update things

This commit is contained in:
albert 2024-08-07 19:52:46 +09:00
parent 281084402a
commit 82d5a78a16
Signed by: albert
GPG key ID: 3895DD267CA11BA9
2 changed files with 50 additions and 54 deletions

View file

@ -51,36 +51,38 @@
}; };
sops.secrets."cloudflare/api_key" = { # sops.secrets."cloudflare/api_key" = {
owner = "haproxy"; # owner = "haproxy";
sopsFile = ../../../secrets/cloudflare.yaml; # sopsFile = ../../../secrets/cloudflare.yaml;
}; # };
#
# sops.secrets."cloudflare/email" = {
# owner = "haproxy";
# sopsFile = ../../../secrets/cloudflare.yaml;
# };
sops.secrets."cloudflare/email" = { # security.acme = {
owner = "haproxy"; # acceptTerms = true;
sopsFile = ../../../secrets/cloudflare.yaml; # defaults = {
}; # group = "haproxy";
# extraLegoFlags = [ "--pem" ];
security.acme = { # dnsPropagationCheck = false;
acceptTerms = true; # email = "albert@sysctl.io";
defaults = { # };
group = "haproxy"; # certs."sysctl.io" = {
extraLegoFlags = [ "--pem" ]; # directory = "/haproxy/";
reloadServices = [ "haproxy" ]; # dnsProvider = "cloudflare";
email = "albert@sysctl.io"; # dnsResolver = "1.1.1.1:53";
dnsProvider = "cloudflare"; # enableDebugLogs = true;
credentialFiles = { # credentialFiles = {
CLOUDFLARE_API_KEY_FILE = "/var/run/secrets/cloudflare/api_key"; # "CF_DNS_API_TOKEN_FILE" = "/var/run/secrets/cloudflare/api_key";
CLOUDFLARE_EMAIL_FILE = "/var/run/secrets/cloudflare/email"; # "CLOUDFLARE_EMAIL_FILE" = "/var/run/secrets/cloudflare/email";
}; # };
}; # domain = "sysctl.io";
certs = { # extraDomainNames = [ "*.sysctl.io" ];
"sysctl.io" = { # reloadServices = [ "haproxy" ];
directory = "/haproxy/"; # };
enableDebugLogs = true; # };
};
};
};
services.haproxy = { services.haproxy = {
enable = true; enable = true;
@ -95,16 +97,26 @@
frontend http frontend http
mode http mode http
bind :80 bind :80
bind :443 ssl crt /haproxy
option forwardfor option forwardfor
default_backend backend_http default_backend backend_http
backend backend_http
mode http
server framework-server 10.100.0.2
frontend https
mode tcp
bind :443
default_backend backend_tcp
frontend tcp frontend tcp
mode tcp mode tcp
bind :42420 bind :42420
bind :25565 bind :25565
bind :443 bind :4443
default_backend backend_tcp default_backend backend_tcp
backend backend_tcp
mode tcp
server framework-server 10.100.0.2
frontend mail frontend mail
mode tcp mode tcp
@ -114,26 +126,10 @@
bind :587 bind :587
bind :993 bind :993
bind :4190 bind :4190
option forwardfor
default_backend backend_mail default_backend backend_mail
backend backend_mail backend backend_mail
mode tcp mode tcp
option forwarded
option forwardfor if-none
server mailserver-wg 10.100.1.3 server mailserver-wg 10.100.1.3
backend backend_tcp
mode tcp
option forwarded
option forwardfor if-none
server framework-server 10.100.0.2
backend backend_http
mode http
option forwarded
option forwardfor if-none
server framework-server 10.100.0.2
''; '';
}; };
} }

View file

@ -1,14 +1,14 @@
cloudflare: cloudflare:
email: ENC[AES256_GCM,data:ycl75o3oi/zF6czNBfKzIg==,iv:MWUwoMU4XfHX9rilJlRGuPbISvhwtMAfku/0ZAckTSo=,tag:nekhk1dNOKeuYg87/ulDKA==,type:str] email: ENC[AES256_GCM,data:ycl75o3oi/zF6czNBfKzIg==,iv:MWUwoMU4XfHX9rilJlRGuPbISvhwtMAfku/0ZAckTSo=,tag:nekhk1dNOKeuYg87/ulDKA==,type:str]
api_key: ENC[AES256_GCM,data:DEPN2A7lQy74PIUdS1IBcQrO/hk77rApSjL6ET4NRizkpI2r,iv:xVwDzr1zJpt7UlfQZ87m+sY8VjDe/t/1hr41pMq9osg=,tag:2nzfNdeOU6Wx7tGIdMEZWQ==,type:str] api_key: ENC[AES256_GCM,data:RYAd4zSbbSXF4jDgzmvVFRc0GKkUu+F5+kKzZ1YEUrzRmcoZEuaSxg==,iv:BJRuy1bp8cC7dCXHq4VVBz7Tp860RmldUj7NnDE8PR8=,tag:3PeRGmfOs6oya5zGiHWPhA==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
azure_kv: [] azure_kv: []
hc_vault: [] hc_vault: []
age: [] age: []
lastmodified: "2024-08-05T12:54:12Z" lastmodified: "2024-08-06T01:41:28Z"
mac: ENC[AES256_GCM,data:okgSNCxIjjO1Et52EVeaCz7Ep+QqEcwvTsyTmZEW1gedc7bQSCYra+E5RqS/xlVw6//+N5VJx0kSBYG79KVwMWC9tnm9FSwQwFBb8MvCjEdH2Dgxf9VXYd53P8SdLA8hQoFfREJekIbTiZoVGG6mk4Yl++ufECG/zl1IE6/eeVg=,iv:IiGI8uRJA/H8uIBd2nexg4R4ORVrtAvFIkKEMBB2/bQ=,tag:13Fgq4FSOim3V9l72XzjHA==,type:str] mac: ENC[AES256_GCM,data:ALVUwaZ1+9Rg6z3003z+Cb2OeZagyNJohs7h/7Bhjgu5Rz6O44RjQ2S6UOezI5FcNXGaGbDRL83Vv192g0KfG0Ec3wwhcfBeNFUxQvIwH3F+RUWxqA5JDDk4+KMrW09fxy4koOgr1xO6z0uMYlIpJK/Jyu8t8mjoJLFI5lXdgzc=,iv:KCiyksgkG5loPEKPbmr0TMQ6pFpuGOeRzlRqu+mAFLI=,tag:oKgTNCpa3It2UIDeYxMXNA==,type:str]
pgp: pgp:
- created_at: "2024-08-05T12:38:54Z" - created_at: "2024-08-05T12:38:54Z"
enc: |- enc: |-