matrix smtp bridge

10 months ago · 8391591a6f
parent d8d75ec061
commit 8391591a6f
4 changed files with 42 additions and 6 deletions
--- a/cloudflare.tf
+++ b/cloudflare.tf
@ -62,7 +62,7 @@ resource "cloudflare_record" "sudois" {
  value   = oci_core_instance.lon_instances[1].public_ip
  type    = "A"
  ttl     = 1
-  proxied = true
+  proxied = true    # www.sudo.is
 }
 resource "cloudflare_record" "www" {
  zone_id = cloudflare_zone.sudois.id
@ -70,7 +70,7 @@ resource "cloudflare_record" "www" {
  value   = "sudo.is"
  type    = "CNAME"
  ttl     = 1
-  proxied = true
+  proxied = true   # www.sudo.is
 }

 resource "cloudflare_record" "mx" {
@ -715,14 +715,38 @@ resource "cloudflare_firewall_rule" "nextcloud" {

 resource "cloudflare_filter" "bypass-well-known" {
  zone_id = cloudflare_zone.sudois.id
-  description = "bypass stuff for .well-known urls"
-  expression = "(http.request.full_uri contains \"https://sudo.is/.well-known\") or (http.request.full_uri contains \"https://www.sudo.is/.well-known\") or (http.request.full_uri contains \"https://sudo.is/_matrix\") or (http.request.full_uri contains \"https://www.sudo.is/_matrix\")"
+  description = "bypass stuff for service discovery urls"
+  expression = "(http.request.uri.path contains \"/.well-known\") or (http.request.uri.path contains \"/_matrix\")"
 }

 resource "cloudflare_firewall_rule" "bypass-well-known" {
  zone_id = cloudflare_zone.sudois.id
-  description = "bypass stuff for .well-known urls"
+  description = "bypass stuff service discovery urls"
  filter_id = cloudflare_filter.bypass-well-known.id
  products = ["zoneLockdown", "uaBlock", "bic", "hot", "securityLevel", "rateLimit", "waf"]
  action = "bypass"
 }
+
+resource "cloudflare_page_rule" "always-online"  {
+  zone_id = cloudflare_zone.sudois.id
+  target = "sudo.is/.well-known/*"
+  priority = 1
+
+  actions {
+    always_online = "on"
+    browser_check = "off"
+    disable_security = true
+  }
+}
+
+resource "cloudflare_page_rule" "www-always-online"  {
+  zone_id = cloudflare_zone.sudois.id
+  target = "www.sudo.is/.well-known/*"
+  priority = 2
+
+  actions {
+    always_online = "on"
+    browser_check = "off"
+    disable_security = true
+  }
+}
--- a/sudoisnet/sudoisnet/wgdns.py
+++ b/sudoisnet/sudoisnet/wgdns.py
@ -77,6 +77,7 @@ vpn_names = {
    'openldap': 'fra1-auth-g0.sudo.is',
    'authelia': 'fra1-auth-g0.sudo.is',
    'dockreg': 'mainframe.sudo.is',
+    'matrix-bridge-smtp': 'mainframe.sudo.is',

    # get rid of these
    'pibuilder': 'ber1.sudo.is',
--- a/tf.py
+++ b/tf.py
@ -16,7 +16,7 @@ if __name__ == "__main__":

    if args.cmd == "plan":
        chdir("sudoisnet/")
-        run(["poetry", "run", "sudoisnet"])
+        run(["poetry", "run", "sudoisnet"], check=True)
        chdir("..")
        tfargs = ["-out", args.plan_file]
    elif args.cmd == "apply":
--- a/vpn-dns.tf
+++ b/vpn-dns.tf
@ -522,6 +522,17 @@ resource "cloudflare_record" "dockreg-sudo-is" {



+resource "cloudflare_record" "matrix-bridge-smtp-sudo-is" {
+  zone_id = cloudflare_zone.sudois.id
+  type     = "A"
+  name     = "matrix-bridge-smtp"
+  value    = "10.102.47.128"
+  proxied  = false
+  ttl      = 60
+}
+
+
+
 resource "cloudflare_record" "pibuilder-sudo-is" {
  zone_id = cloudflare_zone.sudois.id
  type     = "A"