:
|
||||
target: /etc/yum.repos.d/unkin.repo
|
||||
baseurl: https://git.query.consul/api/packages/unkinben/rpm/el%{facts.os.release.major}
|
||||
gpgkey: https://git.query.consul/api/packages/unkinben/rpm/repository.key
|
||||
gpgcheck: false
|
||||
mirrorlist: absent
|
||||
|
||||
@@ -48,7 +48,7 @@ glauth::users:
|
||||
user_name: 'benvin'
|
||||
givenname: 'Ben'
|
||||
sn: 'Vincent'
|
||||
mail: 'ben@users.main.unkin.net'
|
||||
mail: 'benvin@users.main.unkin.net'
|
||||
uidnumber: 20000
|
||||
primarygroup: 20000
|
||||
othergroups:
|
||||
@@ -64,6 +64,23 @@ glauth::users:
|
||||
passsha256: 'd2434f6b4764ef75d5b7b96a876a32deedbd6aa726a109c3f32e823ca66f604a'
|
||||
sshkeys:
|
||||
- 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZ8SRLlPiDylBpdWR9LpvPg4fDVD+DZst4yRPFwMMhta4mnB1H9XuvZkptDhXywWQ7QIcqa2WbhCen0OQJCtwn3s7EYtacmF5MxmwBYocPoK2AArGuh6NA9rwTdLrPdzhZ+gwe88PAzRLNzjm0ZBR+mA9saMbPJdqpKp0AWeAM8QofRQAWuCzQg9i0Pn1KDMvVDRHCZof4pVlHSTyHNektq4ifovn0zhKC8jD/cYu95mc5ftBbORexpGiQWwQ3HZw1IBe0ZETB1qPIPwsoJpt3suvMrL6T2//fcIIUE3TcyJKb/yhztja4TZs5jT8370G/vhlT70He0YPxqHub8ZfBv0khlkY93VBWYpNGJwM1fVqlw7XbfBNdOuJivJac8eW317ZdiDnKkBTxapThpPG3et9ib1HoPGKRsd/fICzNz16h2R3tddSdihTFL+bmTCa6Lo+5t5uRuFjQvhSLSgO2/gRAprc3scYOB4pY/lxOFfq3pU2VvSJtRgLNEYMUYKk= ben@unkin.net'
|
||||
matsol:
|
||||
user_name: 'matsol'
|
||||
givenname: 'Matt'
|
||||
sn: 'Solomon'
|
||||
mail: 'matsol@users.main.unkin.net'
|
||||
uidnumber: 20001
|
||||
primarygroup: 20000
|
||||
othergroups:
|
||||
- 20010
|
||||
- 20011
|
||||
- 20012
|
||||
- 20013
|
||||
- 20014
|
||||
- 20015
|
||||
loginshell: '/bin/bash'
|
||||
homedir: '/home/matsol'
|
||||
passsha256: '369263e2455a57c8c21388860c417b640fcf045a303cfc88def18c5197493600'
|
||||
|
||||
glauth::services:
|
||||
svc_jellyfin:
|
||||
|
||||
@@ -53,6 +53,8 @@ profiles::haproxy::frontends:
|
||||
options:
|
||||
acl:
|
||||
- 'acl-letsencrypt path_beg /.well-known/acme-challenge/'
|
||||
use_backend:
|
||||
- 'be_letsencrypt if acl-letsencrypt'
|
||||
http-request:
|
||||
- 'set-header X-Forwarded-Proto https'
|
||||
- 'set-header X-Real-IP %[src]'
|
||||
@@ -68,6 +70,8 @@ profiles::haproxy::frontends:
|
||||
options:
|
||||
acl:
|
||||
- 'acl-letsencrypt path_beg /.well-known/acme-challenge/'
|
||||
use_backend:
|
||||
- 'be_letsencrypt if acl-letsencrypt'
|
||||
http-request:
|
||||
- 'set-header X-Forwarded-Proto https'
|
||||
- 'set-header X-Real-IP %[src]'
|
||||
|
||||
@@ -0,0 +1,2 @@
|
||||
---
|
||||
certbot::contact: ENC[PKCS7,MIIBeQYJKoZIhvcNAQcDoIIBajCCAWYCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAJxDjhvXONEm7VoZ74dBxOPxFAw9RrI2WOK1P5YiIWiXUkoOhQpPzy0PUlI4970ActfTi9Kr9fnyZJWr/7TQ/5GQuYvVxMcfWbOmIOA+6CCjR/PWR06lWQuq7eTmwTzQjw7teFZrpXmqutAMNAUEAmPBBKNKfKbOaFz4IWwph1TuXtXDuveu/RE2+8znWukhF92DuFBJSuw6SMDympdbgceq/guQAInMjIXwmCIa7DWCWYDSKw04Ai8yDnYoqaNRs0acbZV6slH49i/cOE6GKTxO8+vR/3TkjEvKH8lY2l37ndH9+pe58arKflm/Inik0zy0TBnHq7/AMmEpRtV0usTA8BgkqhkiG9w0BBwEwHQYJYIZIAWUDBAEqBBBUgafckUM981Pb6hn2/9KMgBAblakRJjULF7aZwx/PT09s]
|
||||
@@ -0,0 +1,14 @@
|
||||
---
|
||||
hiera_include:
|
||||
- certbot
|
||||
- profiles::pki::puppetcerts
|
||||
|
||||
certbot::domains:
|
||||
- au-syd1-pve.main.unkin.net
|
||||
- au-syd1-pve-api.main.unkin.net
|
||||
- sonarr.main.unkin.net
|
||||
- radarr.main.unkin.net
|
||||
- lidarr.main.unkin.net
|
||||
- readarr.main.unkin.net
|
||||
- prowlarr.main.unkin.net
|
||||
- fafflix.unkin.net
|
||||
Reference in New Issue
Block a user