Tips-Of-Mine/infrastructure
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
733 Commits 15 Branches 0 Tags
4d218248faa8576716d079345277543a035f14f8
Commit Graph

45 Commits

Author SHA1 Message Date
Jake Howard 4d218248fa Remotely connect to fail2ban to do ports 
Traefik can affect the edge, so blocks work there and prevent traffic hitting home network.
 2021-03-28 16:06:36 +01:00
Jake Howard 5084bfecdf Ignore PVE interface from f2b jails 2021-03-24 22:35:28 +00:00
Jake Howard f7a0877e72 Exclude nebula from fail2ban 2021-02-14 11:39:01 +00:00
Jake Howard 385917ba4e Decrease find time 
Hopefully reduce false-positive catches
 2021-02-14 11:22:32 +00:00
Jake Howard c38ecfebd7 Update gateway to point to ingress instance 2021-01-09 18:17:54 +00:00
Jake Howard 58879d2e1d Ensure fail2ban and logrotate are available on all machines 2020-12-27 22:39:33 +00:00
Jake Howard 5eb3870fbe Set mode on fail2ban filter and jail 2020-10-24 12:10:54 +01:00
Jake Howard bedbb0f5f4 Fix service to restart 2020-10-16 19:16:42 +01:00
Jake Howard 1930cc83e8 Use generic package module 2020-10-16 19:16:42 +01:00
Jake Howard b2e91d7d6d Update haproxy fail2ban jail to use systemd for logs 2020-10-16 19:16:42 +01:00
Jake Howard 4890c3d3e5 Revert "Remove fail2ban" 
This reverts commit 1f0e33acc8.
 2020-10-16 19:16:42 +01:00
Jake Howard 29c9e14f62 Remove haproxy chroot 
This is technically _slightly_ less secure, but means it logs to journald properly, so can be picked up by fail2ban in future
 2020-10-05 11:10:29 +01:00
Jake Howard 24d11deeae Update ansible-lint 
Required a lot of renaming :(
 2020-09-26 17:53:47 +01:00
Jake Howard dd12b795b5 Remove pihole 
Internal VPN server is working just perfectly instead
 2020-06-24 18:46:13 +01:00
Jake Howard 913ee4759f Quote value to silence errors 2020-06-18 21:18:47 +01:00
Jake Howard 600bc4bb58 Ensure sysctl change is persisted 
See note in https://wiki.archlinux.org/index.php/Sysctl#Configuration
 2020-05-16 16:15:58 +01:00
Jake Howard 112e8ce985 Install some wireguard tools 2020-05-11 11:59:46 +01:00
Jake Howard 5289206f14 Remove unnecessary quotes 2020-05-09 20:11:08 +01:00
Jake Howard 1f0e33acc8 Remove fail2ban 
Keeps getting hit by stats. I should fix that at some point
 2020-05-09 20:09:36 +01:00
Jake Howard f3126e34b9 Update haproxy config for use on arch 2020-05-09 20:08:27 +01:00
Jake Howard 059cb585db Use OS-agnostic package install for haproxy 2020-05-09 20:08:14 +01:00
Jake Howard 095c8c4562 Use sysctl to enable p2p comms 2020-05-09 20:07:19 +01:00
Jake Howard 974e0e8467 Enable services 
Not just during reload
 2020-04-28 20:48:15 +01:00
Jake Howard 051ec43769 wg-quick can't be reloaed 
This might break things!
 2020-04-26 12:05:45 +01:00
Jake Howard ff8beea3c4 Massively increase timeouts to prevent websocket issues 2020-04-17 23:04:20 +01:00
Jake Howard 1da3ca95e7 Stop using unstable repos to install wireguard 
It's in backports now, which is much easier to install from!
 2020-04-17 09:08:10 +01:00
Jake Howard f32e0bfe59 Only add timeout for core HTTP ports 2020-03-31 19:27:47 +01:00
Jake Howard 1afc28ec17 Standardize string quotes in yaml 2020-03-25 21:27:15 +00:00
Jake Howard 7eda50239c Remove reference to become_user: root 
This was the default anyway
 2020-03-17 21:11:02 +00:00
Jake Howard cdcfcf3c66 Increase fail2ban threshold 2020-03-15 15:02:57 +00:00
Jake Howard 708250005a Install fail2ban 2020-03-13 23:08:26 +00:00
Jake Howard 92af315e69 Change haproxy timeouts 2020-03-13 22:26:30 +00:00
Jake Howard 253453ba16 Reload wireguard rather than restarting 
Hopefully this stops it dropping connections
 2020-02-07 21:09:41 +00:00
Jake Howard b4bb3f01f2 Convert haproxy config to use spaces 2020-01-26 18:17:55 +00:00
Jake Howard ac5a9aa0f0 Remove SSL block from haproxy config 2020-01-26 18:15:19 +00:00
Jake Howard af936990e2 Add custom DNS server 2020-01-23 20:06:45 +00:00
Jake Howard ec478c3cf5 Fix client config 2020-01-19 17:59:36 +00:00
Jake Howard 7eaf608e3c Revoke exposed wireguard keys 
Derp derp derp
 2020-01-19 17:41:34 +00:00
Jake Howard 35605ce0a6 Move wireguard clients configuration to home dir 
Makes it easier to provision machines
 2020-01-19 17:33:14 +00:00
Jake Howard 251fe11113 Output wireguard client config files 2020-01-19 16:43:51 +00:00
Jake Howard f6ffb1ceef Template haproxy better 2020-01-17 22:56:45 +00:00
Jake Howard 78fa36f20a Move variables to 1 place 
Much easier to manage
 2020-01-17 22:31:50 +00:00
Jake Howard 23a472f764 Add wireguard server config 2019-12-08 21:05:20 +00:00
Jake Howard 730246e67f Install wireguard server 2019-12-08 20:16:42 +00:00
Jake Howard 58a3683355 Define haproxy config 2019-12-08 16:47:28 +00:00