From 63a21e5145a9e75f654ac24be1419c34f3a250ee Mon Sep 17 00:00:00 2001 From: Beta Date: Sat, 20 Sep 2025 22:29:45 -0300 Subject: [PATCH 01/10] probando multiples domains, deshabilitando momentaneamente https debido a que para este hay que arreglar la obtencion de certificados de DNS externos, es necesario en HTTP (80) pasar la variable a proxy_ssl_name ya que viene vacia y esto genera el error 500 responde tlsv1 unrecognized name (alert 112) --- abyayala.yml | 3 ++- roles/proxy/templates/default_proxy.conf | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/abyayala.yml b/abyayala.yml index 22117ea..d14d672 100644 --- a/abyayala.yml +++ b/abyayala.yml @@ -217,8 +217,9 @@ matrix: - service_name: kipu domains: - kipu.abyaya.la + - kipu.latina.red nodo: kipu.comun - force_https: yes + ssl: no - service_name: carabobolibre domains: diff --git a/roles/proxy/templates/default_proxy.conf b/roles/proxy/templates/default_proxy.conf index a2c8627..3ac080f 100644 --- a/roles/proxy/templates/default_proxy.conf +++ b/roles/proxy/templates/default_proxy.conf @@ -15,7 +15,7 @@ client_max_body_size 1G; proxy_ssl_verify off; proxy_ssl_server_name on; - proxy_ssl_name $ssl_server_name; + proxy_ssl_name $host; proxy_pass https://$comun_{{ vhost.nodo | replace(".", "") }}; -- 2.49.0 From 7f38023c7d7fa4f9b521af41a0328f957cc34540 Mon Sep 17 00:00:00 2001 From: Beta Date: Tue, 25 Nov 2025 14:30:07 -0300 Subject: [PATCH 02/10] =?UTF-8?q?feat:=20soporte=20para=20dominios=20FQDN?= =?UTF-8?q?=20con=20detecci=C3=B3n=20autom=C3=A1tica=20de=20zona=20DNS?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Añade soporte completo para usar dominios FQDN externos (ejemplo.com, kipu.latina.red, etc.) además de subdominios .abyaya.la. Cambios principales: - Generación automática de subdominio .abyaya.la como alias - Detección automática de TLDs compuestos (.com.ar, .co.uk, etc.) - Actualización DNS multi-zona en Knot - Procesamiento de múltiples dominios por servicio - Certificados SSL para todos los dominios + wildcards La detección de tipo de dominio (FQDN vs subdominio) es completamente automática basada en el sufijo .abyaya.la. Ver FQDN_AUTHORITATIVE.md para documentación completa. --- FQDN_AUTHORITATIVE.md | 133 ++++++++++++++++++++ roles/knsupdate/tasks/templates/commands.j2 | 21 ++-- roles/knsupdate/tasks/update.yml | 12 +- roles/knsupdate/tasks/update_domain.yml | 36 ++++++ roles/knsupdate/vars/main.yml | 15 +++ roles/proxy/tasks/main.yml | 15 +++ 6 files changed, 217 insertions(+), 15 deletions(-) create mode 100644 FQDN_AUTHORITATIVE.md create mode 100644 roles/knsupdate/tasks/update_domain.yml diff --git a/FQDN_AUTHORITATIVE.md b/FQDN_AUTHORITATIVE.md new file mode 100644 index 0000000..7801bfb --- /dev/null +++ b/FQDN_AUTHORITATIVE.md @@ -0,0 +1,133 @@ +# Soporte para Dominios FQDN Autoritativos + +Esta feature añade soporte para usar dominios FQDN externos (ejemplo.com, kipu.latina.red, etc.) además de subdominios .abyaya.la. + +## Cambios Implementados + +### 1. Generación Automática de Subdominio Default + +Cuando se define un dominio FQDN, el sistema genera automáticamente un subdominio `.abyaya.la` basado en el `service_name` que funciona