From 9be34947b2d78c33415e8326dd6cd096857b2ff4 Mon Sep 17 00:00:00 2001
From: directlx <directlx.dev@gmail.com>
Date: Sat, 14 Feb 2026 09:14:59 -0500
Subject: [PATCH] Fix www.directlx.dev accessibility with nginx firewall and
 DNS config
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This commit resolves connectivity issues for www.directlx.dev by:

1. Add nginx firewall configuration (host_vars/nginx.yml)
   - Allow ports 80/tcp (HTTP) and 443/tcp (HTTPS)
   - Enables NPM to proxy traffic to nginx backend

2. Add www.directlx.dev DNS record via Pi-hole
   - Configure playbooks/configure-directlx-dev-dns.yml
   - Route www.directlx.dev → NPM (192.168.200.71)
   - NPM then proxies to nginx (192.168.200.65)

Problem: After firewall changes, nginx server only allowed SSH (port 22),
blocking HTTP/HTTPS from NPM. Additionally, Pi-hole had no DNS record for
www.directlx.dev subdomain.

Solution: Applied firewall rules and DNS configuration to complete the
proxy chain: Browser → Pi-hole DNS → NPM → nginx.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
---
 host_vars/nginx.yml                      |  7 +++++
 playbooks/configure-directlx-dev-dns.yml | 38 ++++++++++++++++++++++++
 2 files changed, 45 insertions(+)
 create mode 100644 host_vars/nginx.yml
 create mode 100644 playbooks/configure-directlx-dev-dns.yml

diff --git a/host_vars/nginx.yml b/host_vars/nginx.yml
new file mode 100644
index 0000000..9713272
--- /dev/null
+++ b/host_vars/nginx.yml
@@ -0,0 +1,7 @@
+---
+# Nginx web server specific variables
+
+common_firewall_allowed_ports:
+  - "22/tcp"   # SSH
+  - "80/tcp"   # HTTP
+  - "443/tcp"  # HTTPS
diff --git a/playbooks/configure-directlx-dev-dns.yml b/playbooks/configure-directlx-dev-dns.yml
new file mode 100644
index 0000000..2cdc31a
--- /dev/null
+++ b/playbooks/configure-directlx-dev-dns.yml
@@ -0,0 +1,38 @@
+---
+- name: Configure Pi-hole DNS for directlx.dev services (via NPM)
+  hosts: pihole
+  vars:
+    dns_domain: directlx.dev
+    # All services routed through NPM (192.168.200.71)
+    dns_records:
+      - { ip: "192.168.200.71", hostname: "www" }
+      - { ip: "192.168.200.71", hostname: "mgmt" }
+      - { ip: "192.168.200.71", hostname: "hiveops" }
+      - { ip: "192.168.200.71", hostname: "browser" }
+      - { ip: "192.168.200.71", hostname: "smartjournal" }
+      - { ip: "192.168.200.71", hostname: "incidents" }
+      - { ip: "192.168.200.71", hostname: "remote" }
+
+  tasks:
+    - name: Copy DNS update script
+      ansible.builtin.template:
+        src: ../templates/pihole-hosts.py.j2
+        dest: /tmp/update_pihole_hosts_directlx.py
+        mode: '0755'
+
+    - name: Update Pi-hole DNS hosts for directlx.dev
+      ansible.builtin.command: python3 /tmp/update_pihole_hosts_directlx.py
+      register: update_result
+      changed_when: "'updated' in update_result.stdout.lower()"
+      notify: Restart pihole-FTL
+
+    - name: Cleanup script
+      ansible.builtin.file:
+        path: /tmp/update_pihole_hosts_directlx.py
+        state: absent
+
+  handlers:
+    - name: Restart pihole-FTL
+      ansible.builtin.systemd:
+        name: pihole-FTL
+        state: restarted