unkin/puppet-prod
2
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases Wiki Activity
1,121 Commits 18 Branches 0 Tags 3 MiB
9eff241003
Commit Graph

9 Commits

Author SHA1 Message Date
Ben Vincent
9eff241003 feat: add SMTP submission listener and enhance stalwart configuration (#425) 
- add SMTP submission listener on port 587 with TLS requirement
- configure HAProxy frontend/backend for submission with send-proxy-v2 support
- add send-proxy-v2 support to all listeners
- add dynamic HAProxy node discovery for proxy trusted networks
- use service hostname instead of node FQDN for autoconfig/autodiscover
- remove redundant IMAP/IMAPS/SMTP alt-names from TLS certificates
- update VRRP CNAME configuration to use mail.main.unkin.net

Reviewed-on: #425
 2025-11-09 18:48:06 +11:00
Ben Vincent
1b0fd10fd7 fix: remove . from end of vrrp_cnames (#423) 
- autoconfig/autodiscovery should not end with a dot

Reviewed-on: #423
 2025-11-08 21:38:10 +11:00
Ben Vincent
5b0365c096 feat: manage haproxy for stalwart (#420) 
- add frontends for imap, imaps and smtp
- add backends for webadmin, imap, imaps and smtp

Reviewed-on: #420
 2025-11-08 21:07:43 +11:00
Ben Vincent
62aade77ff feat: add ceph-dashboard to haproxy (#382) 
- add profile to export haproxy backend
- add new cert for dashboard.ceph.unkin.net
- extend balancemember with ipaddress attribute

Reviewed-on: #382
 2025-08-14 11:06:11 +10:00
Ben Vincent
df457306cc feat: add external grafana access (#366) 
- enable access to grafana through haproxy
- ensure grafana cert created from letsencrypt
- enable user access to grafana

Reviewed-on: #366
 2025-07-28 21:07:43 +10:00
Ben Vincent
2d9faf578f feat: add unkin.net domain (#347) 
- manage the unkin.net domain
- ensure forwarding for unkin.net
- split domain from cname list and set zone correctly
- add fafflix to cnames list for haproxy2

Reviewed-on: #347
 2025-07-06 20:02:20 +10:00
Ben Vincent
73362a3bf9 feat: add stick tables for gitea (#345) 
- stick tables are required for docker authentication

Reviewed-on: #345
 2025-07-06 14:42:14 +10:00
Ben Vincent
0063f68bc6 feat: enable external access to gitea (#344) 
- add git.unkin.net to certbot
- export haproxy resources for gitea
- add be_gitea to haproxy, import the certbot cert
- update the ROOT_URL for gitea instances

Reviewed-on: #344
 2025-07-06 13:47:56 +10:00
Ben Vincent
770fd643ac feat: add haproxy2 role (#322) 
- add basic haproxy2 role
- add peers and resolvers
- add haproxy2+ metrics frontend

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/322
 2025-06-28 16:20:06 +10:00