como alias. + +**Ejemplo:** +```yaml +- service_name: kipu + domains: + - kipu.latina.red + nodo: kipu.comun + force_https: yes +``` + +El sistema automáticamente añade `kipu.abyaya.la` a la lista de dominios, por lo que ambos dominios funcionarán y redirigirán al primero de la lista. + +### 2. Soporte para TLDs Compuestos + +El sistema detecta automáticamente TLDs compuestos como `.com.ar`, `.co.uk`, `.com.br`, etc., y extrae correctamente la zona DNS. + +**TLDs soportados:** +- com.ar, gov.ar, org.ar, gob.ar, net.ar, mil.ar, edu.ar +- com.mx +- co.uk +- com.br +- co.nz, net.nz, org.nz + +Para añadir más TLDs, editar `roles/knsupdate/vars/main.yml`. + +### 3. Actualización DNS Multi-Zona + +El sistema ahora actualiza correctamente el DNS en Knot para cada dominio según su tipo: + +- **Subdominios .abyaya.la**: Se actualizan en la zona `abyaya.la.` +- **FQDN autoritativos**: Se actualizan en su zona correspondiente (ej: `latina.red.`, `example.com.ar.`) + +La detección es **completamente automática** basada en el sufijo del dominio. + +## Uso + +### Caso Básico: Solo FQDN + +```yaml +- service_name: ejemplo + domains: + - ejemplo.latina.red + nodo: ejemplo.comun + force_https: yes +``` + +**Resultado:** +- `ejemplo.latina.red` → Dominio principal (detectado como FQDN) +- `ejemplo.abyaya.la` → Generado automáticamente como alias +- Ambos tienen certificados SSL wildcard +- Ambos redirigen al primero (ejemplo.latina.red) + +### Caso Avanzado: Múltiples Dominios + +```yaml +- service_name: miapp + domains: + - miapp.com.ar + - miapp.latina.red + - miapp.abyaya.la + nodo: miapp.comun + force_https: yes +``` + +**Resultado:** +- Los tres dominios funcionan +- Todos redirigen al primero (miapp.com.ar) +- Certificados SSL para cada dominio + wildcards +- DNS actualizado en zonas: `com.ar.`, `latina.red.`, `abyaya.la.` + +### Subdominios de FQDN + +```yaml +- service_name: api + domains: + - api.ejemplo.com.ar + nodo: api.comun + force_https: yes +``` + +**Resultado:** +- `api.ejemplo.com.ar` → Dominio principal (hostname: api, zona: com.ar.) +- `api.abyaya.la` → Generado automáticamente + +## Archivos Modificados + +1. **roles/proxy/tasks/main.yml**: Añade dominio default .abyaya.la automáticamente +2. **roles/knsupdate/vars/main.yml**: Lista de TLDs compuestos +3. **roles/knsupdate/tasks/update.yml**: Procesa múltiples dominios +4. **roles/knsupdate/tasks/update_domain.yml**: Nuevo archivo que detecta tipo de dominio +5. **roles/knsupdate/tasks/templates/commands.j2**: Usa zona y hostname dinámicos + +## Comportamiento de Certificados SSL + +Certbot obtiene certificados para **todos** los dominios listados más sus wildcards: + +```bash +certbot certonly -d ejemplo.com.ar -d *.ejemplo.com.ar -d ejemplo.abyaya.la -d *.ejemplo.abyaya.la +``` + +Usa el método `dns-standalone` que requiere que el proxy controle el DNS autoritativo. Esto funciona porque knsupdate actualiza Knot con todos los dominios. + +## Migración desde Configuración Anterior + +La configuración anterior sigue funcionando sin cambios: + +```yaml +- service_name: viejo + domains: + - viejo.abyaya.la + nodo: viejo.comun + force_https: yes +``` + +Todo funciona