Simplify netdata network access

This commit is contained in:
Wojciech Kozlowski 2023-10-08 16:48:27 +02:00
parent 666f788a13
commit 22eb280d06
8 changed files with 9 additions and 67 deletions

View File

@ -9,10 +9,9 @@ system_var_containers_directory: "{{ system_var_root_directory }}/containers"
# -------------------------------------------------------------------------------------------------- # --------------------------------------------------------------------------------------------------
# system:extra # system:extra
# -------------------------------------------------------------------------------------------------- # --------------------------------------------------------------------------------------------------
system_extra_netdata_inet_address: "{{ vpn_bridge_inet_address }}" system_extra_netdata_bind_to: "localhost"
system_extra_netdata_inet6_address: "{{ vpn_bridge_inet6_address }}" system_extra_netdata_stream_parent: false
system_extra_netdata_registry_enabled: false system_extra_netdata_stream_dest_inet6: "{{ hostvars.yggdrasil.vpn_wireguard_inet6_address }}"
system_extra_netdata_registry_url: "{{ vault_system_extra_netdata_registry_url }}"
system_extra_netdata_stream_api_key: "{{ vault_system_extra_netdata_stream_api_key }}" system_extra_netdata_stream_api_key: "{{ vault_system_extra_netdata_stream_api_key }}"
# -------------------------------------------------------------------------------------------------- # --------------------------------------------------------------------------------------------------

View File

@ -10,8 +10,6 @@ system_mail_smtp_pass: "{{ vault_system_mail_smtp_pass }}"
system_base_udp_ports: system_base_udp_ports:
- 546 # dhcpv6 - 546 # dhcpv6
- "{{ vpn_wireguard_port }}" - "{{ vpn_wireguard_port }}"
system_base_additional_tcp_ports:
- 19999 # netdata
# -------------------------------------------------------------------------------------------------- # --------------------------------------------------------------------------------------------------
# system:var # system:var

View File

@ -2,7 +2,8 @@
# -------------------------------------------------------------------------------------------------- # --------------------------------------------------------------------------------------------------
# system:extra # system:extra
# -------------------------------------------------------------------------------------------------- # --------------------------------------------------------------------------------------------------
system_extra_netdata_registry_enabled: true system_extra_netdata_bind_to: "0.0.0.0 [::]"
system_extra_netdata_stream_parent: true
# -------------------------------------------------------------------------------------------------- # --------------------------------------------------------------------------------------------------
# system:zfs # system:zfs
@ -37,6 +38,8 @@ system_base_additional_tcp_ports:
- 139 # samba - 139 # samba
- 445 # samba - 445 # samba
- 19999 # netdata - 19999 # netdata
system_base_forward_to_localhost:
- 19999 # netdata
system_base_unattended_upgrades_blacklist: system_base_unattended_upgrades_blacklist:
- "linux-" - "linux-"
- "zfs(utils)?-" - "zfs(utils)?-"
@ -144,7 +147,7 @@ services_host_services:
lrproxy: lrproxy:
inet_address: "{{ vpn_bridge_inet_prefix }}.2" inet_address: "{{ vpn_bridge_inet_prefix }}.2"
inet6_address: "{{ vpn_bridge_inet6_prefix }}::2" inet6_address: "{{ vpn_bridge_inet6_prefix }}::2"
tcp: [80, 443, 19999] tcp: [80, 443]
restic: true restic: true
database: database:
inet_address: "{{ vpn_bridge_inet_prefix }}.3" inet_address: "{{ vpn_bridge_inet_prefix }}.3"

View File

@ -1,22 +0,0 @@
server {
listen [::]:19999;
listen 19999;
server_name netdata.valkyrie.thenineworlds.net;
allow {{ local_inet_network }};
allow {{ local_inet6_network }};
deny all;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://netdata.valkyrie.thenineworlds.net:19999;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}

View File

@ -1,22 +0,0 @@
server {
listen [::]:19999;
listen 19999;
server_name netdata.yggdrasil.thenineworlds.net;
allow {{ local_inet_network }};
allow {{ local_inet6_network }};
deny all;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://netdata.yggdrasil.thenineworlds.net:19999;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}

View File

@ -4,11 +4,6 @@ ff02::1 ip6-allnodes
ff02::2 ip6-allrouters ff02::2 ip6-allrouters
127.0.1.1 {{ services_service_name }} 127.0.1.1 {{ services_service_name }}
{% for netdata_host in ( services_deploy_netdata_hosts | dict2items ) %}
{{ netdata_host.value.inet6_address }} {{ netdata_host.key }}
{{ netdata_host.value.inet_address }} {{ netdata_host.key }}
{% endfor %}
{% for service in ( services_all_services | dict2items ) %} {% for service in ( services_all_services | dict2items ) %}
{{ service.value.inet6_address }} pod-{{ service.key }} {{ service.value.inet6_address }} pod-{{ service.key }}

View File

@ -92,17 +92,8 @@
- "files/services/deploy/lrproxy/nginx-conf.d/database.thenineworlds.net.conf" - "files/services/deploy/lrproxy/nginx-conf.d/database.thenineworlds.net.conf"
- "files/services/deploy/lrproxy/nginx-conf.d/git.thenineworlds.net.conf" - "files/services/deploy/lrproxy/nginx-conf.d/git.thenineworlds.net.conf"
- "files/services/deploy/lrproxy/nginx-conf.d/music.thenineworlds.net.conf" - "files/services/deploy/lrproxy/nginx-conf.d/music.thenineworlds.net.conf"
- "files/services/deploy/lrproxy/nginx-conf.d/netdata.valkyrie.thenineworlds.net.conf"
- "files/services/deploy/lrproxy/nginx-conf.d/netdata.yggdrasil.thenineworlds.net.conf"
- "files/services/deploy/lrproxy/nginx-conf.d/notes.thenineworlds.net.conf" - "files/services/deploy/lrproxy/nginx-conf.d/notes.thenineworlds.net.conf"
services_service_deploy_versions: "{{ services_deploy_versions.lrproxy }}" services_service_deploy_versions: "{{ services_deploy_versions.lrproxy }}"
services_deploy_netdata_hosts:
"netdata.valkyrie.thenineworlds.net":
inet_address: "{{ hostvars.valkyrie.system_extra_netdata_inet_address }}"
inet6_address: "{{ hostvars.valkyrie.system_extra_netdata_inet6_address }}"
"netdata.yggdrasil.thenineworlds.net":
inet_address: "{{ hostvars.yggdrasil.system_extra_netdata_inet_address }}"
inet6_address: "{{ hostvars.yggdrasil.system_extra_netdata_inet6_address }}"
when: "'lrproxy' in services_host_services" when: "'lrproxy' in services_host_services"
tags: "always" tags: "always"

2
roles

@ -1 +1 @@
Subproject commit 0f805168b6c3b6293378e75e061a8b6dbbf1f875 Subproject commit f92b5eac6ed0965a3189500e2bfa3b01c77da21c