RWejlgaard/pez-infra
1
0
Fork 0
mirror of https://github.com/RWejlgaard/pez-infra.git synced 2026-05-06 04:14:43 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

fix: actually decomission nextcloud and TWDNE (#72)

Browse source 
* fix: actually decomission nextcloud and TWDNE

* ignore spaces in lint and remove dns for the services

* linting on the linting config wasn't linting the lints
This commit is contained in:
Rasmus Wejlgaard 2026-04-25 18:19:16 +01:00 committed by GitHub
parent 35c5079d8f
commit b82013c2f0
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
8 changed files with 10 additions and 224 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
ansible/.ansible-lint Normal file
View file

@ -0,0 +1,3 @@
---
skip_list:
- yaml[braces]

2
ansible/README.md
View file

@ -40,7 +40,7 @@ The deploy playbook runs in stages, each independently taggable:
3. **node-exporter** — Prometheus monitoring agent on all hosts 3. **node-exporter** — Prometheus monitoring agent on all hosts
4. **services** — Per-host service deployment: 4. **services** — Per-host service deployment:
- `helsinki-a`: Caddy reverse proxy - `helsinki-a`: Caddy reverse proxy
- `london-b`: Docker Compose services (Nextcloud, Jellyseer, etc.) - `london-b`: Docker Compose services (Jellyseer, etc.)
- `nuremberg-a`: poste.io mail - `nuremberg-a`: poste.io mail
- `copenhagen-a`: Minecraft + MaNGOS systemd services - `copenhagen-a`: Minecraft + MaNGOS systemd services
- `london-a`: Prometheus + Grafana (FreeBSD) - `london-a`: Prometheus + Grafana (FreeBSD)

3
ansible/inventory/host_vars/helsinki-a.yml
View file

@ -11,9 +11,6 @@ docker_services:
- forgejo - forgejo
- bitwarden - bitwarden
systemd_services:
- thiswebsitedoesnotexist
node_exporter_bind_tailscale: true node_exporter_bind_tailscale: true
common_ufw_allowed_ports: common_ufw_allowed_ports:

1
ansible/inventory/host_vars/london-b.yml
View file

@ -5,7 +5,6 @@ host_location: "London"
prometheus_location: london prometheus_location: london
docker_services: docker_services:
- nextcloud-aio
- jellyseerr - jellyseerr
- navidrome - navidrome
- slskd - slskd

