From ec9687b93b5fae36a292fcde42988aa238bc4bcf Mon Sep 17 00:00:00 2001 From: Florian RICHER Date: Sun, 8 Jun 2025 21:29:05 +0200 Subject: [PATCH] add ipv6 --- group_vars/all.enc.yml | 83 ++++++++++--------- .../traefik/templates/config/dynamic_conf.yml | 3 +- 2 files changed, 44 insertions(+), 42 deletions(-) diff --git a/group_vars/all.enc.yml b/group_vars/all.enc.yml index 68b19a6..6fe0a72 100644 --- a/group_vars/all.enc.yml +++ b/group_vars/all.enc.yml @@ -1,64 +1,65 @@ -#ENC[AES256_GCM,data:zw==,iv:yGe87pkOWKSW5ExIDNPyFcOf3JkiD6CfmditaqNOcIE=,tag:NdSlw+oX6K+bqvEmiDKNwg==,type:comment] -#ENC[AES256_GCM,data:P87wUPXCrcwj8pysdDtzgyRGC3H6,iv:BB4UtqwG1usoGEIaWq+EmynITtIhYmTAksN39gj8Nvs=,tag:76XXXGDo6kK1Z45FwKOOVA==,type:comment] +#ENC[AES256_GCM,data:Yg==,iv:6m4cYLkJd9i+RVAkyv8HoG84KcG/SbydCsWVhgHFFE4=,tag:7kvZ/lzWSdd97YWoVH1uOw==,type:comment] +#ENC[AES256_GCM,data:NXARyB2jOfPrVYjdMocn/faEaoeg,iv:vQVx9uSdBSNMflfqvgaIOexw5hdJVlzThSHrRV7QRe4=,tag:Llr4H38ynR5eKQHKQsUnJw==,type:comment] server: - domain: ENC[AES256_GCM,data:rNPBfyHnZYbcwCI=,iv:5GFGYfCwwKIHUBEOY9oYtQoYd423vNCjGoc1qjfpdOQ=,tag:vsqYoiyIVM0cJKC4+2i36w==,type:str] - ssh_port: ENC[AES256_GCM,data:f+MGHA==,iv:Qb+wOoTmh8+09OVlUXrB7PQnCguW++xenBGjbvVlRcg=,tag:rjePPm7ZKJAleZbVT9EvwA==,type:int] - work_dir: ENC[AES256_GCM,data:mU36IwSyRCKZ,iv:01614e77X1UhpXo1Sqfim0qikUfkU4uGahaQ7SXwxjo=,tag:e4+qt6EYec5Zo7l60l3Hrw==,type:str] - backup_dir: ENC[AES256_GCM,data:+1IX4bqcrUv6jFc=,iv:9V9ZIK/3UY/1NbpALOpupMj3Z2BLIT2RApXeA+QldMk=,tag:D/tzUMKq3AVfKjFTkHwhrQ==,type:str] - ip: ENC[AES256_GCM,data:VrF0qnXOjKOrHSttJWim,iv:eNDmtDolwD6/7n7n30k5meKDHgPGMBiwP+34tZE57nI=,tag:n3n6qYJWsfq0KMS0MbM7cw==,type:str] + domain: ENC[AES256_GCM,data:TOslPFStHalzj1I=,iv:suidvsNlA6fOJNEQFHf/UfSlYQkuPPRFpkHsLcnsops=,tag:x3TuBbdScY1iKKTlXO5vqw==,type:str] + ssh_port: ENC[AES256_GCM,data:ZjZ83w==,iv:15txszBVLKEZtudCf953tkqYGP8z1Ej/SVjaMU2Eo4o=,tag:Bq+XFizGyA80sN2+WDJ0/Q==,type:int] + work_dir: ENC[AES256_GCM,data:a/USkM84Vq+z,iv:q0dNZrdjnSBiq8XPEuQgUzIxh2M7v2QFyog40wgaDH8=,tag:U5vW3hG+9cfF/JFue0mYsg==,type:str] + backup_dir: ENC[AES256_GCM,data:w0+dbDUQ36iJ7ug=,iv:MhKbmLkWdKiapkkv6Y6fXn3S3En2La3OP2w+U5puE44=,tag:+IIZnEeuSyaa1+++qqJ37A==,type:str] + ipv4: