From 9c169561d7362c01b1f990a3934b651040c23785 Mon Sep 17 00:00:00 2001 From: sjat Date: Sun, 14 Jun 2026 17:39:44 +0200 Subject: [PATCH] feat(offsite): *.askari.wingu.me wildcard + offsite.yml (docker_host + reverse_proxy) Co-Authored-By: Claude Opus 4.8 (1M context) --- inventories/production/group_vars/all/public_dns.yml | 3 +++ playbooks/offsite.yml | 11 +++++++++++ 2 files changed, 14 insertions(+) create mode 100644 playbooks/offsite.yml diff --git a/inventories/production/group_vars/all/public_dns.yml b/inventories/production/group_vars/all/public_dns.yml index c0e8016..5d9ce02 100644 --- a/inventories/production/group_vars/all/public_dns.yml +++ b/inventories/production/group_vars/all/public_dns.yml @@ -13,6 +13,9 @@ public_dns__records: # askari (off-site host, TF-provisioned M2) — public A so it's reachable by name + # for future ACME on *.askari.wingu.me. Mesh/LAN-only home services never appear here. - {record: askari, type: A, values: ["77.42.120.136"], ttl: 1800} + # Wildcard for askari's services (test/netbird/...) → same host; Caddy gets a + # *.askari.wingu.me cert via DNS-01 (M4a). + - {record: "*.askari", type: A, values: ["77.42.120.136"], ttl: 1800} # Absent — Gandi's auto-seeded defaults we don't want (purged once, idempotent thereafter). public_dns__absent: diff --git a/playbooks/offsite.yml b/playbooks/offsite.yml new file mode 100644 index 0000000..e8899f5 --- /dev/null +++ b/playbooks/offsite.yml @@ -0,0 +1,11 @@ +--- +# offsite.yml — off-site hosts (askari): Docker engine + the Caddy reverse proxy. +# NetBird (M4b) appends to this play. Run: make deploy PLAYBOOK=offsite LIMIT=askari +- name: Configure off-site hosts + hosts: offsite_hosts + become: true + roles: + - role: docker_host + tags: [docker_host] + - role: reverse_proxy + tags: [reverse_proxy]