exactamente igual para subdominios .abyaya.la existentes. + +## Notas Técnicas + +- La detección de tipo de dominio es **completamente automática** basada en el sufijo `.abyaya.la` +- Los subdominios .abyaya.la siempre se generan automáticamente si no están presentes +- La zona DNS se detecta automáticamente considerando TLDs simples y compuestos +- Todos los dominios apuntan al mismo nodo en la VPN +- El primer dominio en la lista es considerado el principal para certificados SSL +- No se requiere ningún flag especial en la configuración diff --git a/roles/knsupdate/tasks/templates/commands.j2 b/roles/knsupdate/tasks/templates/commands.j2 index 45438b5..032e270 100644 --- a/roles/knsupdate/tasks/templates/commands.j2 +++ b/roles/knsupdate/tasks/templates/commands.j2 @@ -1,14 +1,19 @@ {% for dns_server in dns_servers %} server {{ dns_server }} -zone abyaya.la. -origin abyaya.la. +zone {{ zone }} +origin {{ zone }} ttl 60 -del {{ vho }} a -del {{ vho }} ns -add {{ vho }} a {{ host_ip }} -add *.{{ vho }} a {{ host_ip }} -add _acme-challenge.{{ vho }} a {{ host_ip }} -add _acme-challenge.{{ vho }} ns _acme-challenge +del {{ hostname }} a +del {{ hostname }} ns +add {{ hostname }} a {{ host_ip }} +{% if is_abyayala_subdomain %} +add *.{{ hostname }} a {{ host_ip }} +{% else %} +add {{ domain }} a {{ host_ip }} +add *.{{ domain }} a {{ host_ip }} +{% endif %} +add _acme-challenge.{{ hostname }} a {{ host_ip }} +add _acme-challenge.{{ hostname }} ns _acme-challenge {% if vhost.dns_extras is defined %} {% for dns_extra in vhost.dns_extras %} {{ dns_extra }} diff --git a/roles/knsupdate/tasks/update.yml b/roles/knsupdate/tasks/update.yml index b3783f3..a0e43c7 100644 --- a/roles/knsupdate/tasks/update.yml +++ b/roles/knsupdate/tasks/update.yml @@ -1,7 +1,5 @@ - - set_fact: - vho: "{{ vhost.domains[0] | regex_replace('([a-z0-9]+)\\.abyaya\\.la', '\\1')}}" - - - name: knsupdate - shell: knsupdate - args: - stdin: "{{ lookup('template', 'templates/commands.j2') }}" + - name: process each domain in the list + include_tasks: update_domain.yml + with_items: "{{ vhost.domains }}" + loop_control: + loop_var: domain diff --git a/roles/knsupdate/tasks/update_domain.yml b/roles/knsupdate/tasks/update_domain.yml new file mode 100644 index 0000000..d657d7d --- /dev/null +++ b/roles/knsupdate/tasks/update_domain.yml @@ -0,0 +1,36 @@ + - set_fact: + is_abyayala_subdomain: "{{ domain.endswith('.abyaya.la') }}" + + - name: extract zone and hostname for abyaya.la subdomains + set_fact: + zone: "abyaya.la." + hostname: "{{ domain | regex_replace('([a-z0-9-]+)\\.abyaya\\.la', '\\1') }}" + when: is_abyayala_subdomain + + - name: split domain into parts + set_fact: + domain_parts: "{{ domain.split('.') }}" + when: not is_abyayala_subdomain + + - name: detect if domain uses compound TLD + set_fact: + domain_suffix_2: "{{ domain_parts[-2:] | join('.') }}" + uses_compound_tld: "{{ domain_parts[-2:] | join('.') in compound_tlds }}" + when: not is_abyayala_subdomain + + - name: extract zone and hostname for FQDN with compound TLD + set_fact: + zone: "{{ domain_parts[-3:] | join('.') }}." + hostname: "{{ domain_parts[:-3] | join('.') if domain_parts | length > 