From b82013c2f05f740c99225e789ccc4b5b61b395a9 Mon Sep 17 00:00:00 2001 From: "Rasmus \"Pez\" Wejlgaard" Date: Sat, 25 Apr 2026 18:19:16 +0100 Subject: [PATCH] fix: actually decomission nextcloud and TWDNE (#72) * fix: actually decomission nextcloud and TWDNE * ignore spaces in lint and remove dns for the services * linting on the linting config wasn't linting the lints --- ansible/.ansible-lint | 3 + ansible/README.md | 2 +- ansible/inventory/host_vars/helsinki-a.yml | 7 +- ansible/inventory/host_vars/london-b.yml | 9 +- ansible/services/caddy/Caddyfile.template | 192 ------------------ ansible/services/caddy/README.md | 2 - ansible/services/status-page/update-status.sh | 1 - terraform/cloudflare_dns.tf | 18 -- 8 files changed, 10 insertions(+), 224 deletions(-) create mode 100644 ansible/.ansible-lint delete mode 100644 ansible/services/caddy/Caddyfile.template diff --git a/ansible/.ansible-lint b/ansible/.ansible-lint new file mode 100644 index 0000000..21413c2 --- /dev/null +++ b/ansible/.ansible-lint @@ -0,0 +1,3 @@ +--- +skip_list: + - yaml[braces] diff --git a/ansible/README.md b/ansible/README.md index db63bec..e95f7a9 100644 --- a/ansible/README.md +++ b/ansible/README.md @@ -40,7 +40,7 @@ The deploy playbook runs in stages, each independently taggable: 3. **node-exporter** — Prometheus monitoring agent on all hosts 4. **services** — Per-host service deployment: - `helsinki-a`: Caddy reverse proxy - - `london-b`: Docker Compose services (Nextcloud, Jellyseer, etc.) + - `london-b`: Docker Compose services (Jellyseer, etc.) - `nuremberg-a`: poste.io mail - `copenhagen-a`: Minecraft + MaNGOS systemd services - `london-a`: Prometheus + Grafana (FreeBSD) diff --git a/ansible/inventory/host_vars/helsinki-a.yml b/ansible/inventory/host_vars/helsinki-a.yml index 77d9dab..44d3a82 100644 --- a/ansible/inventory/host_vars/helsinki-a.yml +++ b/ansible/inventory/host_vars/helsinki-a.yml @@ -11,11 +11,8 @@ docker_services: - forgejo - bitwarden -systemd_services: - - thiswebsitedoesnotexist - node_exporter_bind_tailscale: true common_ufw_allowed_ports: - - {port: 80, proto: tcp, comment: "HTTP"} - - {port: 443, proto: tcp, comment: "HTTPS"} + - { port: 80, proto: tcp, comment: "HTTP" } + - { port: 443, proto: tcp, comment: "HTTPS" } diff --git a/ansible/inventory/host_vars/london-b.yml b/ansible/inventory/host_vars/london-b.yml index 74eef67..7f5939f 100644 --- a/ansible/inventory/host_vars/london-b.yml +++ b/ansible/inventory/host_vars/london-b.yml @@ -5,7 +5,6 @@ host_location: "London" prometheus_location: london docker_services: - - nextcloud-aio - jellyseerr - navidrome - slskd @@ -32,7 +31,7 @@ node_exporter_extra_collectors: - zfs common_ufw_allowed_ports: - - {port: 32400, proto: tcp, comment: "Plex Media Server"} - - {port: 6881, proto: tcp, comment: "BitTorrent"} - - {port: 6881, proto: udp, comment: "BitTorrent"} - - {port: 445, proto: tcp, comment: "Samba"} + - { port: 32400, proto: tcp, comment: "Plex Media Server" } + - { port: 6881, proto: tcp, comment: "BitTorrent" } + - { port: 6881, proto: udp, comment: "BitTorrent" } + - { port: 445, proto: tcp, comment: "Samba" } diff --git a/ansible/services/caddy/Caddyfile.template b/ansible/services/caddy/Caddyfile.template deleted file mode 100644 index dfd6a49..0000000 --- a/ansible/services/caddy/Caddyfile.template +++ /dev/null @@ -1,192 +0,0 @@ -# Caddyfile