Post-X-Society/Post-Tyranny-Tech-Infrastructure
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Post-Tyranny-Tech-Infrastru.../ansible/roles/edge-traefik/templates/dynamic.yml.j2
Pieter b6c9fa666d chore: Post-workshop state - January 23rd, 2026 
This commit captures the infrastructure state immediately following
the "Post-Tyranny Tech" workshop on January 23rd, 2026.

Infrastructure Status:
- 13 client servers deployed (white, valk, zwaan, specht, das, uil, vos,
  haas, wolf, ree, mees, mus, mol, kikker)
- Services: Authentik SSO, Nextcloud, Collabora Office, Traefik
- Private network architecture with edge NAT gateway
- OIDC integration between Authentik and Nextcloud
- Automated recovery flows and invitation system
- Container update monitoring with Diun
- Uptime monitoring with Uptime Kuma

Changes include:
- Multiple new client host configurations
- Network architecture improvements (private IPs + NAT)
- DNS management automation
- Container update notifications
- Email configuration via Mailgun
- SSH key generation for all clients
- Encrypted secrets for all deployments
- Health check and diagnostic scripts

Known Issues to Address:
- Nextcloud version pinned to v30 (should use 'latest' or v32)
- Zitadel references in templates (migrated to Authentik but templates not updated)
- Traefik dynamic config has obsolete static routes

🤖 Generated with Claude Code (https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2026-01-23 20:36:31 +01:00