3 else '@' }}" + when: not is_abyayala_subdomain and uses_compound_tld + + - name: extract zone and hostname for FQDN with simple TLD + set_fact: + zone: "{{ domain_parts[-2:] | join('.') }}." + hostname: "{{ domain_parts[:-2] | join('.') if domain_parts | length > 2 else '@' }}" + when: not is_abyayala_subdomain and not uses_compound_tld + + - name: knsupdate for this domain + shell: knsupdate + args: + stdin: "{{ lookup('template', 'templates/commands.j2') }}" diff --git a/roles/knsupdate/vars/main.yml b/roles/knsupdate/vars/main.yml index d81c409..d94b0cb 100644 --- a/roles/knsupdate/vars/main.yml +++ b/roles/knsupdate/vars/main.yml @@ -3,3 +3,18 @@ dns_servers: - "athshe.sutty.nl" - "gethen.sutty.nl" - "ganam.sutty.nl" + +compound_tlds: + - com.ar + - com.mx + - co.uk + - com.br + - gov.ar + - org.ar + - gob.ar + - net.ar + - mil.ar + - edu.ar + - co.nz + - net.nz + - org.nz diff --git a/roles/proxy/tasks/main.yml b/roles/proxy/tasks/main.yml index c713249..a981f91 100644 --- a/roles/proxy/tasks/main.yml +++ b/roles/proxy/tasks/main.yml @@ -48,6 +48,21 @@ loop_control: loop_var: domino + - name: add default abyaya.la subdomain if not present + set_fact: + matrix_loop_with_defaults: "{{ matrix_loop_with_defaults | default([]) | union([ item_with_default ]) }}" + vars: + has_abyayala_domain: "{{ item.domains | select('match', '.*\\.abyaya\\.la$') | list | length > 0 }}" + default_domain: "{{ item.service_name }}.abyaya.la" + domains_with_default: "{{ item.domains + [default_domain] if not has_abyayala_domain else item.domains }}" + item_with_default: "{{ item | combine({'domains': domains_with_default}) }}" + with_items: "{{ matrix_loop | default([]) }}" + + - name: update matrix_loop with defaults + set_fact: + matrix_loop: "{{ matrix_loop_with_defaults }}" + when: matrix_loop_with_defaults is defined + - name: certificates loop include_tasks: ../../certbot/tasks/certbot.yml with_items: "{{ matrix_loop | default([]) }}" -- 2.49.0 From 6253223fdfde8ff911b0e452498ebe67d42472fe Mon Sep 17 00:00:00 2001 From: Beta Date: Tue, 25 Nov 2025 14:45:59 -0300 Subject: [PATCH 03/10] fix: stream usa siempre dominio .abyaya.la por seguridad --- roles/proxy/templates/stream.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/proxy/templates/stream.conf b/roles/proxy/templates/stream.conf index a63eef6..bf54232 100644 --- a/roles/proxy/templates/stream.conf +++ b/roles/proxy/templates/stream.conf @@ -5,7 +5,7 @@ upstream ssh_{{ vhost.nodo | replace(".", "") }} { server { listen {{ vhost.ports[0] }}; - server_name .{{ vhost.domains | join(' .') }}; + server_name {{ vhost.service_name }}.abyaya.la; proxy_pass ssh_{{ vhost.nodo | replace(".", "") }}; } \ No newline at end of file -- 2.49.0 From 180a7f2ab6fb6a67cf7316ef82c9e1011c9ff1c2 Mon Sep 17 00:00:00 2001 From: Beta Date: Wed, 26 Nov 2025 13:11:09 -0300 Subject: [PATCH 04/10] recorto algunos tld innecesarios y le saco el no a ssl para otra cosa --- abyayala.yml | 1 - roles/knsupdate/vars/main.yml | 10 +--------- 2 files changed, 1 insertion(+), 10 deletions(-) diff --git a/abyayala.yml b/abyayala.yml index 71d3b1c..68c1fcb 100644 --- a/abyayala.yml +++ b/abyayala.yml @@ -206,7 +206,6 @@ matrix: domains: - kipu.latina.red nodo: kipu.comun - ssl: no ports: - 223 diff --git a/roles/knsupdate/vars/main.yml b/roles/knsupdate/vars/main.yml index d94b0cb..e8e1797 100644 --- a/roles/knsupdate/vars/main.yml +++ b/roles/knsupdate/vars/main.yml @@ -7,14 +7,6 @@ dns_servers: compound_tlds: - com.ar - com.mx - - co.uk - com.br - - gov.ar - org.ar - - gob.ar - - net.ar - - mil.ar - - edu.ar - - co.nz - - net.nz - - org.nz + - edu.ar \ No newline at end of file -- 2.49.0 From f180972d15d0ddac46e7a77f2cb09935b5df61ff Mon Sep 17 00:00:00 2001 From: Beta Date: Thu, 27 Nov 2025 16:27:55 -0300 Subject: [PATCH 05/10] fix: revertir proxy_ssl_name a $ssl_server_name MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit El uso de $host en lugar de $ssl_server_name no es correcto ya que: - proxy_ssl_verify está deshabilitado, por lo que el SNI no importa - $ssl_server_name es el valor correcto para SNI en proxies SSL - $host causaba confusión innecesaria Revierte a la configuración estándar y correcta. --- roles/proxy/templates/default_proxy.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/proxy/templates/default_proxy.conf b/roles/proxy/templates/default_proxy.conf index 3ac080f..a2c8627 100644 --- a/roles/proxy/templates/default_proxy.conf +++ b/roles/proxy/templates/default_proxy.conf @@ -15,7 +15,7 @@ client_max_body_size 1G; proxy_ssl_verify off; proxy_ssl_server_name on; - proxy_ssl_name $host; + proxy_ssl_name $ssl_server_name; proxy_pass https://$comun_{{ vhost.nodo | replace(".", "") }}; -- 2.49.0 From f91a3360af80cfab0b883cabbf65fdab5b9c5619 Mon Sep 17 00:00:00 2001 From: Beta Date: Mon, 1 Dec 2025 17:00:39 -0300 Subject: [PATCH 06/10] parmetrizar los dominios de las redes: abyaya.la (proxy) y .comun (vpn) bifurca de #issue42 en que ya estan parametrizadas zones y asi --- group_vars/hetzner/vars | 2 ++ roles/dnsmasq/tasks/main.yml | 2 ++ roles/dnsmasq/templates/dnsmasq.conf | 6 +++--- roles/firewall/templates/rules.v4.j2 | 2 +- roles/knsupdate/tasks/update_domain.yml | 8 ++++---- roles/proxy/tasks/main.yml | 10 +++++----- roles/proxy/templates/stream.conf | 2 +- roles/rap/tasks/client.yml | 4 ++-- roles/rap/tasks/main.yml | 6 +++--- 9 files changed, 23 insertions(+), 19 deletions(-) diff --git a/group_vars/hetzner/vars b/group_vars/hetzner/vars index 87a5c11..c1b2458 100644 --- a/group_vars/hetzner/vars +++ b/group_vars/hetzner/vars @@ -1,3 +1,5 @@ host_ip: 5.161.236.18 +main_zone: abyaya.la +vpn_name: comun proxy_scale: 2 domains_default_force_https: yes diff --git a/roles/dnsmasq/tasks/main.yml b/roles/dnsmasq/tasks/main.yml index 718b9d5..88eec72 100644 --- a/roles/dnsmasq/tasks/main.yml +++ b/roles/dnsmasq/tasks/main.yml @@ -2,12 +2,14 @@ apt: name: dnsmasq state: present + - name: configuracion de red comun template: src: dnsmasq.conf dest: "/etc/dnsmasq.conf" notify: - restart dnsmasq + - name: activar el servicio systemd_service: name: dnsmasq diff --git a/roles/dnsmasq/templates/dnsmasq.conf b/roles/dnsmasq/templates/dnsmasq.conf index c3c1060..1950642 100644 --- a/roles/dnsmasq/templates/dnsmasq.conf +++ b/roles/dnsmasq/templates/dnsmasq.conf @@ -74,8 +74,8 @@ resolv-file=/etc/resolv.local # Add