template for helsinki-a reverse proxy -# -# Variables (replace before deploying): -# {{HELSINKI_A_IP}} - helsinki-a Tailscale IP (currently 100.67.6.27) -# {{LONDON_A_IP}} - london-a Tailscale IP (currently 100.122.219.41) -# {{LONDON_B_IP}} - london-b Tailscale IP (currently 100.84.65.101) -# {{AUTHELIA_PORT}} - Authelia port (currently 9091) -# {{DOMAIN_PRIMARY}} - Primary domain (currently pez.sh) -# {{DOMAIN_ALT}} - Alternate domain (currently pez.solutions) -# -# Authelia forward_auth pattern: see README.md for details. - -{ - admin {{HELSINKI_A_IP}}:2019 - metrics { - per_host - } -} - -# ============================================================ -# Snippet: Authelia forward_auth -# Include with `import authelia` inside any site block. -# ============================================================ -(authelia) { - forward_auth localhost:{{AUTHELIA_PORT}} { - uri /api/authz/forward-auth - copy_headers Remote-User Remote-Groups Remote-Name Remote-Email - } -} - -## LONDON-A SERVICES ## - -# Grafana -grafana.{{DOMAIN_ALT}}, grafana.{{DOMAIN_PRIMARY}} { - import authelia - reverse_proxy {{LONDON_A_IP}}:3000 -} - -# Prometheus -prometheus.{{DOMAIN_ALT}}, prometheus.{{DOMAIN_PRIMARY}} { - import authelia - reverse_proxy {{LONDON_A_IP}}:9090 -} - -## LONDON-B SERVICES ## - -# Jellyfin (no auth — has its own login) -jellyfin.{{DOMAIN_ALT}}, jellyfin.{{DOMAIN_PRIMARY}} { - reverse_proxy {{LONDON_B_IP}}:8096 -} - -# Plex (no auth — has its own login) -plex.{{DOMAIN_ALT}}, plex.{{DOMAIN_PRIMARY}} { - reverse_proxy {{LONDON_B_IP}}:32400 -} - -# Radarr -radarr.{{DOMAIN_ALT}}, radarr.{{DOMAIN_PRIMARY}} { - import authelia - reverse_proxy {{LONDON_B_IP}}:7878 -} - -# Sonarr -sonarr.{{DOMAIN_ALT}}, sonarr.{{DOMAIN_PRIMARY}} { - import authelia - reverse_proxy {{LONDON_B_IP}}:8989 -} - -# Lidarr -lidarr.{{DOMAIN_ALT}}, lidarr.{{DOMAIN_PRIMARY}} { - import authelia - reverse_proxy {{LONDON_B_IP}}:8686 -} - -# Readarr -readarr.{{DOMAIN_ALT}}, readarr.{{DOMAIN_PRIMARY}} { - import authelia - reverse_proxy {{LONDON_B_IP}}:8787 -} - -# slskd (Soulseek) -soulseek.{{DOMAIN_ALT}}, soulseek.{{DOMAIN_PRIMARY}} { - import authelia - reverse_proxy {{LONDON_B_IP}}:5030 -} - -# Prowlarr -prowlarr.{{DOMAIN_ALT}}, prowlarr.{{DOMAIN_PRIMARY}} { - import authelia - reverse_proxy {{LONDON_B_IP}}:9696 -} - -# Transmission -download.{{DOMAIN_ALT}}, download.{{DOMAIN_PRIMARY}} { - import authelia - reverse_proxy {{LONDON_B_IP}}:9091 -} - -# Overseerr (no auth — has its own login) -request.{{DOMAIN_ALT}}, request.{{DOMAIN_PRIMARY}} { - reverse_proxy {{LONDON_B_IP}}:5055 -} - -# Jellyseerr (no auth — has its own login) -jellyfin-requests.{{DOMAIN_ALT}}, jellyfin-requests.{{DOMAIN_PRIMARY}} { - reverse_proxy {{LONDON_B_IP}}:5056 -} - -# Nextcloud AIO -https://cloud.{{DOMAIN_PRIMARY}}:443 { - reverse_proxy {{LONDON_B_IP}}:11000 -} - -# Navidrome -music.{{DOMAIN_PRIMARY}} { - reverse_proxy {{LONDON_B_IP}}:4533 -} - -# Miniflux RSS -rss.{{DOMAIN_PRIMARY}} { - import authelia - reverse_proxy {{LONDON_B_IP}}:8181 -} - -## HELSINKI-A SERVICES (localhost) ## - -# Bitwarden -https://bitwarden.{{DOMAIN_PRIMARY}} { - reverse_proxy localhost:8443 { - transport http { - tls_insecure_skip_verify - } - } -} - -# Authelia portal -auth.{{DOMAIN_ALT}}, auth.{{DOMAIN_PRIMARY}} { - reverse_proxy localhost:{{AUTHELIA_PORT}} -} - -# LLDAP web UI -ldap.