ENC[AES256_GCM,data:YAVu5PVjvFRvFnhgB7gB,iv:5LxuuxvVAb0EpRU1S43X802pXwhmW3XAsWVmKu9zRd8=,tag:jOpkAzPHeSMfLG22JY316A==,type:str] + ipv6: ENC[AES256_GCM,data:JUOsjFDiKTXsJ5YSjkYM+3OpftR7,iv:4BzkOYLLLYdNaTFt8hWWJ2bhoxltO284gnIIjGhSJFs=,tag:UxovDpePUWq7ICEADxZwxA==,type:str] vpn: - subnet: ENC[AES256_GCM,data:17F3acssIE5vDf+oeCk=,iv:TQ6GSw3piSZjpYy/0I3JHYCmY6XjyHjmUZ8QsJm371Y=,tag:E1ggbsiX6NlsA4tu4dPA2g==,type:str] - ip: ENC[AES256_GCM,data:Fk1RLutUvToxAjWZ,iv:P19VCKLai0bf4jH7PmfFqc2mSC/7tAlXNe0+xx6u2GM=,tag:cgI4eRpze4K0Q5kcTJNTqA==,type:str] - reverse_proxy_ip: ENC[AES256_GCM,data:J3Z+2VuEY00Z4vUN,iv:rs+x7Gz/4o/ezqKERmbV6u4df8m+cNu48tsYvByyjb8=,tag:aIDOOi1+dTGrD7qt/Ts4mw==,type:str] - dns_ip: ENC[AES256_GCM,data:8s+axvnJRHVWv711,iv:QjvNey354VwBqV7HZqxcEKbgyY8fC9jpzfExrvV0I4A=,tag:RcvTqQQbn/NGw4K+yz+rRA==,type:str] - port: ENC[AES256_GCM,data:ce+pAC4=,iv:HqcN+qnJEtFSH9OKuQtmKEBJp51bJh0r0A8YAtTs+c4=,tag:cGJ/+xyEY8X63C0sP3XnxQ==,type:int] - peers: ENC[AES256_GCM,data:q2Lvvj4EivqF/pOSlasqUh7WL/Sh3CPYKqT6,iv:q+8Xwlc6Wao/U2YEteyTArAPqou4r09tpigc6NOgSO8=,tag:63A81wgq1VaOPbhnybh2ag==,type:str] + subnet: ENC[AES256_GCM,data:FHAJ2VQWhC0diJ0uzSM=,iv:FAwAcJq5jJxbtHvQxzv18fL2pnIEPjVEf72eBEp9ymI=,tag:KOZpkMi0AaZWJ1UfkCFbMw==,type:str] + ip: ENC[AES256_GCM,data:lTx8b1+5fjG1iUzX,iv:iROSzAnEQg//W3yrglMOJgMxiLFCQdSWxmPPHIkLJ70=,tag:r/jtDNZHFqnBH2ELvA5/VQ==,type:str] + reverse_proxy_ip: ENC[AES256_GCM,data:hVcW6o+3vyynnmiJ,iv:CRuhUkgpC9ar30hJAwE4sy5u4b7o9pOjs81Nr5JvMKs=,tag:EYe3NZPzBounE4kFvcgBCw==,type:str] + dns_ip: ENC[AES256_GCM,data:DUyMEhgKA9lNJuMy,iv:WsOBHGaTdsK2om+Kh5ImCgMUMP7Azm/9LNvUARLWbY8=,tag:FbaqNnQhpchFw5sVqo0z0g==,type:str] + port: ENC[AES256_GCM,data:Hr1Qlss=,iv:1O/kbiPEXRGfaGYCn9vVzc0vg+fReipBupzqQ4/H+zI=,tag:xq9SvHFEYwwclH+UC+MJVA==,type:int] + peers: ENC[AES256_GCM,data:IIDeftc2laKY0s+ret1Qabuvni95Td+u7MWU,iv:zJLPsXfEqMvjQVhaLNcIWIdFfEqmAUXtph5KM27cfn8=,tag:pEQr1Nq+mqSAEXky2+BWfA==,type:str] private_network: extra_ips_whitelist: - - ENC[AES256_GCM,data:EXdMBH666ZhuXrRsww==,iv:vp/XUMAZJbCjkkdDJ2Y2I7DjXxTgKwppXMl98GlB4OE=,tag:GNEPnd8nQMkcXeMXHDUGOg==,type:str] + - ENC[AES256_GCM,data:T7TOz9pOpgO5Swvz0w==,iv:arJakWCN1D/8JfCMgP5KJl4Ft5uUFwV0zM9axq9W0IU=,tag:LBGjOyrzBudm3EyHyljpGQ==,type:str] acme: - email: ENC[AES256_GCM,data:n+G0ktoYdHfExsRCobbQNS1gKzwqluBV51mwPEE=,iv:p3MM+Q7bY6UCS3GwK0mm5vDTmqhzdJRHpKjA4/p6y8o=,tag:ZfitmnFTRvcvKP422gqKKw==,type:str] - debug: ENC[AES256_GCM,data:cvVCP68=,iv:/UizGc/0bhYms7tvtWbS3tpwVQNLKu+MdGl03KdrQIk=,tag:Nc/6khmpqlXbhTSxjju2+Q==,type:bool] -#ENC[AES256_GCM,data:kLRm1qNj,iv:/8Uu2mGVDaLY9K2wdIgCTE3drCBqnPJyUFJzUYxAgAg=,tag:ApzjObouwyz67Ml0inFm8Q==,type:comment] + email: ENC[AES256_GCM,data:nXyyP5LCCG2FLzZTkwt8wKUXrYIMvKnMWMZpb0E=,iv:mTRdw5GMFOvVmZjl7G0vvI/57S/IcAb7Plq/tlglz54=,tag:OdgvCb0OkY6KV06KPTKrhw==,type:str] + debug: ENC[AES256_GCM,data:wJIPl0M=,iv:m832UI+0oa+yC5tgkdwBNTOC8bk26U8AuMg8OBRzLGs=,tag:4cbvLwIHy7dfzy9lQb+Cyw==,type:bool] +#ENC[AES256_GCM,data:Hc48ULNi,iv:6MDdgPpuOXsn+o17krIDPcjYB7JOWVfXaQJZBf2WCcU=,tag:7X/7Lyb5N5rYCLvqli3AYg==,type:comment] protonmail: - initialized: ENC[AES256_GCM,data:e3a1EkU=,iv:V8b70/L830jE7moRZmRDc7YDoLvTQgnZ2Apq/+0dFL8=,tag:gHMOjOVjvxwoJwK9IpGUzg==,type:bool] + initialized: ENC[AES256_GCM,data:HHLN35U=,iv:AgUGatY/vGmudWXHTz+vuf92+8GiRyFLeerL+FXu/Ao=,tag:y7AD21siec3a6yzwKSwCyA==,type:bool] vaultwarden: - admin_token: ENC[AES256_GCM,data:aO6AVxDdrPWis7Y8suLMgJD2p3dM1AjhOTgeB7Fz/Dodq0q/Gy2QSARqF1q4mKgZbuuY8kgaTQ9uiu+bv/Od9AvGb562dipFN1CtyWtAgqZWjkTd/XtA8+SBVzwt4N9PRP9qAoft9RPl0tReifOtE0vkaWX8xA==,iv:CcE5UDcBqRWdQbMt6xm52oqV3Ph2uB3etvsBeHgNZZM=,tag:FcIAXhAHXAVkcBRKT/tmRA==,type:str] + admin_token: ENC[AES256_GCM,data:WwMpkdPMmAJPZfkGOJT2YIAWJacgpJXar101fYcl2EgUdizEsnSgkF5aBvK55oXMmXEtKt3IkOaRXfx+BbpRDwVLnt+kDBBbyoHCdED0fDq4u38s619n+LK8q/m2aTKZoZikTC7TqRIxjZxP0Q8V4cVbM9iE6A==,iv:fOuYcXLBOnoteErC5TWmbWYlU9bTqYU0l2p+C9lpiwo=,tag:iYPlLI18w/7PU5x9ZYHFAQ==,type:str] gitea: - runner_registration_token: ENC[AES256_GCM,data:GpUslxwXSlpsZywG3tEEuFY3f2DRtxm482dmsNgM7XJZqHojHKrYkg==,iv:Gt8BzvNbDdezgr/ESYaOIeIRkj1q+5rMwNhuGPjqHJc=,tag:ddWj91Wu1LyVif3Wrk4hmw==,type:str] + runner_registration_token: ENC[AES256_GCM,data:+qXcsp/Lu7qTq5sA3jrDiGs509KMPV8EquGmEzRYGffb9oD+TULcLQ==,iv:8Q9jvFyo2LZa+pydboGwVR0Cnm4WC4t9NBKyvd5TiTI=,tag:MoI2fYIFaAz0pOe2kJZo+A==,type:str] ryot: - server_pro_key: ENC[AES256_GCM,data:ZHzaAqDOP/jVcs4muQNo4JamuuEDdcAH,iv:Hi0kXOhSWRnunSqWt3asSFdXq6dIniNxQVx9Qu+PNo8=,tag:/FzvB9OmneJXVCanMHxexQ==,type:str] -#ENC[AES256_GCM,data:jdFEdE8qOpYEBha6IG7VrIC3EZVb,iv:qRL16HP5duk3Da88PJcphguDa2buuG2vW2o/w6qNqlk=,tag:3vl373RYoitMs7n4fghpXA==,type:comment] + server_pro_key: ENC[AES256_GCM,data:xumq7GFgn8dPc3hqtpV2X/xmerMf9wsD,iv:60hPwkkAX09xafUvtALfHvhG3qCsSbClh+EVECRohY4=,tag:1V93g6u7vGW0zM/Xitd/Ug==,type:str] +#ENC[AES256_GCM,data:ELaYcxJX4l1hNUNyxyvALl7QlEyx,iv:fqNLsDte0cxX7vqQe1kn3LSf5Ogt6RjrG2y80OqPerY=,tag:1dQlBMI+fWNN+XF8LK2S6w==,type:comment] amazon: - client_id: ENC[AES256_GCM,data:hbBV7n95524FBMWnbrUJ2lKbYVUvZH69kUlp38Y5,iv:WOijZgZFfE+ta1vLwPXshypE0iY/zINrZK/kjgX5fMM=,tag:CO+GBBTBmid3KhOGAsRYlQ==,type:str] - client_secret: ENC[AES256_GCM,data:Y+JWlEXZhBAb/dEfILX4vHTsc8uKrr1++3H9yZdA,iv:dVNFgipXJf5u/3ciSJ6l69qv+lZx728wgkqYYf+GQBY=,tag:ZsR28eph5tG9RVzIsM5lgQ==,type:str] + client_id: ENC[AES256_GCM,data:pQENEfIbRtxTcAM5pX4xw64W8JVZM6E3xcBllWp/,iv:UIfa8Y641mDodnQRfNYPz4NrzJlBa6/g4nAL0AEXuSE=,tag:nWsrKVYS+V0Nt0/lL9Ugag==,type:str] + client_secret: ENC[AES256_GCM,data:T97dz2FDlELe84HVGxy4KiYobtGSfyxReOA2N3OO,iv:/HYdBEbTYagoxuLYpQ5F9krlzjjgMhqgU/Q/dvHFuaA=,tag:A9T4/UxBS+dZsMMsqR8Q/A==,type:str] sops: kms: [] gcp_kms: [] azure_kv: [] hc_vault: [] age: [] - lastmodified: "2024-08-31T18:12:08Z" - mac: ENC[AES256_GCM,data:xVSD4pvg4dKLPJ5NN7YDtPfctbHQjTBlI2E/5wPo5BLowkyVeP2Z+sqL5n+zMni6/B/iUyfLq6Io3NR3DPt57I9kd6QpNVGaN3g7eY4EHa8LOUjVIk5j6Kp2LYbQHRwM0UIDSEQO9VOKB4U60sfhdRbr3V8kn/rYQvqbCERy+Do=,iv:Y7IN/ZYfVgiEBJuTKG07eWg1mH0nwFRTlO0NUONOQkY=,tag:UMOUn6J93FtQvmtw5FS8tA==,type:str] + lastmodified: "2025-06-08T19:28:51Z" + mac: ENC[AES256_GCM,data:v02kYZJ6aEeVBJYzbajyCsJvG4QZJliM8CJnqQGQ0d/x9E0XRlce9474HU3o3j2KckxutqQS8n0VWWW5E6NlrrOoK7GlvtseKq7p67AgFnbmP5UlteK+bNCfgJYxNbi1qq9Q9PvEt/ic92Ck4KiYYkZV9dXLbXzw/s9+as69v/M=,iv:9ahvYiWpqZPwA5jYd0f+MSXnzvcQeRMAI29c8Y59nhU=,tag:/xKPI2EwDKGbz1K8p28SmQ==,type:str] pgp: - - created_at: "2024-08-31T18:12:08Z" + - created_at: "2025-06-08T19:28:51Z" enc: |- -----BEGIN PGP MESSAGE----- - hQIMA1Ns3cJaRR/oARAA2vflZYE82RXVX3jE7Fz9ZuNKhphgGk9GaH1Y34l/Weih - Qcx09fnmgsFGrimOdztxrNjqEwJC/RyLdS+QcADF0V+e5L7FRUuTzQzyM++LE1yR - n2+TKkpQFVZJkSTCSBP3O5g9cjysG/PQpi3UdQe2NuIL3AIfipCv6NTypBVyQfDp - 6VBcyYRzBcfnRHWEPv1BQAsdYFgSqFrdmJWKkcVgphLV2ZiZ1LvqX/UAMkFcAwb3 - K4Ox1jQmUCkNCZOTkJzU8JD+PvYq7NZMJa/IwuGZBdV+s7naWFKvAf5jX11JMfSW - qzX/fBncY10c5967AR+LqJOkig6Pbi8c46dP3oWmtHSbi24XU2aMMijEh7ptwotc - 5uBdcG3LTmlYmdfxtJzFY5Fte+KlzkFW3tfcVSvU+rHhs9tHsU1ON74x24GHits1 - n96tAZrRy5fI/b1rbAHAEDd8VTeLwHYyw0vUkUS20+eKIIK2ki2j43DaYZFEWvYm - vhjp5rU7RU+EXdkuAQp4mlAr0E6Jh9HMdEYX2sEPg1qUYslQlG6VgN7u/q3AoPUc - LgTijHatmohz3vYyxsFQJJ9omMLTEl6hI6i9q7X8yoXkwJaGzKs603fsfrV1DQUq - u6s2kHleWkaT4sieYNAVgoyLf28J6/gUcmYfIPhaLChzhRT182dSoE5UOlDzn7jS - WAHehhiFbSe/MxqIw7EN7ItKjs8gi5d9l31VweTPoYCuBvzNz9C8mBC/bkVLGbkF - ZxDCsoMKb6dPokkZuuehzXcGIg2n67vtwiB3lkqWAjRxM2jyL2RxUHE= - =kz40 + hQIMA1Ns3cJaRR/oAQ/9GVQ5WBImmkoEqt/We14l8Vfd9XKiVXfrnoMj+vnq259N + NXqzHNZAjEuAIW6RWFUgq4sRE4EU7hyiVF7BUQrpmqZYF5PIUd1ylSLc+FSqb6nu + auHzLC9IOsUfnC5k5cUbyqTWkD96n7zEkfOwGgnrSuPpwmeBxNB7YwXaSKgG65fB + savyj+6lM1HKTD1vhUFGEfr+sG/O1iHgJKbtAbcsFiHFrGOQY+tXmC+ENvzvApoe + 8IrhhYHSzPYGt5+kTh6C++vkYhKA0UdSqSMpJ/EClMMbl1VkI29r8s9N4nvJHBnw + 9sdHhTWGjRcbYDZ6OUnCkKAMzYEGGvkQrIABBOYmyqpteQkd/YkamzNF+NDNoN10 + Ma2a7AjFBmTSg90bA1CgUX5qaht9c2Od4pnF0SKkhqB5R38Uxc3Nl8CowDjrg81n + ap70a5FMY1KyXelOV139RXMPfgUhmfBX1HVMlIlM2GbOXAHUejDHU+wW8agtiwHl + ocix3+qU+mw3VTTS752YoKB+TQW45g37PxG1jcrzn6u9DLkmaP033hprAO0GOZXE + z1bCKAvlnf8ew5qarWhcqZ/r9CHwOMgqZQEtyZIkiDFaOxpYb8Rpc94CnbuZb40X + sn+0kJ/P5b5Sz7uBZ7QvsYEMBJ+nMJJ+cYodpglHe8p7rkcm58/Sm0cp6aXDY/rS + WAFFeRqovEQC+UWcvO0fGQL+w1kRt4lngZ4iI6jrs9YDzr/FTaFkPkCZXpAwGzAU + VTwsyWrWGrGKd0+3X4YPYHP9W91H0J8ICu/chTla0tlrNSEt6nT+Z8w= + =46y1 -----END PGP MESSAGE----- fp: B19E3F4A2D806AB4793FDF2FC73D37CBED7BFC77 unencrypted_suffix: _unencrypted diff --git a/roles/traefik/templates/config/dynamic_conf.yml b/roles/traefik/templates/config/dynamic_conf.yml index 63e6f35..4a723ba 100644 --- a/roles/traefik/templates/config/dynamic_conf.yml +++ b/roles/traefik/templates/config/dynamic_conf.yml @@ -4,7 +4,8 @@ http: ipWhiteList: sourceRange: - "{{ server.vpn.subnet }}" - - "{{ server.ip }}" + - "{{ server.ipv4 }}" + - "{{ server.ipv6 }}" {% for ip in private_network.extra_ips_whitelist %} - "{{ ip }}" {% endfor %}