feat(offsite): *.askari.wingu.me wildcard + offsite.yml (docker_host + reverse_proxy)
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
parent
1ee343dfca
commit
9c169561d7
2 changed files with 14 additions and 0 deletions
|
|
@ -13,6 +13,9 @@ public_dns__records:
|
||||||
# askari (off-site host, TF-provisioned M2) — public A so it's reachable by name +
|
# askari (off-site host, TF-provisioned M2) — public A so it's reachable by name +
|
||||||
# for future ACME on *.askari.wingu.me. Mesh/LAN-only home services never appear here.
|
# for future ACME on *.askari.wingu.me. Mesh/LAN-only home services never appear here.
|
||||||
- {record: askari, type: A, values: ["77.42.120.136"], ttl: 1800}
|
- {record: askari, type: A, values: ["77.42.120.136"], ttl: 1800}
|
||||||
|
# Wildcard for askari's services (test/netbird/...) → same host; Caddy gets a
|
||||||
|
# *.askari.wingu.me cert via DNS-01 (M4a).
|
||||||
|
- {record: "*.askari", type: A, values: ["77.42.120.136"], ttl: 1800}
|
||||||
|
|
||||||
# Absent — Gandi's auto-seeded defaults we don't want (purged once, idempotent thereafter).
|
# Absent — Gandi's auto-seeded defaults we don't want (purged once, idempotent thereafter).
|
||||||
public_dns__absent:
|
public_dns__absent:
|
||||||
|
|
|
||||||
11
playbooks/offsite.yml
Normal file
11
playbooks/offsite.yml
Normal file
|
|
@ -0,0 +1,11 @@
|
||||||
|
---
|
||||||
|
# offsite.yml — off-site hosts (askari): Docker engine + the Caddy reverse proxy.
|
||||||
|
# NetBird (M4b) appends to this play. Run: make deploy PLAYBOOK=offsite LIMIT=askari
|
||||||
|
- name: Configure off-site hosts
|
||||||
|
hosts: offsite_hosts
|
||||||
|
become: true
|
||||||
|
roles:
|
||||||
|
- role: docker_host
|
||||||
|
tags: [docker_host]
|
||||||
|
- role: reverse_proxy
|
||||||
|
tags: [reverse_proxy]
|
||||||
Loading…
Add table
Reference in a new issue