local-only domains here, queries in these domains are answered # from /etc/hosts or DHCP only. -local=/comun/ -domain=comun +local=/{{ dns_name }}/ +domain={{ dns_name }} # Add domains which you want to force to an IP address here. # The example below send any host in double-click.net to a local @@ -117,7 +117,7 @@ domain=comun # specified interfaces (and the loopback) give the name of the # interface (eg eth0) here. # Repeat the line for more than one interface. -interface=comun +interface={{ dns_name }} # Or you can specify which interface _not_ to listen on except-interface=eth0 # Or which to listen on by address (remember to include 127.0.0.1 if diff --git a/roles/firewall/templates/rules.v4.j2 b/roles/firewall/templates/rules.v4.j2 index 2a453e6..959def9 100644 --- a/roles/firewall/templates/rules.v4.j2 +++ b/roles/firewall/templates/rules.v4.j2 @@ -6,7 +6,7 @@ -A INPUT -m conntrack --ctstate INVALID -j DROP -A INPUT -p icmp -m icmp --icmp-type 8 -m conntrack --ctstate NEW -j ACCEPT -A INPUT -i lo -j ACCEPT --A INPUT -i comun -j ACCEPT +-A INPUT -i {{ vpn_name }} -j ACCEPT -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT -A INPUT -p udp -m udp --dport 53 -j ACCEPT -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT diff --git a/roles/knsupdate/tasks/update_domain.yml b/roles/knsupdate/tasks/update_domain.yml index d657d7d..7475183 100644 --- a/roles/knsupdate/tasks/update_domain.yml +++ b/roles/knsupdate/tasks/update_domain.yml @@ -1,10 +1,10 @@ - set_fact: - is_abyayala_subdomain: "{{ domain.endswith('.abyaya.la') }}" + is_abyayala_subdomain: "{{ domain.endswith('.' ~ main_zone) }}" - - name: extract zone and hostname for abyaya.la subdomains + - name: extract zone and hostname for main zone subdomains set_fact: - zone: "abyaya.la." - hostname: "{{ domain | regex_replace('([a-z0-9-]+)\\.abyaya\\.la', '\\1') }}" + zone: main_zone ~ '.' + hostname: "{{ domain | regex_replace('([a-z0-9-]+)\\.' ~ main_zone|regex_escape , '\\1') }}" when: is_abyayala_subdomain - name: split domain into parts diff --git a/roles/proxy/tasks/main.yml b/roles/proxy/tasks/main.yml index b33c928..450285d 100644 --- a/roles/proxy/tasks/main.yml +++ b/roles/proxy/tasks/main.yml @@ -11,12 +11,12 @@ tags: certbot - name: configuration paths - file: path={{ comun }} state=directory + file: path={{ abc }} state=directory with_items: - "{{ stream_path }}" - "{{ conf_path }}" loop_control: - loop_var: comun + loop_var: abc - name: virtual hosts path file: path={{ vhosts_path }} state=directory @@ -45,12 +45,12 @@ loop_control: loop_var: domino - - name: add default abyaya.la subdomain if not present + - name: add default main zone subdomain if not present set_fact: matrix_loop_with_defaults: "{{ matrix_loop_with_defaults | default([]) | union([ item_with_default ]) }}" vars: - has_abyayala_domain: "{{ item.domains | select('match', '.*\\.abyaya\\.la$') | list | length > 0 }}" - default_domain: "{{ item.service_name }}.abyaya.la" + has_abyayala_domain: "{{ item.domains | select('match', '.