added ansible script

2026-02-16 23:40:30 +01:00
parent e6e444fff7
commit 8925d9677e
86 changed files with 15476 additions and 1911 deletions
--- a/ansible/roles/caddy/templates/Caddyfile.j2
+++ b/ansible/roles/caddy/templates/Caddyfile.j2
@@ -0,0 +1,128 @@
+# Caddyfile - Generated by Ansible
+# Domain: {{ domain }}
+
+# Global options
+{
+    email {{ user_email }}
+}
+
+# ===== PUBLIC SERVICES =====
+
+# Nextcloud
+{{ subdomain_nextcloud }}.{{ domain }} {
+    reverse_proxy next:80
+    
+    header {
+        Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
+        X-Content-Type-Options nosniff
+        X-Frame-Options SAMEORIGIN
+        Referrer-Policy no-referrer
+        X-XSS-Protection "1; mode=block"
+        -Server
+    }
+    
+    redir /.well-known/carddav /remote.php/dav 301
+    redir /.well-known/caldav /remote.php/dav 301
+    redir /.well-known/webfinger /index.php/.well-known/webfinger 301
+    redir /.well-known/nodeinfo /index.php/.well-known/nodeinfo 301
+    
+    request_body {
+        max_size 10GB
+    }
+}
+
+# OnlyOffice Document Server
+{{ subdomain_office }}.{{ domain }} {
+    reverse_proxy onlyoffice:80
+    
+    request_body {
+        max_size 100MB
+    }
+    
+    header {
+        Strict-Transport-Security "max-age=31536000"
+        -Server
+    }
+}
+
+# Excalidraw
+{{ subdomain_draw }}.{{ domain }} {
+    reverse_proxy excalidraw:80
+    
+    header {
+        Strict-Transport-Security "max-age=31536000"
+        -Server
+    }
+}
+
+# Obsidian
+{{ subdomain_notes }}.{{ domain }} {
+    reverse_proxy obsidian:3000
+    
+    header {
+        Strict-Transport-Security "max-age=31536000"
+        -Server
+    }
+}
+
+# ===== TAILSCALE-ONLY SERVICES =====
+
+# Homarr Dashboard
+{{ subdomain_homarr }}.{{ domain }} {
+    @tailscale {
+        remote_ip 100.64.0.0/10
+    }
+    
+    handle @tailscale {
+        reverse_proxy homarr:7575
+    }
+    
+    handle {
+        respond "Access Denied - Tailscale Required" 403
+        abort
+    }
+}
+
+# Dockhand Container Manager
+{{ subdomain_dockhand }}.{{ domain }} {
+    @tailscale {
+        remote_ip 100.64.0.0/10
+    }
+    
+    handle @tailscale {
+        reverse_proxy dockhand:3000
+    }
+    
+    handle {
+        respond "Access Denied - Tailscale Required" 403
+        abort
+    }
+}
+
+# Uptime Kuma Monitoring
+{{ subdomain_uptime }}.{{ domain }} {
+    @tailscale {
+        remote_ip 100.64.0.0/10
+    }
+    
+    handle @tailscale {
+        reverse_proxy uptime-kuma:3001
+    }
+    
+    handle {
+        respond "Access Denied - Tailscale Required" 403
+        abort
+    }
+}
+
+{% if enable_public_status %}
+# Public Status Page
+status.{{ domain }} {
+    reverse_proxy uptime-kuma:3001/status
+    
+    header {
+        Strict-Transport-Security "max-age=31536000"
+        -Server
+    }
+}
+{% endif %}