559 lines
12 KiB
Django/Jinja
Raw Blame History

# Edge Traefik Dynamic Configuration
# Managed by Ansible - do not edit manually
# Routes traffic to backend servers on private network
http:
# Routers for white client
routers:
white-auth:
rule: "Host(`auth.white.vrije.cloud`)"
service: white-auth
entryPoints:
- websecure
tls:
certResolver: letsencrypt
white-nextcloud:
rule: "Host(`nextcloud.white.vrije.cloud`)"
service: white-nextcloud
entryPoints:
- websecure
tls:
certResolver: letsencrypt
white-collabora:
rule: "Host(`office.white.vrije.cloud`)"
service: white-collabora
entryPoints:
- websecure
tls:
certResolver: letsencrypt
valk-auth:
rule: "Host(`auth.valk.vrije.cloud`)"
service: valk-auth
entryPoints:
- websecure
tls:
certResolver: letsencrypt
valk-nextcloud:
rule: "Host(`nextcloud.valk.vrije.cloud`)"
service: valk-nextcloud
entryPoints:
- websecure
tls:
certResolver: letsencrypt
valk-collabora:
rule: "Host(`office.valk.vrije.cloud`)"
service: valk-collabora
entryPoints:
- websecure
tls:
certResolver: letsencrypt
zwaan-auth:
rule: "Host(`auth.zwaan.vrije.cloud`)"
service: zwaan-auth
entryPoints:
- websecure
tls:
certResolver: letsencrypt
zwaan-nextcloud:
rule: "Host(`nextcloud.zwaan.vrije.cloud`)"
service: zwaan-nextcloud
entryPoints:
- websecure
tls:
certResolver: letsencrypt
zwaan-collabora:
rule: "Host(`office.zwaan.vrije.cloud`)"
service: zwaan-collabora
entryPoints:
- websecure
tls:
certResolver: letsencrypt
specht-auth:
rule: "Host(`auth.specht.vrije.cloud`)"
service: specht-auth
entryPoints:
- websecure
tls:
certResolver: letsencrypt
specht-nextcloud:
rule: "Host(`nextcloud.specht.vrije.cloud`)"
service: specht-nextcloud
entryPoints:
- websecure
tls:
certResolver: letsencrypt
specht-collabora:
rule: "Host(`office.specht.vrije.cloud`)"
service: specht-collabora
entryPoints:
- websecure
tls:
certResolver: letsencrypt
das-auth:
rule: "Host(`auth.das.vrije.cloud`)"
service: das-auth
entryPoints:
- websecure
tls:
certResolver: letsencrypt
das-nextcloud:
rule: "Host(`nextcloud.das.vrije.cloud`)"
service: das-nextcloud
entryPoints:
- websecure
tls:
certResolver: letsencrypt
das-collabora:
rule: "Host(`office.das.vrije.cloud`)"
service: das-collabora
entryPoints:
- websecure
tls:
certResolver: letsencrypt
uil-auth:
rule: "Host(`auth.uil.vrije.cloud`)"
service: uil-auth
entryPoints:
- websecure
tls:
certResolver: letsencrypt
uil-nextcloud:
rule: "Host(`nextcloud.uil.vrije.cloud`)"
service: uil-nextcloud
entryPoints:
- websecure
tls:
certResolver: letsencrypt
uil-collabora:
rule: "Host(`office.uil.vrije.cloud`)"
service: uil-collabora
entryPoints:
- websecure
tls:
certResolver: letsencrypt
vos-auth:
rule: "Host(`auth.vos.vrije.cloud`)"
service: vos-auth
entryPoints:
- websecure
tls:
certResolver: letsencrypt
vos-nextcloud:
rule: "Host(`nextcloud.vos.vrije.cloud`)"
service: vos-nextcloud
entryPoints:
- websecure
tls:
certResolver: letsencrypt
vos-collabora:
rule: "Host(`office.vos.vrije.cloud`)"
service: vos-collabora
entryPoints:
- websecure
tls:
certResolver: letsencrypt
haas-auth:
rule: "Host(`auth.haas.vrije.cloud`)"
service: haas-auth
entryPoints:
- websecure
tls:
certResolver: letsencrypt
haas-nextcloud:
rule: "Host(`nextcloud.haas.vrije.cloud`)"
service: haas-nextcloud
entryPoints:
- websecure
tls:
certResolver: letsencrypt
haas-collabora:
rule: "Host(`office.haas.vrije.cloud`)"
service: haas-collabora
entryPoints:
- websecure
tls:
certResolver: letsencrypt
wolf-auth:
rule: "Host(`auth.wolf.vrije.cloud`)"
service: wolf-auth
entryPoints:
- websecure
tls:
certResolver: letsencrypt
wolf-nextcloud:
rule: "Host(`nextcloud.wolf.vrije.cloud`)"
service: wolf-nextcloud
entryPoints:
- websecure
tls:
certResolver: letsencrypt
wolf-collabora:
rule: "Host(`office.wolf.vrije.cloud`)"
service: wolf-collabora
entryPoints:
- websecure
tls:
certResolver: letsencrypt
ree-auth:
rule: "Host(`auth.ree.vrije.cloud`)"
service: ree-auth
entryPoints:
- websecure
tls:
certResolver: letsencrypt
ree-nextcloud:
rule: "Host(`nextcloud.ree.vrije.cloud`)"
service: ree-nextcloud
entryPoints:
- websecure
tls:
certResolver: letsencrypt
ree-collabora:
rule: "Host(`office.ree.vrije.cloud`)"
service: ree-collabora
entryPoints:
- websecure
tls:
certResolver: letsencrypt
mees-auth:
rule: "Host(`auth.mees.vrije.cloud`)"
service: mees-auth
entryPoints:
- websecure
tls:
certResolver: letsencrypt
mees-nextcloud:
rule: "Host(`nextcloud.mees.vrije.cloud`)"
service: mees-nextcloud
entryPoints:
- websecure
tls:
certResolver: letsencrypt
mees-collabora:
rule: "Host(`office.mees.vrije.cloud`)"
service: mees-collabora
entryPoints:
- websecure
tls:
certResolver: letsencrypt
mus-auth:
rule: "Host(`auth.mus.vrije.cloud`)"
service: mus-auth
entryPoints:
- websecure
tls:
certResolver: letsencrypt
mus-nextcloud:
rule: "Host(`nextcloud.mus.vrije.cloud`)"
service: mus-nextcloud
entryPoints:
- websecure