192
ansible/services/caddy/Caddyfile.template
View file

@ -1,192 +0,0 @@
# Caddyfile template for helsinki-a reverse proxy
#
# Variables (replace before deploying):
# {{HELSINKI_A_IP}} - helsinki-a Tailscale IP (currently 100.67.6.27)
# {{LONDON_A_IP}} - london-a Tailscale IP (currently 100.122.219.41)
# {{LONDON_B_IP}} - london-b Tailscale IP (currently 100.84.65.101)
# {{AUTHELIA_PORT}} - Authelia port (currently 9091)
# {{DOMAIN_PRIMARY}} - Primary domain (currently pez.sh)
# {{DOMAIN_ALT}} - Alternate domain (currently pez.solutions)
#
# Authelia forward_auth pattern: see README.md for details.
{
admin {{HELSINKI_A_IP}}:2019
metrics {
per_host
}
}
# ============================================================
# Snippet: Authelia forward_auth
# Include with `import authelia` inside any site block.
# ============================================================
(authelia) {
forward_auth localhost:{{AUTHELIA_PORT}} {
uri /api/authz/forward-auth
copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
}
}
## LONDON-A SERVICES ##
# Grafana
grafana.{{DOMAIN_ALT}}, grafana.{{DOMAIN_PRIMARY}} {
import authelia
reverse_proxy {{LONDON_A_IP}}:3000
}
# Prometheus
prometheus.{{DOMAIN_ALT}}, prometheus.{{DOMAIN_PRIMARY}} {
import authelia
reverse_proxy {{LONDON_A_IP}}:9090
}
## LONDON-B SERVICES ##
# Jellyfin (no auth — has its own login)
jellyfin.{{DOMAIN_ALT}}, jellyfin.{{DOMAIN_PRIMARY}} {
reverse_proxy {{LONDON_B_IP}}:8096
}
# Plex (no auth — has its own login)
plex.{{DOMAIN_ALT}}, plex.{{DOMAIN_PRIMARY}} {
reverse_proxy {{LONDON_B_IP}}:32400
}
# Radarr
radarr.{{DOMAIN_ALT}}, radarr.{{DOMAIN_PRIMARY}} {
import authelia
reverse_proxy {{LONDON_B_IP}}:7878
}
# Sonarr
sonarr.{{DOMAIN_ALT}}, sonarr.{{DOMAIN_PRIMARY}} {
import authelia
reverse_proxy {{LONDON_B_IP}}:8989
}
# Lidarr
lidarr.{{DOMAIN_ALT}}, lidarr.{{DOMAIN_PRIMARY}} {
import authelia
reverse_proxy {{LONDON_B_IP}}:8686
}
# Readarr
readarr.{{DOMAIN_ALT}}, readarr.{{DOMAIN_PRIMARY}} {
import authelia
reverse_proxy {{LONDON_B_IP}}:8787
}
# slskd (Soulseek)
soulseek.{{DOMAIN_ALT}}, soulseek.{{DOMAIN_PRIMARY}} {
import authelia
reverse_proxy {{LONDON_B_IP}}:5030
}
# Prowlarr
prowlarr.{{DOMAIN_ALT}}, prowlarr.{{DOMAIN_PRIMARY}} {
import authelia
reverse_proxy {{LONDON_B_IP}}:9696
}
# Transmission
download.{{DOMAIN_ALT}}, download.{{DOMAIN_PRIMARY}} {
import authelia
reverse_proxy {{LONDON_B_IP}}:9091
}
# Overseerr (no auth — has its own login)
request.{{DOMAIN_ALT}}, request.{{DOMAIN_PRIMARY}} {
reverse_proxy {{LONDON_B_IP}}:5055
}
# Jellyseerr (no auth — has its own login)
jellyfin-requests.{{DOMAIN_ALT}}, jellyfin-requests.{{DOMAIN_PRIMARY}} {
reverse_proxy {{LONDON_B_IP}}:5056
}
# Nextcloud AIO
https://cloud.{{DOMAIN_PRIMARY}}:443 {
reverse_proxy {{LONDON_B_IP}}:11000
}
# Navidrome
music.{{DOMAIN_PRIMARY}} {
reverse_proxy {{LONDON_B_IP}}:4533
}
# Miniflux RSS
rss.{{DOMAIN_PRIMARY}} {
import authelia
reverse_proxy {{LONDON_B_IP}}:8181
}
## HELSINKI-A SERVICES (localhost) ##
# Bitwarden
https://bitwarden.{{DOMAIN_PRIMARY}} {
reverse_proxy localhost:8443 {
transport http {
tls_insecure_skip_verify
}
}
}
# Authelia portal
auth.{{DOMAIN_ALT}}, auth.{{DOMAIN_PRIMARY}} {
reverse_proxy localhost:{{AUTHELIA_PORT}}
}
# LLDAP web UI
ldap.{{DOMAIN_PRIMARY}} {
reverse_proxy 127.0.0.1:17170
}
# Apps dashboard
apps.{{DOMAIN_ALT}}, apps.{{DOMAIN_PRIMARY}} {
root * /srv/apps
import authelia
file_server
}
# Static sites
{{DOMAIN_ALT}} {
root * /srv/pez.solutions
file_server
}
cloud.{{DOMAIN_ALT}} {
root * /srv/cloud.pez.solutions
file_server
}
{{DOMAIN_PRIMARY}} {
root * /srv/pez.sh
file_server
}
signup.{{DOMAIN_ALT}} {
root * /srv/pez-signup
file_server
}
naveen.{{DOMAIN_PRIMARY}} {
root * /srv/naveen
file_server
}
status.{{DOMAIN_PRIMARY}} {
root * /srv/status
file_server
}
# Forgejo (auth handled by Forgejo itself)
git.{{DOMAIN_PRIMARY}} {
reverse_proxy localhost:3000
}
# This Website Does Not Exist
thiswebsitedoesnotexist.{{DOMAIN_PRIMARY}} {
reverse_proxy localhost:3721
}