*\\.' ~ (main_zone | regex_escape) ~ '$') | list | length > 0 }}" + default_domain: "{{ item.service_name ~ '.q' ~ main_zone }}" domains_with_default: "{{ item.domains + [default_domain] if not has_abyayala_domain else item.domains }}" item_with_default: "{{ item | combine({'domains': domains_with_default}) }}" with_items: "{{ matrix_loop | default([]) }}" diff --git a/roles/proxy/templates/stream.conf b/roles/proxy/templates/stream.conf index bf54232..72843de 100644 --- a/roles/proxy/templates/stream.conf +++ b/roles/proxy/templates/stream.conf @@ -5,7 +5,7 @@ upstream ssh_{{ vhost.nodo | replace(".", "") }} { server { listen {{ vhost.ports[0] }}; - server_name {{ vhost.service_name }}.abyaya.la; + server_name {{ vhost.service_name ~ '.' ~ main_zone }}; proxy_pass ssh_{{ vhost.nodo | replace(".", "") }}; } \ No newline at end of file diff --git a/roles/rap/tasks/client.yml b/roles/rap/tasks/client.yml index fed4dc0..dfb49e1 100644 --- a/roles/rap/tasks/client.yml +++ b/roles/rap/tasks/client.yml @@ -28,11 +28,11 @@ cmd: "./rap init -i {{ nodo }}" chdir: "{{ rap_path }}/rap" environment: - NETWORK: comun + NETWORK: "{{ vpn_name }}" - name: instalar el nodo shell: cmd: "./rap install -v {{ nodo }}" chdir: "{{ rap_path }}/rap" environment: - NETWORK: comun + NETWORK: "{{ vpn_name }}" diff --git a/roles/rap/tasks/main.yml b/roles/rap/tasks/main.yml index 80df79b..598c3af 100644 --- a/roles/rap/tasks/main.yml +++ b/roles/rap/tasks/main.yml @@ -24,9 +24,9 @@ cmd: "./rap add-host {{ althost }} {{ nod }}" chdir: "{{ rap_path }}" args: - creates: "{{ rap_path }}/networks/comun/abyayala/hosts/{{ nod }}" + creates: "{{ rap_path }}/networks/{{ vpn_name }}/abyayala/hosts/{{ nod }}" environment: - NETWORK: comun + NETWORK: "{{ vpn_name }}" with_items: "{{ item.nodos }}" loop_control: loop_var: nod @@ -36,4 +36,4 @@ cmd: "./rap install -v {{ althost }}" chdir: "{{ rap_path }}" environment: - NETWORK: comun + NETWORK: "{{ vpn_name }}" -- 2.49.0 From 68ca0b5b61d2d2769dc3a671518f005e4830eb7e Mon Sep 17 00:00:00 2001 From: Beta Date: Tue, 2 Dec 2025 17:17:52 -0300 Subject: [PATCH 07/10] fixes revision de fauno --- roles/dnsmasq/templates/dnsmasq.conf | 6 +++--- roles/proxy/tasks/main.yml | 2 +- roles/proxy/templates/stream.conf | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/roles/dnsmasq/templates/dnsmasq.conf b/roles/dnsmasq/templates/dnsmasq.conf index 1950642..392dee4 100644 --- a/roles/dnsmasq/templates/dnsmasq.conf +++ b/roles/dnsmasq/templates/dnsmasq.conf @@ -74,8 +74,8 @@ resolv-file=/etc/resolv.local # Add local-only domains here, queries in these domains are answered # from /etc/hosts or DHCP only. -local=/{{ dns_name }}/ -domain={{ dns_name }} +local=/{{ vpn_name }}/ +domain={{ vpn_name }} # Add domains which you want to force to an IP address here. # The example below send any host in double-click.net to a local @@ -117,7 +117,7 @@ domain={{ dns_name }} # specified interfaces (and the loopback) give the name of the # interface (eg eth0) here. # Repeat the line for more than one interface. -interface={{ dns_name }} +interface={{ vpn_name }} # Or you can specify which interface _not_ to listen on except-interface=eth0 # Or which to listen on by address (remember to include 127.0.0.1 if diff --git a/roles/proxy/tasks/main.yml b/roles/proxy/tasks/main.yml index 450285d..2e50195 100644 --- a/roles/proxy/tasks/main.yml +++ b/roles/proxy/tasks/main.yml @@ -50,7 +50,7 @@ matrix_loop_with_defaults: "{{ matrix_loop_with_defaults | default([]) | union([ item_with_default ]) }}" vars: has_abyayala_domain: "{{ item.domains | select('match', '.