Simplify netdata network access
This commit is contained in:
parent
666f788a13
commit
22eb280d06
@ -9,10 +9,9 @@ system_var_containers_directory: "{{ system_var_root_directory }}/containers"
|
|||||||
# --------------------------------------------------------------------------------------------------
|
# --------------------------------------------------------------------------------------------------
|
||||||
# system:extra
|
# system:extra
|
||||||
# --------------------------------------------------------------------------------------------------
|
# --------------------------------------------------------------------------------------------------
|
||||||
system_extra_netdata_inet_address: "{{ vpn_bridge_inet_address }}"
|
system_extra_netdata_bind_to: "localhost"
|
||||||
system_extra_netdata_inet6_address: "{{ vpn_bridge_inet6_address }}"
|
system_extra_netdata_stream_parent: false
|
||||||
system_extra_netdata_registry_enabled: false
|
system_extra_netdata_stream_dest_inet6: "{{ hostvars.yggdrasil.vpn_wireguard_inet6_address }}"
|
||||||
system_extra_netdata_registry_url: "{{ vault_system_extra_netdata_registry_url }}"
|
|
||||||
system_extra_netdata_stream_api_key: "{{ vault_system_extra_netdata_stream_api_key }}"
|
system_extra_netdata_stream_api_key: "{{ vault_system_extra_netdata_stream_api_key }}"
|
||||||
|
|
||||||
# --------------------------------------------------------------------------------------------------
|
# --------------------------------------------------------------------------------------------------
|
||||||
|
@ -10,8 +10,6 @@ system_mail_smtp_pass: "{{ vault_system_mail_smtp_pass }}"
|
|||||||
system_base_udp_ports:
|
system_base_udp_ports:
|
||||||
- 546 # dhcpv6
|
- 546 # dhcpv6
|
||||||
- "{{ vpn_wireguard_port }}"
|
- "{{ vpn_wireguard_port }}"
|
||||||
system_base_additional_tcp_ports:
|
|
||||||
- 19999 # netdata
|
|
||||||
|
|
||||||
# --------------------------------------------------------------------------------------------------
|
# --------------------------------------------------------------------------------------------------
|
||||||
# system:var
|
# system:var
|
||||||
|
@ -2,7 +2,8 @@
|
|||||||
# --------------------------------------------------------------------------------------------------
|
# --------------------------------------------------------------------------------------------------
|
||||||
# system:extra
|
# system:extra
|
||||||
# --------------------------------------------------------------------------------------------------
|
# --------------------------------------------------------------------------------------------------
|
||||||
system_extra_netdata_registry_enabled: true
|
system_extra_netdata_bind_to: "0.0.0.0 [::]"
|
||||||
|
system_extra_netdata_stream_parent: true
|
||||||
|
|
||||||
# --------------------------------------------------------------------------------------------------
|
# --------------------------------------------------------------------------------------------------
|
||||||
# system:zfs
|
# system:zfs
|
||||||
@ -37,6 +38,8 @@ system_base_additional_tcp_ports:
|
|||||||
- 139 # samba
|
- 139 # samba
|
||||||
- 445 # samba
|
- 445 # samba
|
||||||
- 19999 # netdata
|
- 19999 # netdata
|
||||||
|
system_base_forward_to_localhost:
|
||||||
|
- 19999 # netdata
|
||||||
system_base_unattended_upgrades_blacklist:
|
system_base_unattended_upgrades_blacklist:
|
||||||
- "linux-"
|
- "linux-"
|
||||||
- "zfs(utils)?-"
|
- "zfs(utils)?-"
|
||||||
@ -144,7 +147,7 @@ services_host_services:
|
|||||||
lrproxy:
|
lrproxy:
|
||||||
inet_address: "{{ vpn_bridge_inet_prefix }}.2"
|
inet_address: "{{ vpn_bridge_inet_prefix }}.2"
|
||||||
inet6_address: "{{ vpn_bridge_inet6_prefix }}::2"
|
inet6_address: "{{ vpn_bridge_inet6_prefix }}::2"
|
||||||
tcp: [80, 443, 19999]
|
tcp: [80, 443]
|
||||||
restic: true
|
restic: true
|
||||||
database:
|
