CCCHH/ansible-infra
CCCHH/ansible-infra
3
2
Fork 2
Code Issues 7 Pull requests 3 Wiki Activity Actions

Compare commits

base: CCCHH:8b94a49f5e3255377f349087b1e224903696329a
Branches Tags
CCCHH:main
CCCHH:router-killing-turing
CCCHH:renovate/docker.io-library-redis-8.x
CCCHH:renovate/docker.io-library-postgres-18.x
CCCHH:renovate/docker.io-library-mariadb-12.x
CCCHH:fix_ansible_lint
CCCHH:feature/add-new-router
CCCHH:fux-alerts
CCCHH:move_to_sops
..
compare: CCCHH:66ee44366b5e08b2368b82a25c1b1b4cd0882ff5
Branches Tags
CCCHH:main
CCCHH:router-killing-turing
CCCHH:renovate/docker.io-library-redis-8.x
CCCHH:renovate/docker.io-library-postgres-18.x
CCCHH:renovate/docker.io-library-mariadb-12.x
CCCHH:fix_ansible_lint
CCCHH:feature/add-new-router
CCCHH:fux-alerts
CCCHH:move_to_sops

No commits in common. "8b94a49f5e3255377f349087b1e224903696329a" and "66ee44366b5e08b2368b82a25c1b1b4cd0882ff5" have entirely different histories.
8b94a49f5e ... 66ee44366b

5 changed files with 7 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

4
inventories/chaosknoten/hosts.yaml
View file

@ -55,9 +55,9 @@ all:
ansible_host: router.hamburg.ccc.de
ansible_user: chaos
wiki:
ansible_host: wiki.hosts.hamburg.ccc.de
ansible_host: wiki-intern.hamburg.ccc.de
ansible_user: chaos
ansible_ssh_common_args: -J ssh://chaos@router.hamburg.ccc.de
ansible_ssh_common_args: -J ssh://chaos@public-reverse-proxy.hamburg.ccc.de
zammad:
ansible_host: zammad-intern.hamburg.ccc.de
ansible_user: chaos

4
resources/chaosknoten/public-reverse-proxy/nginx/acme_challenge.conf
View file

@ -25,8 +25,8 @@ map $host $upstream_acme_challenge_host {
pretalx.hamburg.ccc.de 172.31.17.157:31820;
spaceapi.hamburg.ccc.de 172.31.17.151:31820;
staging.hamburg.ccc.de 172.31.17.151:31820;
wiki.ccchh.net wiki.hosts.hamburg.ccc.de:31820;
wiki.hamburg.ccc.de wiki.hosts.hamburg.ccc.de:31820;
wiki.ccchh.net 172.31.17.146:31820;
wiki.hamburg.ccc.de 172.31.17.146:31820;
www.hamburg.ccc.de 172.31.17.151:31820;
tickets.hamburg.ccc.de 172.31.17.148:31820;
sunders.hamburg.ccc.de 172.31.17.170:31820;

6
resources/chaosknoten/router/nftables/nftables.conf
View file

@ -13,8 +13,6 @@ define wan_ifs = { $if_net1_v4_wan,
$if_net2_v6_wan }
define lan_ifs = { $if_net0_2_v4_nat,
$if_net0_3_ci_runner }
# define v4_exposed_ifs = { }
define v6_exposed_ifs = { $if_net0_2_v4_nat }
## Rules
@ -71,9 +69,5 @@ table inet forward {
# Allow internet access.
meta nfproto ipv6 iifname $lan_ifs oifname $if_net2_v6_wan accept comment "allow v6 internet access"
meta nfproto ipv4 iifname $lan_ifs oifname $if_net1_v4_wan accept comment "allow v4 internet access"
# Allow access to exposed networks from internet.
# meta nfproto ipv4 oifname $v4_exposed_ifs accept comment "allow v4 exposed network access"
meta nfproto ipv6 oifname $v6_exposed_ifs accept comment "allow v6 exposed network access"
}
}

2
resources/chaosknoten/wiki/nginx/wiki.ccchh.net.conf
View file

@ -7,7 +7,7 @@ server {
# $remote_port to the client address and client port, when using proxy
# protocol.
# First set our proxy protocol proxy as trusted.
set_real_ip_from 2a00:14b0:4200:3000:125::1;
set_real_ip_from 172.31.17.140;
# Then tell the realip_module to get the addreses from the proxy protocol
# header.
real_ip_header proxy_protocol;

2
resources/chaosknoten/wiki/nginx/wiki.hamburg.ccc.de.conf
View file

@ -7,7 +7,7 @@ server {
# $remote_port to the client address and client port, when using proxy
# protocol.
# First set our proxy protocol proxy as trusted.
set_real_ip_from 2a00:14b0:4200:3000:125::1;
set_real_ip_from 172.31.17.140;
# Then tell the realip_module to get the addreses from the proxy protocol
# header.
real_ip_header proxy_protocol;