Post-X-Society/Post-Tyranny-Tech-Infrastructure
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Post-Tyranny-Tech-Infrastru.../ansible/roles/kuma/defaults/main.yml
Pieter 13685eb454 feat: Add infrastructure roles for multi-tenant architecture 
Add new Ansible roles and configuration for the edge proxy and
private network architecture:

## New Roles:
- **edge-traefik**: Edge reverse proxy that routes to private clients
  - Dynamic routing configuration for multiple clients
  - SSL termination at the edge
  - Routes traffic to private IPs (10.0.0.x)

- **nat-gateway**: NAT/gateway configuration for edge server
  - IP forwarding and masquerading
  - Allows private network clients to access internet
  - iptables rules for Docker integration

- **diun**: Docker Image Update Notifier
  - Monitors containers for available updates
  - Email notifications via Mailgun
  - Per-client configuration

- **kuma**: Uptime monitoring integration
  - Registers HTTP monitors for client services
  - Automated monitor creation via API
  - Checks Authentik, Nextcloud, Collabora endpoints

## New Playbooks:
- **setup-edge.yml**: Configure edge server with proxy and NAT

## Configuration:
- **host_vars**: Per-client Ansible configuration (valk, white)
  - SSH bastion configuration for private IPs
  - Client-specific secrets file references

This enables the scalable multi-tenant architecture where:
- Edge server has public IP and routes traffic
- Client servers use private IPs only (cost savings)
- All traffic flows through edge proxy with SSL termination

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2026-01-20 19:05:51 +01:00

41 lines
1.1 KiB
YAML
Raw Blame History

---
# Uptime Kuma monitoring registration
kuma_enabled: true
kuma_url: "https://status.vrije.cloud"
# Authentication options:
# Option 1: Username/Password (required for Socket.io API used by Python library)
kuma_username: "" # Set this for automated registration
kuma_password: "" # Set this for automated registration
# Option 2: API Key (only for REST endpoints like /metrics, not for monitor management)
kuma_api_key: "uk1_H2YjQsSG8em8GG9G9c0arQogSizXI1CRPNgTEUlU"
# Monitors to create for each client
kuma_monitors:
- name: "{{ client_name }} - Authentik SSO"
type: "http"
url: "https://auth.{{ client_domain }}"
method: "GET"
interval: 60
maxretries: 3
retry_interval: 60
expected_status: "200,302"
- name: "{{ client_name }} - Nextcloud"
type: "http"
url: "https://nextcloud.{{ client_domain }}"
method: "GET"
interval: 60
maxretries: 3
retry_interval: 60
expected_status: "200,302"
- name: "{{ client_name }} - Collabora Office"
type: "http"
url: "https://office.{{ client_domain }}"
method: "GET"
interval: 60
maxretries: 3
retry_interval: 60
expected_status: "200"
Reference in a new issue View git blame Copy permalink