diff --git a/ansible/inventories/group_vars/all/main.yml b/ansible/inventories/group_vars/all/main.yml index 47c301b..bc93ee4 100644 --- a/ansible/inventories/group_vars/all/main.yml +++ b/ansible/inventories/group_vars/all/main.yml @@ -26,171 +26,171 @@ auto_configure_traefik: subdomain: "sonarr" host: "10.0.2.25" port: 8989 - auth_required: true + internal: true radarr: subdomain: "radarr" host: "10.0.2.25" port: 7878 - auth_required: true + internal: true lidarr: subdomain: "lidarr" host: "10.0.2.25" port: 8686 - auth_required: true + internal: true transmission: subdomain: "transmission" host: "10.0.2.25" port: 9091 - auth_required: true + internal: true unmanic: subdomain: "unmanic" host: "10.0.2.25" port: 8888 - auth_required: true + internal: true bazarr: subdomain: "bazarr" host: "10.0.2.25" port: 6767 - auth_required: true + internal: true seerr: subdomain: "overseerr" host: "10.0.2.25" port: 5055 - auth_required: false + internal: false prowlarr: subdomain: "prowlarr" host: "10.0.2.25" port: 9696 - auth_required: true + internal: true unpackerr: subdomain: "unpackerr" host: "10.0.2.25" port: 5656 - auth_required: true + internal: true questarr: subdomain: "questarr" host: "10.0.2.25" port: 5000 - auth_required: true + internal: true # infra komodo: subdomain: "komodo" host: "10.0.4.10" port: 9120 - auth_required: true + internal: true homeassistant: subdomain: "homeassistant" host: "10.0.2.100" port: 8123 - auth_required: false + internal: false # media plex: subdomain: "plex" host: "10.0.2.10" port: 32400 - auth_required: false + internal: false tracearr: subdomain: "tracearr" host: "10.0.2.21" port: 3000 - auth_required: true + internal: true vaultwarden: subdomain: "pwds" host: "10.0.2.27" port: 8004 - auth_required: false + internal: false changedetection: subdomain: "changedetection" host: "10.0.2.24" port: 5000 - auth_required: true + internal: true nextcloud: subdomain: "cloud" host: "10.0.2.30" port: 8001 - auth_required: false + internal: false convertx: subdomain: "convertx" host: "10.0.2.43" port: 3000 - auth_required: true + internal: true dawarich: subdomain: "places" host: "10.0.2.48" port: 3000 - auth_required: false + internal: false frigate: subdomain: "frigate" host: "10.0.2.14" port: 5000 - auth_required: true + internal: true droposs: subdomain: "games" host: "10.0.2.46" port: 3000 - auth_required: false + internal: false gitea: subdomain: "gitea" host: "10.0.2.28" port: 3000 - auth_required: true + internal: true immich: subdomain: "immich" host: "10.0.2.18" port: 2283 - auth_required: false + internal: false mastodon: subdomain: "social" host: "10.0.2.20" port: 80 - auth_required: false + internal: false forward_https: true matrix: subdomain: "chat" host: "10.0.2.20" port: 8008 - auth_required: false + internal: false mealie: subdomain: "recipes" host: "10.0.2.26" port: 9000 - auth_required: false + internal: false truenas: subdomain: "nas" host: "10.0.2.200" port: 80 - auth_required: true + internal: true paperless: subdomain: "paperless" host: "10.0.2.29" port: 8003 - auth_required: true + internal: true pbs: subdomain: "pbs" host: "10.0.2.104" port: 8007 https: true - auth_required: true + internal: true # pinchflat: # subdomain: "youtube" # host: "10.0.2.23" # port: 8081 - # auth_required: true + # internal: true proxmox: subdomain: "proxmox" host: "10.0.2.2" port: 8006 https: true - auth_required: true + internal: true resume: subdomain: "resume" host: "10.0.2.53" port: 3000 - auth_required: true + internal: true auth_bypass_paths: - /lino - /assets @@ -199,37 +199,42 @@ auto_configure_traefik: subdomain: "fast" host: "10.0.2.15" port: 8765 - auth_required: true + internal: true stocks: subdomain: "stocks" host: "10.0.2.40" port: 3333 - auth_required: false + internal: false super-productivity: subdomain: "tasks" host: "10.0.2.45" port: 80 - auth_required: true + internal: true uptime-kuma: subdomain: "uptime" host: "10.0.2.203" port: 3001 - auth_required: true + internal: true wealthfolio: subdomain: "wealth" host: "10.0.2.40" port: 8088 - auth_required: true + internal: true trek: subdomain: "trips" host: "10.0.4.30" port: 8083 - auth_required: true + internal: true homelable: subdomain: "infra" host: "10.0.4.30" port: 8084 - auth_required: true + internal: true + price-tracker: + subdomain: "prices" + host: "10.0.4.40" + port: 3000 + internal: true # Auth services configuration pocketid_host: 10.0.4.10 diff --git a/ansible/roles/traefik/templates/remote-services.yml.j2 b/ansible/roles/traefik/templates/remote-services.yml.j2 index dd2f8fa..6629927 100644 --- a/ansible/roles/traefik/templates/remote-services.yml.j2 +++ b/ansible/roles/traefik/templates/remote-services.yml.j2 @@ -116,7 +116,7 @@ http: # Auto-configured services - HTTPS {% for service_name, config in auto_configure_traefik.items() %} -{% if config.auth_required | default(true) %} +{% if config.internal | default(true) %} # {{ service_name }} - local IP bypass (no auth) {{ service_name }}-local: rule: "Host(`{{ config.subdomain }}.{{ domain }}`) && (ClientIP(`192.168.0.0/16`) || ClientIP(`10.0.0.0/8`) || ClientIP(`172.16.0.0/12`))" @@ -153,9 +153,9 @@ http: entryPoints: - https priority: 1 -{% if config.auth_required | default(true) or config.forward_https | default(false) %} +{% if config.internal | default(true) or config.forward_https | default(false) %} middlewares: -{% if config.auth_required | default(true) %} +{% if config.internal | default(true) %} - pocketid-auth {% endif %} {% if config.forward_https | default(false) %} @@ -170,9 +170,9 @@ http: rule: "Host(`{{ config.subdomain }}.{{ domain }}`)" entryPoints: - https -{% if config.auth_required | default(true) or config.forward_https | default(false) %} +{% if config.internal | default(true) or config.forward_https | default(false) %} middlewares: -{% if config.auth_required | default(true) %} +{% if config.internal | default(true) %} - pocketid-auth {% endif %} {% if config.forward_https | default(false) %}