commit c493cfc76f6c760f2ff22fbb4c12c4be2eb8dcbd
parent 7960b93bfac97d79b7c80d0570847974b74f7e48
Author: Leah (ctucx) <leah@ctu.cx>
Date: Wed, 20 Jan 2021 17:58:45 +0100
parent 7960b93bfac97d79b7c80d0570847974b74f7e48
Author: Leah (ctucx) <leah@ctu.cx>
Date: Wed, 20 Jan 2021 17:58:45 +0100
router: add static dhcp leases in dnsmasq, cleanup of ssl section
1 file changed, 35 insertions(+), 21 deletions(-)
diff --git a/playbook-router.yml b/playbook-router.yml @@ -170,21 +170,23 @@ - lollo.ctu.cx renew_tasks: - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/lollo.ctu.cx + syncthing.lollo.ctu.cx: + dns_names: + - syncthing.lollo.ctu.cx + renew_tasks: + - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/syncthing.lollo.ctu.cx home.ctu.cx: dns_names: - home.ctu.cx + - legacy.home.ctu.cx renew_tasks: - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/home.ctu.cx home.flauschekatze.space: dns_names: - home.flauschekatze.space + - legacy.home.flauschekatze.space renew_tasks: - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/home.flauschekatze.space - syncthing.lollo.ctu.cx: - dns_names: - - syncthing.lollo.ctu.cx - renew_tasks: - - chown -R acme-redirect:acme-redirect /var/lib/acme-redirect/live/syncthing.lollo.ctu.cx nginx: enable: true @@ -199,11 +201,11 @@ locations: - path: /node-exporter proxy: http://127.0.0.1:9100/metrics - home.ctu.cx: - root: /var/lib/websites/lollo.ctu.cx + home.ctu.cx legacy.home.ctu.cx: + root: /var/lib/websites/home.ctu.cx extraConfig: " index index.html index.php; - try_files $uri $uri/ / index.php?$query_string; + try_files $uri $uri/ /index.php?$query_string; " ssl: enable: true @@ -216,11 +218,11 @@ fastcgi_index index.php; include fastcgi_params; " - home.flauschekatze.space: - root: /var/lib/websites/lollo.ctu.cx + home.flauschekatze.space legacy.home.flauschekatze.space: + root: /var/lib/websites/home.ctu.cx extraConfig: " index index.html index.php; - try_files $uri $uri/ / index.php?$query_string; + try_files $uri $uri/ /index.php?$query_string; " ssl: enable: true @@ -256,8 +258,8 @@ auth_ttl: 600 auth_server: home.ctu.cx, wg-pbb auth_zones: - - home.ctu.cx, 10.0.0.1/24, 195.39.246.32/28, 2a0f:4ac0:acab::1/64 - - home.flauschekatze.space, 10.0.0.1/24, 195.39.246.32/28, 2a0f:4ac0:acab::1/64 + - home.ctu.cx, 10.0.0.1/24, 195.39.246.32/28, 2a0f:4ac0:acab::1/64 + - home.flauschekatze.space, 10.0.0.1/24, 195.39.246.32/28, 2a0f:4ac0:acab::1/64 local_addresses: - /fritz.box/192.168.178.1 - /intel-nuc/192.168.178.21 @@ -266,8 +268,10 @@ - /mastodon-backup/192.168.178.25 - /foo-nuc/192.168.178.23 addresses: - - home.ctu.cx, 195.39.246.33, 2a0f:4ac0:acab::1 - - home.flauschekatze.space, 195.39.246.33, 2a0f:4ac0:acab::1 + - home.ctu.cx, 195.39.246.33, 2a0f:4ac0:acab::1 + - home.flauschekatze.space, 195.39.246.33, 2a0f:4ac0:acab::1 + - legacy.home.ctu.cx, 195.39.246.33, 2a0f:4ac0:acab::1 + - legacy.home.flauschekatze.space, 195.39.246.33, 2a0f:4ac0:acab::1 dns_servers: - 1.1.1.1 - 1.0.0.1 @@ -275,20 +279,27 @@ - 8.8.4.4 dhcp: authoritative: true - rapid_commit: true + rapid_commit: true sequential_ip: true options: - option6:information-refresh-time, 6h - option6:dns-server, [2a0f:4ac0:acab::1] - - public, option:router, 195.39.246.33 - - public, option:dns-server, 195.39.246.33 - private, option:router, 10.0.0.1 - private, option:dns-server, 10.0.0.1 + - public, option:router, 195.39.246.33 + - public, option:dns-server, 195.39.246.33 ranges: - - public, 195.39.246.34, 195.39.246.42, 255.255.255.240, 195.39.246.47, 48h - - private, 10.0.0.32, 10.0.0.160, 255.255.255.0, 48h + - private, 10.0.0.100, 10.0.0.200, 255.255.255.0, 48h + - public, 195.39.246.34, static, 255.255.255.240, 195.39.246.47, 48h - 2a0f:4ac0:acab::100, 2a0f:4ac0:acab::01ff, ra-names,slaac, 64, 48h hosts: + # accesspoint + - f4:06:8d:df:1f:e3, accesspoint, 10.0.0.2 + # tradfri gateway + - 58:d5:0a:ba:23:29, tradfri, 10.0.0.10 + # ctucx iphone + - id:00:01:00:01:26:56:cb:5c:4c:57:ca:a8:b7:83, ctucx-eifon, [2a0f:4ac0:acab::105] + - 4c:57:ca:a8:b7:83, ctucx-eifon, 10.0.0.105 # ctucx macbook - id:00:01:00:01:27:51:55:30:80:e6:50:21:e0:6a, toaster, [2a0f:4ac0:acab::34] - 80:e6:50:21:e0:6a, toaster, 195.39.246.34 @@ -298,10 +309,13 @@ # ctucx thinkpad t470 (mac: wlan, eth) - id:00:04:37:8e:fd:cc:26:b8:11:b2:a8:5c:b8:77:0b:6e:a2:e6, coladose, [2a0f:4ac0:acab::35] - 7c:2a:31:fb:e6:b8, 8c:16:45:da:61:8e, coladose, 195.39.246.35 + # isa iphone + - id:00:01:00:01:26:a9:b6:78:28:a0:2b:53:c3:c7, IsaPhone, [2a0f:4ac0:acab::111] + - 28:a0:2b:53:c3:c7, isaPhone, 10.0.0.111 # isa macbook - id:00:01:00:01:23:53:5d:7e:6c:40:08:af:2e:9c, isabelles-mbp, [2a0f:4ac0:acab::38] - 6c:40:08:af:2e:9c, isabelles-mbp, 195.39.246.38 - # isa thinkpad (x230) + # isa thinkpad x230 - id:00:04:e8:51:c5:1d:f6:53:58:4a:9b:c0:28:59:a4:c7:76:32, isa-x230, [2a0f:4ac0:acab::36] - 64:80:99:75:c5:5c, isa-x230, 195.39.246.36