Enhance infrastructure and application configurations

- Updated AGENTS.md to include new directories for execution plans and implemented feature reports.
- Modified Ansible host variables for dev-02 and gpu-01 to change API endpoints and add new configurations for Scaleway.
- Adjusted firewall rules in gpu-01 to allow HTTPS traffic instead of the previous Ollama port.
- Added OAuth2 proxy configurations to gpu-01 for enhanced security.
- Removed deprecated open-webui module from Terraform app configurations.
- Updated Terraform configurations to reflect changes in local variables and removed unused secrets.
- Created a new sectool.json file for CloudNS integration with Bitwarden.
- Enhanced SELinux configurations for nginx to allow connections to any port and added oauth2-proxy port.
This commit is contained in:
2026-07-12 16:28:45 -04:00
parent a4a8554fb6
commit 8724360fb2
23 changed files with 2106 additions and 77 deletions
@@ -13,6 +13,7 @@ server {
add_header Strict-Transport-Security "max-age={{ nginx_proxy_nginx_hsts_max_age }}; {{ nginx_proxy_nginx_hsts_include_subdomains | ternary('includeSubDomains', '') }}" always;
{% if not (item.no_auth | default(false) | bool) %}
# Redirect unauthenticated requests to OAuth2 sign-in
error_page 401 = /oauth2/sign_in;
@@ -52,13 +53,16 @@ server {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
}
{% endif %}
location / {
{% if not (item.no_auth | default(false) | bool) %}
auth_request /oauth2/auth;
auth_request_set $auth_status $upstream_status;
auth_request_set $auth_cookie $upstream_http_set_cookie;
add_header Set-Cookie $auth_cookie;
{% endif %}
add_header Strict-Transport-Security "max-age={{ nginx_proxy_nginx_hsts_max_age }}; {{ nginx_proxy_nginx_hsts_include_subdomains | ternary('includeSubDomains', '') }}" always;
proxy_pass http://{{ item.upstream.host }}:{{ item.upstream.port }};