tls:
certResolver: letsencrypt
mus-collabora:
rule: "Host(`office.mus.vrije.cloud`)"
service: mus-collabora
entryPoints:
- websecure
tls:
certResolver: letsencrypt
mol-auth:
rule: "Host(`auth.mol.vrije.cloud`)"
service: mol-auth
entryPoints:
- websecure
tls:
certResolver: letsencrypt
mol-nextcloud:
rule: "Host(`nextcloud.mol.vrije.cloud`)"
service: mol-nextcloud
entryPoints:
- websecure
tls:
certResolver: letsencrypt
mol-collabora:
rule: "Host(`office.mol.vrije.cloud`)"
service: mol-collabora
entryPoints:
- websecure
tls:
certResolver: letsencrypt
# Services (backend servers)
services:
white-auth:
loadBalancer:
servers:
- url: "https://10.0.0.40:443"
serversTransport: insecureTransport
white-nextcloud:
loadBalancer:
servers:
- url: "https://10.0.0.40:443"
serversTransport: insecureTransport
white-collabora:
loadBalancer:
servers:
- url: "https://10.0.0.40:443"
serversTransport: insecureTransport
valk-auth:
loadBalancer:
servers:
- url: "https://10.0.0.41:443"
serversTransport: insecureTransport
valk-nextcloud:
loadBalancer:
servers:
- url: "https://10.0.0.41:443"
serversTransport: insecureTransport
valk-collabora:
loadBalancer:
servers:
- url: "https://10.0.0.41:443"
serversTransport: insecureTransport
zwaan-auth:
loadBalancer:
servers:
- url: "https://10.0.0.42:443"
serversTransport: insecureTransport
zwaan-nextcloud:
loadBalancer:
servers:
- url: "https://10.0.0.42:443"
serversTransport: insecureTransport
zwaan-collabora:
loadBalancer:
servers:
- url: "https://10.0.0.42:443"
serversTransport: insecureTransport
specht-auth:
loadBalancer:
servers:
- url: "https://10.0.0.43:443"
serversTransport: insecureTransport
specht-nextcloud:
loadBalancer:
servers:
- url: "https://10.0.0.43:443"
serversTransport: insecureTransport
specht-collabora:
loadBalancer:
servers:
- url: "https://10.0.0.43:443"
serversTransport: insecureTransport
das-auth:
loadBalancer:
servers:
- url: "https://10.0.0.44:443"
serversTransport: insecureTransport
das-nextcloud:
loadBalancer:
servers:
- url: "https://10.0.0.44:443"
serversTransport: insecureTransport
das-collabora:
loadBalancer:
servers:
- url: "https://10.0.0.44:443"
serversTransport: insecureTransport
uil-auth:
loadBalancer:
servers:
- url: "https://10.0.0.45:443"
serversTransport: insecureTransport
uil-nextcloud:
loadBalancer:
servers:
- url: "https://10.0.0.45:443"
serversTransport: insecureTransport
uil-collabora:
loadBalancer:
servers:
- url: "https://10.0.0.45:443"
serversTransport: insecureTransport
vos-auth:
loadBalancer:
servers:
- url: "https://10.0.0.46:443"
serversTransport: insecureTransport
vos-nextcloud:
loadBalancer:
servers:
- url: "https://10.0.0.46:443"
serversTransport: insecureTransport
vos-collabora:
loadBalancer:
servers:
- url: "https://10.0.0.46:443"
serversTransport: insecureTransport
haas-auth:
loadBalancer:
servers:
- url: "https://10.0.0.47:443"
serversTransport: insecureTransport
haas-nextcloud:
loadBalancer:
servers:
- url: "https://10.0.0.47:443"
serversTransport: insecureTransport
haas-collabora:
loadBalancer:
servers:
- url: "https://10.0.0.47:443"
serversTransport: insecureTransport
wolf-auth:
loadBalancer:
servers:
- url: "https://10.0.0.48:443"
serversTransport: insecureTransport
wolf-nextcloud:
loadBalancer:
servers:
- url: "https://10.0.0.48:443"
serversTransport: insecureTransport
wolf-collabora:
loadBalancer:
servers:
- url: "https://10.0.0.48:443"
serversTransport: insecureTransport
ree-auth:
loadBalancer:
servers:
- url: "https://10.0.0.49:443"
serversTransport: insecureTransport
ree-nextcloud:
loadBalancer:
servers:
- url: "https://10.0.0.49:443"
serversTransport: insecureTransport
ree-collabora:
loadBalancer:
servers:
- url: "https://10.0.0.49:443"
serversTransport: insecureTransport
mees-auth:
loadBalancer:
servers:
- url: "https://10.0.0.50:443"
serversTransport: insecureTransport
mees-nextcloud:
loadBalancer:
servers:
- url: "https://10.0.0.50:443"
serversTransport: insecureTransport
mees-collabora:
loadBalancer:
servers:
- url: "https://10.0.0.50:443"
serversTransport: insecureTransport
mus-auth:
loadBalancer:
servers:
- url: "https://10.0.0.51:443"
serversTransport: insecureTransport
mus-nextcloud:
loadBalancer:
servers:
- url: "https://10.0.0.51:443"
serversTransport: insecureTransport
mus-collabora:
loadBalancer:
servers:
- url: "https://10.0.0.51:443"
serversTransport: insecureTransport
mol-auth:
loadBalancer:
servers:
- url: "https://10.0.0.53:443"
serversTransport: insecureTransport
mol-nextcloud:
loadBalancer:
servers:
- url: "https://10.0.0.53:443"
serversTransport: insecureTransport
mol-collabora:
loadBalancer:
servers:
- url: "https://10.0.0.53:443"
serversTransport: insecureTransport
# Server transport (allow self-signed certs from backends)
serversTransports:
insecureTransport:
insecureSkipVerify: true
Reference in a new issue View git blame Copy permalink