2
ansible/services/caddy/README.md
View file

@ -85,7 +85,6 @@ forward_auth localhost:9091 {
| Apps dashboard | Authelia | Internal apps page | | Apps dashboard | Authelia | Internal apps page |
| Jellyfin, Plex | Own auth | Have built-in user management | | Jellyfin, Plex | Own auth | Have built-in user management |
| Overseerr, Jellyseerr | Own auth | Have built-in user management | | Overseerr, Jellyseerr | Own auth | Have built-in user management |
| Nextcloud | Own auth | Has built-in user management |
| Navidrome (music) | No auth* | Accessible directly | | Navidrome (music) | No auth* | Accessible directly |
| Bitwarden | Own auth | Has built-in vault auth | | Bitwarden | Own auth | Has built-in vault auth |
| Forgejo (git) | Own auth | Has built-in user management | | Forgejo (git) | Own auth | Has built-in user management |
@ -124,5 +123,4 @@ The `Caddyfile.template` replaces hardcoded values with placeholders:
- The live Caddyfile on helsinki-a is at `/etc/caddy/Caddyfile` - The live Caddyfile on helsinki-a is at `/etc/caddy/Caddyfile`
- Caddy auto-provisions TLS certificates for all listed domains - Caddy auto-provisions TLS certificates for all listed domains
- Commented-out WebDAV block was replaced by the Nextcloud AIO reverse proxy
- Static sites (`pez.sh`, `pez.solutions`, etc.) are served from `/srv/` on helsinki-a - Static sites (`pez.sh`, `pez.solutions`, etc.) are served from `/srv/` on helsinki-a

1
ansible/services/status-page/update-status.sh
View file

@ -24,7 +24,6 @@ SERVICE_MAP["100.84.65.101:8787"]="Readarr"
SERVICE_MAP["100.84.65.101:8989"]="Sonarr" SERVICE_MAP["100.84.65.101:8989"]="Sonarr"
SERVICE_MAP["100.84.65.101:9091"]="Transmission" SERVICE_MAP["100.84.65.101:9091"]="Transmission"
SERVICE_MAP["100.84.65.101:9696"]="Prowlarr" SERVICE_MAP["100.84.65.101:9696"]="Prowlarr"
SERVICE_MAP["100.84.65.101:11000"]="Nextcloud"
SERVICE_MAP["localhost:9091"]="Authelia" SERVICE_MAP["localhost:9091"]="Authelia"
SERVICE_MAP["100.84.65.101:8181"]="Miniflux" SERVICE_MAP["100.84.65.101:8181"]="Miniflux"
SERVICE_MAP["localhost:3000"]="Forgejo" SERVICE_MAP["localhost:3000"]="Forgejo"

18
terraform/cloudflare_dns.tf
View file

@ -36,15 +36,6 @@ resource "cloudflare_dns_record" "bitwarden" {
ttl = 1 ttl = 1
} }
resource "cloudflare_dns_record" "cloud" {
zone_id = cloudflare_zone.pez-sh.id
name = "cloud"
type = "A"
content = hcloud_server.helsinki-a.ipv4_address
proxied = false
ttl = 1
}
resource "cloudflare_dns_record" "download" { resource "cloudflare_dns_record" "download" {
zone_id = cloudflare_zone.pez-sh.id zone_id = cloudflare_zone.pez-sh.id
name = "download" name = "download"
@ -252,15 +243,6 @@ resource "cloudflare_dns_record" "status" {
ttl = 1 ttl = 1
} }
resource "cloudflare_dns_record" "thiswebsitedoesnotexist" {
zone_id = cloudflare_zone.pez-sh.id
name = "thiswebsitedoesnotexist"
type = "A"
content = hcloud_server.helsinki-a.ipv4_address
proxied = true
ttl = 1
}
resource "cloudflare_dns_record" "wow" { resource "cloudflare_dns_record" "wow" {
zone_id = cloudflare_zone.pez-sh.id zone_id = cloudflare_zone.pez-sh.id
name = "wow" name = "wow"