update things
This commit is contained in:
parent
281084402a
commit
82d5a78a16
2 changed files with 50 additions and 54 deletions
|
@ -51,36 +51,38 @@
|
|||
};
|
||||
|
||||
|
||||
sops.secrets."cloudflare/api_key" = {
|
||||
owner = "haproxy";
|
||||
sopsFile = ../../../secrets/cloudflare.yaml;
|
||||
};
|
||||
# sops.secrets."cloudflare/api_key" = {
|
||||
# owner = "haproxy";
|
||||
# sopsFile = ../../../secrets/cloudflare.yaml;
|
||||
# };
|
||||
#
|
||||
# sops.secrets."cloudflare/email" = {
|
||||
# owner = "haproxy";
|
||||
# sopsFile = ../../../secrets/cloudflare.yaml;
|
||||
# };
|
||||
|
||||
sops.secrets."cloudflare/email" = {
|
||||
owner = "haproxy";
|
||||
sopsFile = ../../../secrets/cloudflare.yaml;
|
||||
};
|
||||
|
||||
security.acme = {
|
||||
acceptTerms = true;
|
||||
defaults = {
|
||||
group = "haproxy";
|
||||
extraLegoFlags = [ "--pem" ];
|
||||
reloadServices = [ "haproxy" ];
|
||||
email = "albert@sysctl.io";
|
||||
dnsProvider = "cloudflare";
|
||||
credentialFiles = {
|
||||
CLOUDFLARE_API_KEY_FILE = "/var/run/secrets/cloudflare/api_key";
|
||||
CLOUDFLARE_EMAIL_FILE = "/var/run/secrets/cloudflare/email";
|
||||
};
|
||||
};
|
||||
certs = {
|
||||
"sysctl.io" = {
|
||||
directory = "/haproxy/";
|
||||
enableDebugLogs = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
# security.acme = {
|
||||
# acceptTerms = true;
|
||||
# defaults = {
|
||||
# group = "haproxy";
|
||||
# extraLegoFlags = [ "--pem" ];
|
||||
# dnsPropagationCheck = false;
|
||||
# email = "albert@sysctl.io";
|
||||
# };
|
||||
# certs."sysctl.io" = {
|
||||
# directory = "/haproxy/";
|
||||
# dnsProvider = "cloudflare";
|
||||
# dnsResolver = "1.1.1.1:53";
|
||||
# enableDebugLogs = true;
|
||||
# credentialFiles = {
|
||||
# "CF_DNS_API_TOKEN_FILE" = "/var/run/secrets/cloudflare/api_key";
|
||||
# "CLOUDFLARE_EMAIL_FILE" = "/var/run/secrets/cloudflare/email";
|
||||
# };
|
||||
# domain = "sysctl.io";
|
||||
# extraDomainNames = [ "*.sysctl.io" ];
|
||||
# reloadServices = [ "haproxy" ];
|
||||
# };
|
||||
# };
|
||||
|
||||
services.haproxy = {
|
||||
enable = true;
|
||||
|
@ -95,16 +97,26 @@
|
|||
frontend http
|
||||
mode http
|
||||
bind :80
|
||||
bind :443 ssl crt /haproxy
|
||||
option forwardfor
|
||||
default_backend backend_http
|
||||
backend backend_http
|
||||
mode http
|
||||
server framework-server 10.100.0.2
|
||||
|
||||
frontend https
|
||||
mode tcp
|
||||
bind :443
|
||||
default_backend backend_tcp
|
||||
|
||||
frontend tcp
|
||||
mode tcp
|
||||
bind :42420
|
||||
bind :25565
|
||||
bind :443
|
||||
bind :4443
|
||||
default_backend backend_tcp
|
||||
backend backend_tcp
|
||||
mode tcp
|
||||
server framework-server 10.100.0.2
|
||||
|
||||
frontend mail
|
||||
mode tcp
|
||||
|
@ -114,26 +126,10 @@
|
|||
bind :587
|
||||
bind :993
|
||||
bind :4190
|
||||
option forwardfor
|
||||
default_backend backend_mail
|
||||
|
||||
backend backend_mail
|
||||
mode tcp
|
||||
option forwarded
|
||||
option forwardfor if-none
|
||||
server mailserver-wg 10.100.1.3
|
||||
|
||||
backend backend_tcp
|
||||
mode tcp
|
||||
option forwarded
|
||||
option forwardfor if-none
|
||||
server framework-server 10.100.0.2
|
||||
|
||||
backend backend_http
|
||||
mode http
|
||||
option forwarded
|
||||
option forwardfor if-none
|
||||
server framework-server 10.100.0.2
|
||||
'';
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,14 +1,14 @@
|
|||
cloudflare:
|
||||
email: ENC[AES256_GCM,data:ycl75o3oi/zF6czNBfKzIg==,iv:MWUwoMU4XfHX9rilJlRGuPbISvhwtMAfku/0ZAckTSo=,tag:nekhk1dNOKeuYg87/ulDKA==,type:str]
|
||||
api_key: ENC[AES256_GCM,data:DEPN2A7lQy74PIUdS1IBcQrO/hk77rApSjL6ET4NRizkpI2r,iv:xVwDzr1zJpt7UlfQZ87m+sY8VjDe/t/1hr41pMq9osg=,tag:2nzfNdeOU6Wx7tGIdMEZWQ==,type:str]
|
||||
api_key: ENC[AES256_GCM,data:RYAd4zSbbSXF4jDgzmvVFRc0GKkUu+F5+kKzZ1YEUrzRmcoZEuaSxg==,iv:BJRuy1bp8cC7dCXHq4VVBz7Tp860RmldUj7NnDE8PR8=,tag:3PeRGmfOs6oya5zGiHWPhA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age: []
|
||||
lastmodified: "2024-08-05T12:54:12Z"
|
||||
mac: ENC[AES256_GCM,data:okgSNCxIjjO1Et52EVeaCz7Ep+QqEcwvTsyTmZEW1gedc7bQSCYra+E5RqS/xlVw6//+N5VJx0kSBYG79KVwMWC9tnm9FSwQwFBb8MvCjEdH2Dgxf9VXYd53P8SdLA8hQoFfREJekIbTiZoVGG6mk4Yl++ufECG/zl1IE6/eeVg=,iv:IiGI8uRJA/H8uIBd2nexg4R4ORVrtAvFIkKEMBB2/bQ=,tag:13Fgq4FSOim3V9l72XzjHA==,type:str]
|
||||
lastmodified: "2024-08-06T01:41:28Z"
|
||||
mac: ENC[AES256_GCM,data:ALVUwaZ1+9Rg6z3003z+Cb2OeZagyNJohs7h/7Bhjgu5Rz6O44RjQ2S6UOezI5FcNXGaGbDRL83Vv192g0KfG0Ec3wwhcfBeNFUxQvIwH3F+RUWxqA5JDDk4+KMrW09fxy4koOgr1xO6z0uMYlIpJK/Jyu8t8mjoJLFI5lXdgzc=,iv:KCiyksgkG5loPEKPbmr0TMQ6pFpuGOeRzlRqu+mAFLI=,tag:oKgTNCpa3It2UIDeYxMXNA==,type:str]
|
||||
pgp:
|
||||
- created_at: "2024-08-05T12:38:54Z"
|
||||
enc: |-
|
||||
|
|
Loading…
Reference in a new issue