Dustin C. Hatch 70909d1b13 websites: Enable PROXY protocol for HTTPS sites ...

Since the reverse proxy does TLS pass-through instead of termination,
the original source address is lost.  Since the source address is
important for logging, rate limiting, and access control, we need to use
the HAProxy PROXY protocol to pass it along to the web server.

Since the PROXY protocol works at the TCP layer, _all_ connections must
use it. Fortunately, all of the sites hosted by the public web server
are in fact public and only accessed through HAProxy.  Similarly,
enabling it for one named virtual host enables it for all virtual hosts
on that port.  Thus, we only have to explicitly set it for one site, and
all the rest will use it as well.

2025-08-23 22:21:54 -05:00

.certs @ 0322911067

public-web: Add Tabitha's new SSH key

2024-03-15 10:29:03 -05:00

certs

websites: dustinandtabitha: Switch to mod_md for cert

2025-08-11 10:34:30 -05:00

ci

ci: Add Jenkins pipeline for pxe.yml

2025-07-13 16:10:20 -05:00

deploy

kubernetes: Manage worker nodes

2024-11-24 10:33:21 -06:00

group_vars

websites: Enable PROXY protocol for HTTPS sites

2025-08-23 22:21:54 -05:00

host_vars

gw1/squid: Allow proxy access from kube network

2025-07-12 16:45:47 -05:00

migration

hosts: Add loki1.p.b

2024-11-05 06:54:27 -06:00

passwords/kojiweb_secret

hosts: Add koji0.pyrocufflink.blue

2018-08-12 10:27:20 -05:00

plugins

inventory: Ignore errors connecting to libvirt

2025-07-27 17:47:31 -05:00

pulumi

pulumi: Manage HostVDS instances

2025-01-26 13:08:59 -06:00

roles

websites: Enable PROXY protocol for HTTPS sites

2025-08-23 22:21:54 -05:00

scripts

scripts: Add VM host maintenance scripts

2024-08-23 09:43:24 -05:00

vars

applyConfigPolicy: Configure SSH user certificate

2024-11-25 21:17:44 -06:00

vault

chromie: Set MinIO root password

2024-09-02 21:24:59 -05:00

.gitignore

plugins: Add lookup cache plugin

2025-07-13 16:02:57 -05:00

.gitmodules

certs: Add certificates submodule

2020-02-22 16:28:06 -06:00

.vault-secret.sh

vault-secret: Get key from Bitwarden

2023-04-23 20:05:00 -05:00

alertmanager.yml

r/alertmanager: Deploy AlertManager

2022-08-10 22:18:53 -05:00

ansible.cfg

plugins: Add lookup cache plugin

2025-07-13 16:02:57 -05:00

ansible.yml

ansible: Install Ansible

2018-04-08 12:20:03 -05:00

aria2.yml

aria2: Deploy aria2 download manager

2018-08-19 14:17:48 -05:00

auto-updates.yml

auto-updates: Install and configure dnf-automatic

2024-06-12 06:25:17 -05:00

base.yml

base: Factor out SSH host, user cert roles

2025-02-01 17:36:58 -06:00

bitwarden_rs.yml

bitwarden_rs: Deploy Bitwarden_rs using Docker

2019-09-19 19:27:29 -05:00

blackbox-exporter.yml

r/blackbox-exporter: Deploy blackbox_exporter

2022-08-10 22:18:53 -05:00

bootstrap.yml

bootstrap: Import useproxy playbook

2025-03-19 07:46:28 -05:00

btop.yml

btop: Install btop and run it on the console

2024-09-01 09:24:53 -05:00

burp-client.yml

burp-client: Switch from cron to systemd timer

2023-05-23 09:51:07 -05:00

burp-server.yml

burp-{client,server}: PBs to deploy BURP

2018-08-08 20:14:25 -05:00

certbot.yml

certbot: Playbook to deploy certbot

2018-06-13 22:23:27 -05:00

chrony.yml

chrony: Add role/PB for chrony

2025-03-16 16:37:19 -05:00

clouds.yaml

inventory: Configure for HostVDS openstack

2025-01-26 13:08:59 -06:00

collectd.yml

collect: Import dyngroups.yml playbook

2022-12-19 10:20:57 -06:00

create-dc.sh

create-dc: Add PB for creating new DCs

2024-06-23 10:43:15 -05:00

create-dc.yml

create-dc: Add PB for creating new DCs

2024-06-23 10:43:15 -05:00

datavol.yml

datavol: Handle undefined logical_volumes

2025-07-28 16:51:04 -05:00

dch-gw.yml

dch-gw: Initial commit

2018-03-27 20:44:43 -05:00

dch-proxy.yml

r/dch-proxy: Update and clean up

2024-08-24 11:46:28 -05:00

dch-root-ca-r2.crt

