update things

This commit is contained in:
albert 2024-08-07 19:52:46 +09:00
parent 281084402a
commit 82d5a78a16
Signed by: albert
GPG key ID: 3895DD267CA11BA9
2 changed files with 50 additions and 54 deletions

View file

@ -51,36 +51,38 @@
};
sops.secrets."cloudflare/api_key" = {
owner = "haproxy";
sopsFile = ../../../secrets/cloudflare.yaml;
};
# sops.secrets."cloudflare/api_key" = {
# owner = "haproxy";
# sopsFile = ../../../secrets/cloudflare.yaml;
# };
#
# sops.secrets."cloudflare/email" = {
# owner = "haproxy";
# sopsFile = ../../../secrets/cloudflare.yaml;
# };
sops.secrets."cloudflare/email" = {
owner = "haproxy";
sopsFile = ../../../secrets/cloudflare.yaml;
};
security.acme = {
acceptTerms = true;
defaults = {
group = "haproxy";
extraLegoFlags = [ "--pem" ];
reloadServices = [ "haproxy" ];
email = "albert@sysctl.io";
dnsProvider = "cloudflare";
credentialFiles = {
CLOUDFLARE_API_KEY_FILE = "/var/run/secrets/cloudflare/api_key";
CLOUDFLARE_EMAIL_FILE = "/var/run/secrets/cloudflare/email";
};
};
certs = {
"sysctl.io" = {
directory = "/haproxy/";
enableDebugLogs = true;
};
};
};
# security.acme = {
# acceptTerms = true;
# defaults = {
# group = "haproxy";
# extraLegoFlags = [ "--pem" ];
# dnsPropagationCheck = false;
# email = "albert@sysctl.io";
# };
# certs."sysctl.io" = {
# directory = "/haproxy/";
# dnsProvider = "cloudflare";
# dnsResolver = "1.1.1.1:53";
# enableDebugLogs = true;
# credentialFiles = {
# "CF_DNS_API_TOKEN_FILE" = "/var/run/secrets/cloudflare/api_key";
# "CLOUDFLARE_EMAIL_FILE" = "/var/run/secrets/cloudflare/email";
# };
# domain = "sysctl.io";
# extraDomainNames = [ "*.sysctl.io" ];
# reloadServices = [ "haproxy" ];
# };
# };
services.haproxy = {
enable = true;
@ -95,16 +97,26 @@
frontend http
mode http
bind :80
bind :443 ssl crt /haproxy
option forwardfor
default_backend backend_http
backend backend_http
mode http
server framework-server 10.100.0.2
frontend https
mode tcp
bind :443
default_backend backend_tcp
frontend tcp
mode tcp
bind :42420
bind :25565
bind :443
bind :4443
default_backend backend_tcp
backend backend_tcp
mode tcp
server framework-server 10.100.0.2
frontend mail
mode tcp
@ -114,26 +126,10 @@
bind :587
bind :993
bind :4190
option forwardfor
default_backend backend_mail
backend backend_mail
mode tcp
option forwarded
option forwardfor if-none
server mailserver-wg 10.100.1.3
backend backend_tcp
mode tcp
option forwarded
option forwardfor if-none
server framework-server 10.100.0.2
backend backend_http
mode http
option forwarded
option forwardfor if-none
server framework-server 10.100.0.2
'';
};
}

View file

@ -1,14 +1,14 @@
cloudflare:
email: ENC[AES256_GCM,data:ycl75o3oi/zF6czNBfKzIg==,iv:MWUwoMU4XfHX9rilJlRGuPbISvhwtMAfku/0ZAckTSo=,tag:nekhk1dNOKeuYg87/ulDKA==,type:str]
api_key: ENC[AES256_GCM,data:DEPN2A7lQy74PIUdS1IBcQrO/hk77rApSjL6ET4NRizkpI2r,iv:xVwDzr1zJpt7UlfQZ87m+sY8VjDe/t/1hr41pMq9osg=,tag:2nzfNdeOU6Wx7tGIdMEZWQ==,type:str]
api_key: ENC[AES256_GCM,data:RYAd4zSbbSXF4jDgzmvVFRc0GKkUu+F5+kKzZ1YEUrzRmcoZEuaSxg==,iv:BJRuy1bp8cC7dCXHq4VVBz7Tp860RmldUj7NnDE8PR8=,tag:3PeRGmfOs6oya5zGiHWPhA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: []
lastmodified: "2024-08-05T12:54:12Z"
mac: ENC[AES256_GCM,data:okgSNCxIjjO1Et52EVeaCz7Ep+QqEcwvTsyTmZEW1gedc7bQSCYra+E5RqS/xlVw6//+N5VJx0kSBYG79KVwMWC9tnm9FSwQwFBb8MvCjEdH2Dgxf9VXYd53P8SdLA8hQoFfREJekIbTiZoVGG6mk4Yl++ufECG/zl1IE6/eeVg=,iv:IiGI8uRJA/H8uIBd2nexg4R4ORVrtAvFIkKEMBB2/bQ=,tag:13Fgq4FSOim3V9l72XzjHA==,type:str]
lastmodified: "2024-08-06T01:41:28Z"
mac: ENC[AES256_GCM,data:ALVUwaZ1+9Rg6z3003z+Cb2OeZagyNJohs7h/7Bhjgu5Rz6O44RjQ2S6UOezI5FcNXGaGbDRL83Vv192g0KfG0Ec3wwhcfBeNFUxQvIwH3F+RUWxqA5JDDk4+KMrW09fxy4koOgr1xO6z0uMYlIpJK/Jyu8t8mjoJLFI5lXdgzc=,iv:KCiyksgkG5loPEKPbmr0TMQ6pFpuGOeRzlRqu+mAFLI=,tag:oKgTNCpa3It2UIDeYxMXNA==,type:str]
pgp:
- created_at: "2024-08-05T12:38:54Z"
enc: |-