general: add provision.sh

2021-06-20 20:37:06 +02:00 · 2021-06-20 20:37:06 +02:00 · 171ef655f8
parent 3ee7f94194
commit 171ef655f8
4 changed files with 8 additions and 1 deletions
--- a/provision.sh
+++ b/provision.sh
@ -0,0 +1 @@
+ANSIBLE_VAULT_PASSWORD_FILE=(pass show ansible-homelab | psub) vagrant provision
--- a/roles/authelia/templates/authelia.conf.j2
+++ b/roles/authelia/templates/authelia.conf.j2
@ -1,5 +1,6 @@
 server {
    listen 80;
+    server_name auth.{{ base_domain }};
    return 301 https://$host$request_uri;
 }

--- a/roles/authelia/templates/configuration.yml.j2
+++ b/roles/authelia/templates/configuration.yml.j2
@ -28,8 +28,10 @@ access_control:
  default_policy: deny
  rules:
    - domain:
+      - "{{ base_domain }}"
+      - "*.{{ base_domain }}"
      - "keycloak.{{ base_domain }}"
-      policy: one_factor
+      policy: deny
 session:
  name: authelia_session
  secret: somerandomsecret
--- a/roles/nginx/templates/snippets/proxy.conf.j2
+++ b/roles/nginx/templates/snippets/proxy.conf.j2
@ -27,6 +27,9 @@ proxy_buffers 64 256k;
 # If behind reverse proxy, forwards the correct IP
 set_real_ip_from 10.0.0.0/8;
 set_real_ip_from 172.16.0.0/12;
+set_real_ip_from 172.17.0.0/16;
+set_real_ip_from 172.18.0.0/16;
+set_real_ip_from 172.19.0.0/16;
 set_real_ip_from 192.168.0.0/16;
 set_real_ip_from fc00::/7;
 real_ip_header X-Forwarded-For;
				`@ -0,0 +1 @@`
				`ANSIBLE_VAULT_PASSWORD_FILE=(pass show ansible-homelab \| psub) vagrant provision`