fixup-dch-root-ca-r2

2024-06-12 18:56:41 -05:00

dch-root-ca.crt

pyrocufflink: Trust DCH Root CA

2018-06-04 20:03:55 -05:00

dch-root-ca.yml

dch-root-ca: Add PB to trust DCH Root CA

2024-08-12 22:22:50 -05:00

dch-vpn.yml

Move VPN server to dedicated VM

2018-10-07 21:42:18 -05:00

deploy.sh

kubernetes: Manage worker nodes

2024-11-24 10:33:21 -06:00

dhcpcd.yml

dhcpcd: Install and configure dhcpcd

2018-03-13 23:19:50 -05:00

dhcpd.yml

dhcpd: Install and configure ISC DHCPD

2018-03-27 20:44:43 -05:00

docker-proxy.yml

docker-proxy: Deploy a proxy/cache for Docker Hub

2025-07-12 16:45:47 -05:00

docker.yml

roles/docker: Install and set up Docker daemon

2019-09-19 19:27:12 -05:00

domain-controller.yml

domain-controller: Configure local AD authentication

2018-03-11 18:16:17 -05:00

dyngroups.yml

dyngroups: Always run all tasks

2024-01-09 18:18:34 -06:00

facts.yml

facts: Do not collect facts in first play

2023-10-27 17:40:50 -05:00

fileserver.yml

fileserver: Configure Apache ~user directories

2019-01-04 20:52:23 -06:00

firewalld.yml

firewalld: Playbook to bootstrap firewalld

2018-01-29 15:11:07 -06:00

fluent-bit.yml

fluent-bit: Deploy log collector for Victoria Logs

2025-08-05 07:14:08 -05:00

frigate.yml

r/frigate-exporter: Deploy Prometheus exporter

2024-10-21 20:27:31 -05:00

gitea.yml

r/gitea: use sshd_config.d

2023-11-13 17:45:21 -06:00

grafana.yml

grafana: Redirect HTTP to HTTPS

2022-08-10 21:55:54 -05:00

graylog.yml

graylog: Add PB to deploy Graylog server

2019-10-28 18:47:09 -05:00

hassdb.yml

hassdb: Fix playbook

2020-08-29 14:22:17 -05:00

homeassistant.yml

homeassistant: Split out Zigbee/Zwave playbooks

2021-12-18 16:45:52 -06:00

host-setup.yml

fluent-bit: Deploy log collector for Victoria Logs

2025-08-05 07:14:08 -05:00

hostname.yml

hostname: Also write /etc/hosts

2018-04-08 10:11:43 -05:00

hosts

nextcloud: Fetch HTTPS cert from Kubernetes

2025-08-11 10:39:54 -05:00

hosts.gw

chrony: Add role/PB for chrony

2025-03-16 16:37:19 -05:00

hosts.pyrocufflink.yml

Introduce dynamic inventory

2025-02-08 15:29:58 -06:00

hostvds.openstack.yml

inventory: Configure for HostVDS openstack

2025-01-26 13:08:59 -06:00

jellyfin.yml

jellyfin: Deploy Jellyfin media server

2023-09-12 13:38:35 -05:00

jenkins-slave.yml

jenkins-slave: Apply ssh-hostkeys role

2018-04-08 12:32:02 -05:00

journal2ntfy.yml

journal2ntfy: Script to send log messagess via ntfy

2023-05-17 14:51:21 -05:00

koji-builder.yml

koji: Add playbooks for Koji

2018-08-12 10:14:25 -05:00

koji-hub.yml

koji: Add playbooks for Koji

2018-08-12 10:14:25 -05:00

koji-web.yml

koji: Add playbooks for Koji

2018-08-12 10:14:25 -05:00

koji.yml

koji: Add playbooks for Koji

2018-08-12 10:14:25 -05:00

kube-root-ca.crt

metrics: Scrape metrics from Kubernetes API server

2023-05-22 21:21:08 -05:00

kubernetes.yml

r/k8s-controller: Deploy HAProxy

2025-07-22 16:21:49 -05:00

loki.yml

r/loki-caddy: Caddy reverse proxy for Loki

2024-11-05 06:54:27 -06:00

metricspi.yml

metricspi: Apply victoria-metrics-nginx role

2022-08-12 13:14:41 -05:00

minio-backups.yml

minio-backups: Deploy MinIO for backups

2024-09-01 08:59:28 -05:00

minio.yml

minio: Install and configure MinIO

2023-05-09 21:37:46 -05:00

motioneye.yml

motioneye: Deploy motionEye camera software

2020-10-03 11:29:39 -05:00

named-server.yml

named-server: Playbook to deploy BIND

2018-01-29 15:10:04 -06:00

net-ifaces.yml

net-ifaces: PB to apply net-ifaces role

2018-07-23 17:35:10 -05:00

network.yml

network: Playbook to configure networking

2018-03-27 20:44:43 -05:00

newvm.sh

newvm: Use fedora-rawhide OS variant

2025-07-28 18:15:45 -05:00

nextcloud.yml

nextcloud: Move database to db0

2024-09-02 21:03:33 -05:00

ntp.yml

ntp: Initial PB and role to set up ntpd

2018-04-22 11:19:22 -05:00

