unkin/puppet-prod
2
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases Wiki Activity

feat: haproxy for *arr stack #83

Merged
unkinben merged 1 commits from neoloc/haproxy_backends into develop 2024-06-29 01:56:53 +10:00
Conversation 0 Commits 1 Files Changed 6 +170
6 changed files with 170 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

95
hieradata/country/au/region/syd1/infra/halb/haproxy.yaml
View File

@ -6,11 +6,21 @@ profiles::haproxy::mappings:
mappings:
- 'au-syd1-pve.main.unkin.net be_ausyd1pve_web'
- 'au-syd1-pve-api.main.unkin.net be_ausyd1pve_api'
- 'sonarr.main.unkin.net be_sonarr'
- 'radarr.main.unkin.net be_radarr'
- 'lidarr.main.unkin.net be_lidarr'
- 'readarr.main.unkin.net be_readarr'
- 'prowlarr.main.unkin.net be_prowlarr'
fe_https:
ensure: present
mappings:
- 'au-syd1-pve.main.unkin.net be_ausyd1pve_web'
- 'au-syd1-pve-api.main.unkin.net be_ausyd1pve_api'
- 'sonarr.main.unkin.net be_sonarr'
- 'radarr.main.unkin.net be_radarr'
- 'lidarr.main.unkin.net be_lidarr'
- 'readarr.main.unkin.net be_readarr'
- 'prowlarr.main.unkin.net be_prowlarr'
profiles::haproxy::frontends:
fe_http:
@ -63,6 +73,86 @@ profiles::haproxy::backends:
- set-header X-Forwarded-Port %[dst_port]
- add-header X-Forwarded-Proto https if { dst_port 443 }
redirect: 'scheme https if !{ ssl_fc }'
be_sonarr:
description: Backend for au-syd1 sonarr
collect_exported: false # handled in custom function
options:
balance: roundrobin
option:
- httpchk GET /
- forwardfor
- http-keep-alive
- prefer-last-server
cookie: SRVNAME insert indirect nocache
http-reuse: always
http-request:
- set-header X-Forwarded-Port %[dst_port]
- add-header X-Forwarded-Proto https if { dst_port 443 }
redirect: 'scheme https if !{ ssl_fc }'
be_radarr:
description: Backend for au-syd1 radarr
collect_exported: false # handled in custom function
options:
balance: roundrobin
option:
- httpchk GET /
- forwardfor
- http-keep-alive
- prefer-last-server
cookie: SRVNAME insert indirect nocache
http-reuse: always
http-request:
- set-header X-Forwarded-Port %[dst_port]
- add-header X-Forwarded-Proto https if { dst_port 443 }
redirect: 'scheme https if !{ ssl_fc }'
be_lidarr:
description: Backend for au-syd1 lidarr
collect_exported: false # handled in custom function
options:
balance: roundrobin
option:
- httpchk GET /
- forwardfor
- http-keep-alive
- prefer-last-server
cookie: SRVNAME insert indirect nocache
http-reuse: always
http-request:
- set-header X-Forwarded-Port %[dst_port]
- add-header X-Forwarded-Proto https if { dst_port 443 }
redirect: 'scheme https if !{ ssl_fc }'
be_readarr:
description: Backend for au-syd1 readarr
collect_exported: false # handled in custom function
options:
balance: roundrobin
option:
- httpchk GET /
- forwardfor
- http-keep-alive
- prefer-last-server
cookie: SRVNAME insert indirect nocache
http-reuse: always
http-request:
- set-header X-Forwarded-Port %[dst_port]
- add-header X-Forwarded-Proto https if { dst_port 443 }
redirect: 'scheme https if !{ ssl_fc }'
be_prowlarr:
description: Backend for au-syd1 prowlarr
collect_exported: false # handled in custom function
options:
balance: roundrobin
option:
- httpchk GET /
- forwardfor
- http-keep-alive
- prefer-last-server
cookie: SRVNAME insert indirect nocache
http-reuse: always
http-request:
- set-header X-Forwarded-Port %[dst_port]
- add-header X-Forwarded-Proto https if { dst_port 443 }
redirect: 'scheme https if !{ ssl_fc }'
profiles::haproxy::certlist::enabled: true
profiles::haproxy::certlist::certificates:
@ -72,6 +162,11 @@ profiles::haproxy::certlist::certificates:
profiles::pki::vault::alt_names:
- au-syd1-pve.main.unkin.net
- au-syd1-pve-api.main.unkin.net
- sonarr.main.unkin.net
- radarr.main.unkin.net
- lidarr.main.unkin.net
- readarr.main.unkin.net
- prowlarr.main.unkin.net
# additional cnames
profiles::haproxy::dns::cnames:

15
site/profiles/manifests/media/lidarr.pp
View File

@ -13,4 +13,19 @@ class profiles::media::lidarr (
cephfs_fs => 'mediafs',
require => Profiles::Ceph::Keyring['media'],
}
# export haproxy balancemember
profiles::haproxy::balancemember { "${facts['networking']['fqdn']}_443":
service => 'be_lidarr',
ports => [443],
options => [
"cookie ${facts['networking']['hostname']}",
'ssl',
'verify none',
'check',
'inter 2s',
'rise 3',
'fall 2',
]
}
}

15
site/profiles/manifests/media/prowlarr.pp
View File

@ -13,4 +13,19 @@ class profiles::media::prowlarr (
cephfs_fs => 'mediafs',
require => Profiles::Ceph::Keyring['media'],
}
# export haproxy balancemember
profiles::haproxy::balancemember { "${facts['networking']['fqdn']}_443":
service => 'be_prowlarr',
ports => [443],
options => [
"cookie ${facts['networking']['hostname']}",
'ssl',
'verify none',
'check',
'inter 2s',
'rise 3',
'fall 2',
]
}
}

15
site/profiles/manifests/media/radarr.pp
View File

@ -13,4 +13,19 @@ class profiles::media::radarr (
cephfs_fs => 'mediafs',
require => Profiles::Ceph::Keyring['media'],
}
# export haproxy balancemember
profiles::haproxy::balancemember { "${facts['networking']['fqdn']}_443":
service => 'be_radarr',
ports => [443],
options => [
"cookie ${facts['networking']['hostname']}",
'ssl',
'verify none',
'check',
'inter 2s',
'rise 3',
'fall 2',
]
}
}

15
site/profiles/manifests/media/readarr.pp
View File

@ -13,4 +13,19 @@ class profiles::media::readarr (
cephfs_fs => 'mediafs',
require => Profiles::Ceph::Keyring['media'],
}
# export haproxy balancemember
profiles::haproxy::balancemember { "${facts['networking']['fqdn']}_443":
service => 'be_readarr',
ports => [443],
options => [
"cookie ${facts['networking']['hostname']}",
'ssl',
'verify none',
'check',
'inter 2s',
'rise 3',
'fall 2',
]
}
}

15
site/profiles/manifests/media/sonarr.pp
View File

@ -13,4 +13,19 @@ class profiles::media::sonarr (
cephfs_fs => 'mediafs',
require => Profiles::Ceph::Keyring['media'],
}
# export haproxy balancemember
profiles::haproxy::balancemember { "${facts['networking']['fqdn']}_443":
service => 'be_sonarr',
ports => [443],
options => [
"cookie ${facts['networking']['hostname']}",
'ssl',
'verify none',
'check',
'inter 2s',
'rise 3',
'fall 2',
]
}
}