Tips-Of-Mine/infrastructure
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,668 Commits 15 Branches 0 Tags
58a0060a25c8125aefd7d4030c3861cd1b71206b
Commit Graph

17 Commits

Author SHA1 Message Date
Jake Howard 8424b3211b Allow ingress to serve as tailscale exit node 2024-03-28 23:30:24 +00:00
Jake Howard f88d224168 Allow only exposing services over Tailscale 
This works using public DNS, so doesn't need Tailscale's magic DNS to override my local.
 2024-03-07 22:30:10 +00:00
Jake Howard 02847355a7 Install tailscale 
Install, not configure
 2024-02-01 19:41:47 +00:00
Jake Howard 53c758a781 Monitor headscale with prometheus 2024-01-27 17:40:02 +00:00
Jake Howard 92052a3d0a Unify nginx configuration 
This creates a simple base configuration skeleton, that other configuration can be easily loaded into.
 2023-12-16 17:47:04 +00:00
Jake Howard 943c141d59 Ensure ingress proxy doesn't terminate connections 
This mostly works around a weird issues with Jellyfin
 2023-12-14 22:08:02 +00:00
Jake Howard 5fb605231d Allow pings to ingress 
This makes testing connections much simpler
 2023-11-05 21:48:25 +00:00
Jake Howard 850278ab19 Allow nebula through firewall 2023-11-03 18:06:36 +00:00
Jake Howard 9f83efa53b Use nftables for firewall on ingress 
See ya never, iptables!
 2023-10-26 21:34:06 +01:00
Jake Howard 1db289b604 Show domain in logs rather than upstream 
The upstream is always the same, and no use to us
 2022-01-19 09:00:20 +00:00
Jake Howard a278443850 Use auto on nginx configs 
Let nginx work it out, and default to 1 per core
 2021-09-04 22:41:30 +01:00
Jake Howard 453a374801 Replace ingress proxy with nginx 
This enables HTTPS redirecting at it too much more easily, and matches the gateway configuration.

Requires using upstream versions of nginx to enable https://nginx.org/en/docs/stream/ngx_stream_realip_module.html
 2021-08-24 14:21:51 +01:00
Jake Howard edc5c325b7 Correctly check hostname against PVE hosts 
Some of the hostnames have `-` in instead, which caused issues with the SSH config detecting which users to allow
 2021-08-23 19:56:04 +01:00
Jake Howard 93cba46dd1 Redirect to HTTPS at the edge 2021-08-23 16:10:37 +01:00
Jake Howard 797c44a27d Use proxy protocol v2 
Apparently it's better for chaining, and may be faster anyway
 2021-07-01 22:28:25 +01:00
Jake Howard 3485f8e1f0 Actually version the ingress haproxy config 2021-06-12 17:32:47 +01:00
Jake Howard 30cb9e52e7 Install and provision wireguard client on ingress server 2020-12-21 18:24:35 +00:00