*\\.' ~ (main_zone | regex_escape) ~ '$') | list | length > 0 }}" - default_domain: "{{ item.service_name ~ '.q' ~ main_zone }}" + default_domain: "{{ item.service_name ~ '.' ~ main_zone }}" domains_with_default: "{{ item.domains + [default_domain] if not has_abyayala_domain else item.domains }}" item_with_default: "{{ item | combine({'domains': domains_with_default}) }}" with_items: "{{ matrix_loop | default([]) }}" diff --git a/roles/proxy/templates/stream.conf b/roles/proxy/templates/stream.conf index 72843de..9eb2e6c 100644 --- a/roles/proxy/templates/stream.conf +++ b/roles/proxy/templates/stream.conf @@ -5,7 +5,7 @@ upstream ssh_{{ vhost.nodo | replace(".", "") }} { server { listen {{ vhost.ports[0] }}; - server_name {{ vhost.service_name ~ '.' ~ main_zone }}; + server_name {{ vhost.service_name }}.{{ main_zone }}; proxy_pass ssh_{{ vhost.nodo | replace(".", "") }}; } \ No newline at end of file -- 2.49.0 From 4979f6f8b823af77963df741f36b7c3df316457f Mon Sep 17 00:00:00 2001 From: f Date: Mon, 8 Dec 2025 13:54:39 -0300 Subject: [PATCH 08/10] fix: faltaba resolver la variable --- roles/knsupdate/tasks/update_domain.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/knsupdate/tasks/update_domain.yml b/roles/knsupdate/tasks/update_domain.yml index 7475183..416aa60 100644 --- a/roles/knsupdate/tasks/update_domain.yml +++ b/roles/knsupdate/tasks/update_domain.yml @@ -3,7 +3,7 @@ - name: extract zone and hostname for main zone subdomains set_fact: - zone: main_zone ~ '.' + zone: "{{ main_zone ~ '.' }}" hostname: "{{ domain | regex_replace('([a-z0-9-]+)\\.' ~ main_zone|regex_escape , '\\1') }}" when: is_abyayala_subdomain -- 2.49.0 From ce103e4edabb87ad82e5a6b7b172b2d6debb7b3d Mon Sep 17 00:00:00 2001 From: f Date: Mon, 8 Dec 2025 13:54:47 -0300 Subject: [PATCH 09/10] fix: debuguear el template --- roles/knsupdate/tasks/update_domain.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/roles/knsupdate/tasks/update_domain.yml b/roles/knsupdate/tasks/update_domain.yml index 416aa60..a16db51 100644 --- a/roles/knsupdate/tasks/update_domain.yml +++ b/roles/knsupdate/tasks/update_domain.yml @@ -29,6 +29,8 @@ zone: "{{ domain_parts[-2:] | join('.') }}." hostname: "{{ domain_parts[:-2] | join('.') if domain_parts | length > 2 else '@' }}" when: not is_abyayala_subdomain and not uses_compound_tld + - debug: + msg: "{{ lookup('template', 'templates/commands.j2') }}" - name: knsupdate for this domain shell: knsupdate -- 2.49.0 From 57c31fbd988c2ade946ec80923e14f713bf288a7 Mon Sep 17 00:00:00 2001 From: f Date: Mon, 8 Dec 2025 13:54:59 -0300 Subject: [PATCH 10/10] feat: servidor de testing --- group_vars/testing/vars | 1 + 1 file changed, 1 insertion(+) diff --git a/group_vars/testing/vars b/group_vars/testing/vars index d43597d..d33832b 100644 --- a/group_vars/testing/vars +++ b/group_vars/testing/vars @@ -1 +1,2 @@ host_ip: 157.180.114.62 +main_zone: abyayala.red -- 2.49.0