nut.yml

nut-monitor: Configure upsmon

2024-01-19 20:50:03 -06:00

postgresql.yml

r/postgresql-data: Manage users and databases

2025-02-01 17:36:58 -06:00

promtail.yml

promtail: Role/Playbook to deploy Promtail

2024-02-22 19:23:31 -06:00

protonvpn.yml

pyrocufflink-dns: Cloudflare over ProtonVPN

2020-09-06 11:06:58 -05:00

Pulumi.prod.yaml

pulumi: Manage HostVDS instances

2025-01-26 13:08:59 -06:00

Pulumi.yaml

pulumi: Manage HostVDS instances

2025-01-26 13:08:59 -06:00

pxe.yml

r/netboot/basementhud: Configure NBD export

2022-08-15 17:18:48 -05:00

pyproject.toml

pulumi: Manage HostVDS instances

2025-01-26 13:08:59 -06:00

pyrocufflink.yml

pyrocufflink: Trust DCH Root CA R2

2024-06-12 18:40:17 -05:00

radius.yml

radius: PB to configure RADIUS servers

2018-05-06 13:09:18 -05:00

radvd.yml

radvd: Install and configure radvd

2018-03-27 20:44:43 -05:00

raid-array.yml

raid-array: Fix md re-add automation

2025-08-05 10:31:33 -05:00

remount.yml

remount: Do not remount SquashFS volumes

2022-08-12 13:40:06 -05:00

repohost.yml

r/repohost: Configure Yum package repo host

2023-11-07 20:51:10 -06:00

restic.yml

restic: Trust dch-root-ca certificate

2025-03-29 09:34:17 -05:00

rngd.yml

rngd: PB to set up rngd

2018-08-13 20:25:22 -05:00

samba-dc.yml

samba-dc: Gather facts for all DCs

2024-06-23 10:43:15 -05:00

scrape-collectd-configmap.yml

scrape-collectd-configmap: Add PB

2025-07-20 21:27:54 -05:00

serterm.yml

r/serterm: Deploy serial terminal multiplexer

2024-11-10 13:15:08 -06:00

site.yml

site: Apply scrape-collectd-configmap PB

2025-07-18 12:46:22 -05:00

smtp-relay.yml

smtp-relay: PB to deploy Postfix SMTP relay

2018-04-15 11:38:51 -05:00

squid.yml

squid: Add role and PB to deploy Squid

2018-08-12 16:00:32 -05:00

ssh-host-certs.yml

base: Factor out SSH host, user cert roles

2025-02-01 17:36:58 -06:00

ssh-user-ca.yml

base: Factor out SSH host, user cert roles

2025-02-01 17:36:58 -06:00

synapse.yml

roles/synapse: Add cert role dependency

2021-01-31 15:38:18 -06:00

systemd-networkd.yml

r/systemd-networkd: Role to configure networkd

2021-10-10 16:09:15 -05:00

systemd-resolved.yml

r/systemd-resolved: Manage systemd resolver daemon

2022-08-12 14:35:14 -05:00

taiga.yml

taiga: Add playbook for Taiga

2019-09-19 19:51:45 -05:00

unifi.yml

unifi: Switch from nginx to Caddy

2025-03-16 17:17:00 -05:00

useproxy.yml

r/useproxy: Configure system-wide proxy

2024-08-12 18:47:04 -05:00

users.yml

users: Do not clear supplemental groups

2025-06-08 09:00:16 -05:00

uv.lock

pulumi: Manage HostVDS instances

2025-01-26 13:08:59 -06:00

victoria-logs.yml

r/victoria-logs: Deploy VictoriaLogs

2025-05-30 21:19:05 -05:00

victoria-metrics.yml

r/vmalert: Deploy vmalert

2022-08-11 21:40:19 -05:00

vmhost.yml

vmhost: Allow host provisioner to log in

2025-02-08 16:49:14 -06:00

wait-for-host.yml

wait-for-host: PB to wait for a host to come up

2024-07-02 20:44:29 -05:00

websites.yml

websites: Remove formsubmit

2025-08-23 20:44:41 -05:00

wheelhost.yml

wheelhost: Publish wheels built by Jenkins

2019-03-22 10:19:27 -05:00

zabbix-agent.yml

zabbix: Playbooks for Zabbix server, agents

2018-04-14 15:31:17 -05:00

zabbix-server.yml

zabbix: Playbooks for Zabbix server, agents

2018-04-14 15:31:17 -05:00

zabbix.yml

zabbix: Playbooks for Zabbix server, agents

2018-04-14 15:31:17 -05:00

zezere.yml

zezere: role/playbook to deploy Zezere

2021-07-05 09:34:25 -05:00

zigbee2mqtt.yml

homeassistant: Split out Zigbee/Zwave playbooks

2021-12-18 16:45:52 -06:00

zwavejs2mqtt.yml

homeassistant: Split out Zigbee/Zwave playbooks

2021-12-18 16:45:52 -06:00

Description

Ansible configuration policy for the private network/home lab of Dustin C. Hatch

http://dustin.hatch.name/

7.7 MiB

Languages

Jinja 86.2%

Python 6.6%

Shell 4.6%

Groovy 2.6%