Tips-Of-Mine/infrastructure
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Make vaultwarden VPN only

Browse Source 
The first service to go dark...
This commit is contained in:
Jake Howard
2024-03-21 23:20:27 +00:00
parent 124b83526d
commit b2656bdf43
3 changed files with 11 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
ansible/roles/traefik/files/file-provider-main.yml
View File

@ -10,7 +10,15 @@ http:
Permissions-Policy: interest-cohort=()
tailscale-only:
ipAllowList:
ipWhiteList:
sourceRange:
- "{{ tailscale_cidr }}"
- "{{ tailscale_cidr_ipv6 }}"
private-access:
ipWhiteList:
sourceRange:
- "{{ tailscale_cidr }}"
- "{{ tailscale_cidr_ipv6 }}"
- "{{ nebula.cidr }}"
- "{{ pve_hosts.internal_cidr }}"

2
ansible/roles/vaultwarden/files/docker-compose.yml
View File

@ -22,7 +22,7 @@ services:
- traefik.http.middlewares.vaultwarden-ratelimit.ratelimit.average=5
- traefik.http.middlewares.vaultwarden-ratelimit.ratelimit.burst=200
- traefik.http.routers.vaultwarden.middlewares=vaultwarden-ratelimit
- traefik.http.routers.vaultwarden.middlewares=vaultwarden-ratelimit,tailscale-only@file
environment:
- SIGNUPS_ALLOWED=false
- DOMAIN=https://vaultwarden.jakehoward.tech