{{DOMAIN_PRIMARY}} { - reverse_proxy 127.0.0.1:17170 -} - -# Apps dashboard -apps.{{DOMAIN_ALT}}, apps.{{DOMAIN_PRIMARY}} { - root * /srv/apps - import authelia - file_server -} - -# Static sites -{{DOMAIN_ALT}} { - root * /srv/pez.solutions - file_server -} - -cloud.{{DOMAIN_ALT}} { - root * /srv/cloud.pez.solutions - file_server -} - -{{DOMAIN_PRIMARY}} { - root * /srv/pez.sh - file_server -} - -signup.{{DOMAIN_ALT}} { - root * /srv/pez-signup - file_server -} - -naveen.{{DOMAIN_PRIMARY}} { - root * /srv/naveen - file_server -} - -status.{{DOMAIN_PRIMARY}} { - root * /srv/status - file_server -} - -# Forgejo (auth handled by Forgejo itself) -git.{{DOMAIN_PRIMARY}} { - reverse_proxy localhost:3000 -} - -# This Website Does Not Exist -thiswebsitedoesnotexist.{{DOMAIN_PRIMARY}} { - reverse_proxy localhost:3721 -} diff --git a/ansible/services/caddy/README.md b/ansible/services/caddy/README.md index 29770ee..ff920e4 100644 --- a/ansible/services/caddy/README.md +++ b/ansible/services/caddy/README.md @@ -85,7 +85,6 @@ forward_auth localhost:9091 { | Apps dashboard | Authelia | Internal apps page | | Jellyfin, Plex | Own auth | Have built-in user management | | Overseerr, Jellyseerr | Own auth | Have built-in user management | -| Nextcloud | Own auth | Has built-in user management | | Navidrome (music) | No auth* | Accessible directly | | Bitwarden | Own auth | Has built-in vault auth | | Forgejo (git) | Own auth | Has built-in user management | @@ -124,5 +123,4 @@ The `Caddyfile.template` replaces hardcoded values with placeholders: - The live Caddyfile on helsinki-a is at `/etc/caddy/Caddyfile` - Caddy auto-provisions TLS certificates for all listed domains -- Commented-out WebDAV block was replaced by the Nextcloud AIO reverse proxy - Static sites (`pez.sh`, `pez.solutions`, etc.) are served from `/srv/` on helsinki-a diff --git a/ansible/services/status-page/update-status.sh b/ansible/services/status-page/update-status.sh index 66f329b..96764d1 100755 --- a/ansible/services/status-page/update-status.sh +++ b/ansible/services/status-page/update-status.sh @@ -24,7 +24,6 @@ SERVICE_MAP["100.84.65.101:8787"]="Readarr" SERVICE_MAP["100.84.65.101:8989"]="Sonarr" SERVICE_MAP["100.84.65.101:9091"]="Transmission" SERVICE_MAP["100.84.65.101:9696"]="Prowlarr" -SERVICE_MAP["100.84.65.101:11000"]="Nextcloud" SERVICE_MAP["localhost:9091"]="Authelia" SERVICE_MAP["100.84.65.101:8181"]="Miniflux" SERVICE_MAP["localhost:3000"]="Forgejo" diff --git a/terraform/cloudflare_dns.tf b/terraform/cloudflare_dns.tf index 0f2b347..5472a33 100644 --- a/terraform/cloudflare_dns.tf +++ b/terraform/cloudflare_dns.tf @@ -36,15 +36,6 @@ resource "cloudflare_dns_record" "bitwarden" { ttl = 1 } -resource "cloudflare_dns_record" "cloud" { - zone_id = cloudflare_zone.pez-sh.id - name = "cloud" - type = "A" - content = hcloud_server.helsinki-a.ipv4_address - proxied = false - ttl = 1 -} - resource "cloudflare_dns_record" "download" { zone_id = cloudflare_zone.pez-sh.id name = "download" @@ -252,15 +243,6 @@ resource "cloudflare_dns_record" "status" { ttl = 1 } -resource "cloudflare_dns_record" "thiswebsitedoesnotexist" { - zone_id = cloudflare_zone.pez-sh.id - name = "thiswebsitedoesnotexist" - type = "A" - content = hcloud_server.helsinki-a.ipv4_address - proxied = true - ttl = 1 -} - resource "cloudflare_dns_record" "wow" { zone_id = cloudflare_zone.pez-sh.id name = "wow"