matrix smtp bridge

main
Benedikt Kristinsson 10 months ago
parent d8d75ec061
commit 8391591a6f
  1. 34
      cloudflare.tf
  2. 1
      sudoisnet/sudoisnet/wgdns.py
  3. 2
      tf.py
  4. 11
      vpn-dns.tf

@ -62,7 +62,7 @@ resource "cloudflare_record" "sudois" {
value = oci_core_instance.lon_instances[1].public_ip
type = "A"
ttl = 1
proxied = true
proxied = true # www.sudo.is
}
resource "cloudflare_record" "www" {
zone_id = cloudflare_zone.sudois.id
@ -70,7 +70,7 @@ resource "cloudflare_record" "www" {
value = "sudo.is"
type = "CNAME"
ttl = 1
proxied = true
proxied = true # www.sudo.is
}
resource "cloudflare_record" "mx" {
@ -715,14 +715,38 @@ resource "cloudflare_firewall_rule" "nextcloud" {
resource "cloudflare_filter" "bypass-well-known" {
zone_id = cloudflare_zone.sudois.id
description = "bypass stuff for .well-known urls"
expression = "(http.request.full_uri contains \"https://sudo.is/.well-known\") or (http.request.full_uri contains \"https://www.sudo.is/.well-known\") or (http.request.full_uri contains \"https://sudo.is/_matrix\") or (http.request.full_uri contains \"https://www.sudo.is/_matrix\")"
description = "bypass stuff for service discovery urls"
expression = "(http.request.uri.path contains \"/.well-known\") or (http.request.uri.path contains \"/_matrix\")"
}
resource "cloudflare_firewall_rule" "bypass-well-known" {
zone_id = cloudflare_zone.sudois.id
description = "bypass stuff for .well-known urls"
description = "bypass stuff service discovery urls"
filter_id = cloudflare_filter.bypass-well-known.id
products = ["zoneLockdown", "uaBlock", "bic", "hot", "securityLevel", "rateLimit", "waf"]
action = "bypass"
}
resource "cloudflare_page_rule" "always-online" {
zone_id = cloudflare_zone.sudois.id
target = "sudo.is/.well-known/*"
priority = 1
actions {
always_online = "on"
browser_check = "off"
disable_security = true
}
}
resource "cloudflare_page_rule" "www-always-online" {
zone_id = cloudflare_zone.sudois.id
target = "www.sudo.is/.well-known/*"
priority = 2
actions {
always_online = "on"
browser_check = "off"
disable_security = true
}
}

@ -77,6 +77,7 @@ vpn_names = {
'openldap': 'fra1-auth-g0.sudo.is',
'authelia': 'fra1-auth-g0.sudo.is',
'dockreg': 'mainframe.sudo.is',
'matrix-bridge-smtp': 'mainframe.sudo.is',
# get rid of these
'pibuilder': 'ber1.sudo.is',

@ -16,7 +16,7 @@ if __name__ == "__main__":
if args.cmd == "plan":
chdir("sudoisnet/")
run(["poetry", "run", "sudoisnet"])
run(["poetry", "run", "sudoisnet"], check=True)
chdir("..")
tfargs = ["-out", args.plan_file]
elif args.cmd == "apply":

@ -522,6 +522,17 @@ resource "cloudflare_record" "dockreg-sudo-is" {
resource "cloudflare_record" "matrix-bridge-smtp-sudo-is" {
zone_id = cloudflare_zone.sudois.id
type = "A"
name = "matrix-bridge-smtp"
value = "10.102.47.128"
proxied = false
ttl = 60
}
resource "cloudflare_record" "pibuilder-sudo-is" {
zone_id = cloudflare_zone.sudois.id
type = "A"

Loading…
Cancel
Save