database:
|
||||||
inet_address: "{{ vpn_bridge_inet_prefix }}.3"
|
inet_address: "{{ vpn_bridge_inet_prefix }}.3"
|
||||||
|
@ -1,22 +0,0 @@
|
|||||||
server {
|
|
||||||
listen [::]:19999;
|
|
||||||
listen 19999;
|
|
||||||
server_name netdata.valkyrie.thenineworlds.net;
|
|
||||||
|
|
||||||
allow {{ local_inet_network }};
|
|
||||||
allow {{ local_inet6_network }};
|
|
||||||
deny all;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_pass http://netdata.valkyrie.thenineworlds.net:19999;
|
|
||||||
}
|
|
||||||
|
|
||||||
error_page 500 502 503 504 /50x.html;
|
|
||||||
location = /50x.html {
|
|
||||||
root /usr/share/nginx/html;
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
@ -1,22 +0,0 @@
|
|||||||
server {
|
|
||||||
listen [::]:19999;
|
|
||||||
listen 19999;
|
|
||||||
server_name netdata.yggdrasil.thenineworlds.net;
|
|
||||||
|
|
||||||
allow {{ local_inet_network }};
|
|
||||||
allow {{ local_inet6_network }};
|
|
||||||
deny all;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_pass http://netdata.yggdrasil.thenineworlds.net:19999;
|
|
||||||
}
|
|
||||||
|
|
||||||
error_page 500 502 503 504 /50x.html;
|
|
||||||
location = /50x.html {
|
|
||||||
root /usr/share/nginx/html;
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
@ -4,11 +4,6 @@ ff02::1 ip6-allnodes
|
|||||||
ff02::2 ip6-allrouters
|
ff02::2 ip6-allrouters
|
||||||
|
|
||||||
127.0.1.1 {{ services_service_name }}
|
127.0.1.1 {{ services_service_name }}
|
||||||
{% for netdata_host in ( services_deploy_netdata_hosts | dict2items ) %}
|
|
||||||
|
|
||||||
{{ netdata_host.value.inet6_address }} {{ netdata_host.key }}
|
|
||||||
{{ netdata_host.value.inet_address }} {{ netdata_host.key }}
|
|
||||||
{% endfor %}
|
|
||||||
{% for service in ( services_all_services | dict2items ) %}
|
{% for service in ( services_all_services | dict2items ) %}
|
||||||
|
|
||||||
{{ service.value.inet6_address }} pod-{{ service.key }}
|
{{ service.value.inet6_address }} pod-{{ service.key }}
|
||||||
|
@ -92,17 +92,8 @@
|
|||||||
- "files/services/deploy/lrproxy/nginx-conf.d/database.thenineworlds.net.conf"
|
- "files/services/deploy/lrproxy/nginx-conf.d/database.thenineworlds.net.conf"
|
||||||
- "files/services/deploy/lrproxy/nginx-conf.d/git.thenineworlds.net.conf"
|
- "files/services/deploy/lrproxy/nginx-conf.d/git.thenineworlds.net.conf"
|
||||||
- "files/services/deploy/lrproxy/nginx-conf.d/music.thenineworlds.net.conf"
|
- "files/services/deploy/lrproxy/nginx-conf.d/music.thenineworlds.net.conf"
|
||||||
- "files/services/deploy/lrproxy/nginx-conf.d/netdata.valkyrie.thenineworlds.net.conf"
|
|
||||||
- "files/services/deploy/lrproxy/nginx-conf.d/netdata.yggdrasil.thenineworlds.net.conf"
|
|
||||||
- "files/services/deploy/lrproxy/nginx-conf.d/notes.thenineworlds.net.conf"
|
- "files/services/deploy/lrproxy/nginx-conf.d/notes.thenineworlds.net.conf"
|
||||||
services_service_deploy_versions: "{{ services_deploy_versions.lrproxy }}"
|
services_service_deploy_versions: "{{ services_deploy_versions.lrproxy }}"
|
||||||
services_deploy_netdata_hosts:
|
|
||||||
"netdata.valkyrie.thenineworlds.net":
|
|
||||||
inet_address: "{{ hostvars.valkyrie.system_extra_netdata_inet_address }}"
|
|
||||||
inet6_address: "{{ hostvars.valkyrie.system_extra_netdata_inet6_address }}"
|
|
||||||
"netdata.yggdrasil.thenineworlds.net":
|
|
||||||
inet_address: "{{ hostvars.yggdrasil.system_extra_netdata_inet_address }}"
|
|
||||||
inet6_address: "{{ hostvars.yggdrasil.system_extra_netdata_inet6_address }}"
|
|
||||||
when: "'lrproxy' in services_host_services"
|
when: "'lrproxy' in services_host_services"
|
||||||
tags: "always"
|
tags: "always"
|
||||||
|
|
||||||
|
2
roles
2
roles
@ -1 +1 @@
|
|||||||
Subproject commit 0f805168b6c3b6293378e75e061a8b6dbbf1f875
|
Subproject commit f92b5eac6ed0965a3189500e2bfa3b01c77da21c
|
Loading…
Reference in New Issue
Block a user