diff --git a/group_vars/app_prod/vars.yml b/group_vars/app_prod/vars.yml index 5fe3df2..06d3b7a 100644 --- a/group_vars/app_prod/vars.yml +++ b/group_vars/app_prod/vars.yml @@ -5,3 +5,6 @@ apps_base_domain: sapti.me db_inventory_hostname: sapt-labp-db01 db_host: "{{ hostvars[db_inventory_hostname].internal_ipv4 }}" + +proxy_inventory_hostname: sapt-labr-prx01 +proxy_host: "{{ hostvars[proxy_inventory_hostname].internal_ipv4 }}" diff --git a/group_vars/app_stage/vars.yml b/group_vars/app_stage/vars.yml index 4c361cf..1a3a737 100644 --- a/group_vars/app_stage/vars.yml +++ b/group_vars/app_stage/vars.yml @@ -5,3 +5,6 @@ apps_base_domain: staging.sapti.me db_inventory_hostname: sapt-labs-db01 db_host: "{{ hostvars[db_inventory_hostname].internal_ipv4 }}" + +proxy_inventory_hostname: sapt-labr-prx01 +proxy_host: "{{ hostvars[proxy_inventory_hostname].internal_ipv4 }}" diff --git a/roles/apps/defaults/main.yml b/roles/apps/defaults/main.yml index 065d4e3..4a6f9e5 100644 --- a/roles/apps/defaults/main.yml +++ b/roles/apps/defaults/main.yml @@ -65,4 +65,4 @@ apps_vars: apps_include: "{{ apps_vars | dict2items | map(attribute='key') | list }}" apps_backup: "{{ apps_vars | dict2items | selectattr('value.backup', 'true') | map(attribute='key') | list | intersect(apps_include) }}" apps_proxied: "{{ apps_vars | dict2items | selectattr('value.domain', 'defined') | map(attribute='key') | list | intersect(apps_include) }}" -apps_senders: "{{ apps_vars | dict2items | selectattr('value.sender', 'true') | map(attribute='key') | list | intersect(apps_include) }}" +apps_senders: "{{ apps_vars | dict2items | selectattr('value.sender', 'true') | map(attribute='value.domain') | list }}" diff --git a/roles/apps/tasks/extra_tasks/nextcloud.yml b/roles/apps/tasks/extra_tasks/nextcloud.yml index ba88c4c..1c8dbf0 100644 --- a/roles/apps/tasks/extra_tasks/nextcloud.yml +++ b/roles/apps/tasks/extra_tasks/nextcloud.yml @@ -11,8 +11,7 @@ - name: Create subdirectory for Nextcloud data ansible.builtin.file: path: "{{ apps_data_root }}/nextcloud/data/app" - owner: root - group: '33' + owner: '33' mode: u=rwx,g=rx,o=rx state: directory diff --git a/roles/apps/templates/compose-files/nextcloud.yml.j2 b/roles/apps/templates/compose-files/nextcloud.yml.j2 index 080806a..d44e230 100644 --- a/roles/apps/templates/compose-files/nextcloud.yml.j2 +++ b/roles/apps/templates/compose-files/nextcloud.yml.j2 @@ -26,7 +26,7 @@ services: SMTP_AUTHTYPE: PLAIN SMTP_HOST: postfix SMTP_PORT: 587 - TRUSTED_PROXIES: "{{ apps_vars.nginx.docker_ipv4 }}" + TRUSTED_PROXIES: "{{ proxy_host }} {{ apps_vars.nginx.docker_ipv4 }} fd02::/64" OVERWRITEHOST: {{ apps_vars.nextcloud.domain }} OVERWRITEPROTOCOL: https OVERWRITECLIURL: https://{{ apps_vars.nextcloud.domain }} diff --git a/roles/apps/templates/compose-files/postfix.yml.j2 b/roles/apps/templates/compose-files/postfix.yml.j2 index cbe43eb..18e63a3 100644 --- a/roles/apps/templates/compose-files/postfix.yml.j2 +++ b/roles/apps/templates/compose-files/postfix.yml.j2 @@ -12,7 +12,9 @@ services: HOSTNAME: "{{ apps_vars.postfix.hostname }}" DKIM_AUTOGENERATE: "true" networks: - - {{ apps_postfix_docker_network }} + {{ apps_postfix_docker_network }}: + aliases: + - postfix volumes: - "./data:/etc/opendkim/keys:rw" diff --git a/roles/apps/templates/nextcloud/remoteip.conf.j2 b/roles/apps/templates/nextcloud/remoteip.conf.j2 index 5cf919a..ec06999 100644 --- a/roles/apps/templates/nextcloud/remoteip.conf.j2 +++ b/roles/apps/templates/nextcloud/remoteip.conf.j2 @@ -2,4 +2,6 @@ # code: language=ansible-jinja RemoteIPHeader X-Forwarded-For +RemoteIPInternalProxy {{ proxy_host }} RemoteIPInternalProxy {{ apps_vars.nginx.docker_ipv4 }} +RemoteIPInternalProxy fd02::/64