Tips-Of-Mine/infrastructure
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,649 Commits 15 Branches 0 Tags
Commit Graph

22 Commits

Author SHA1 Message Date
Jake Howard
8424b3211b
Allow ingress to serve as tailscale exit node 2024-03-28 23:30:24 +00:00
Jake Howard
f88d224168
Allow only exposing services over Tailscale 
This works using public DNS, so doesn't need Tailscale's magic DNS to override my local.
 2024-03-07 22:30:10 +00:00
Jake Howard
02847355a7
Install tailscale 
Install, not configure
 2024-02-01 19:41:47 +00:00
Jake Howard
53c758a781
Monitor headscale with prometheus 2024-01-27 17:40:02 +00:00
Jake Howard
92052a3d0a
Unify nginx configuration 
This creates a simple base configuration skeleton, that other configuration can be easily loaded into.
 2023-12-16 17:47:04 +00:00
Jake Howard
943c141d59
Ensure ingress proxy doesn't terminate connections 
This mostly works around a weird issues with Jellyfin
 2023-12-14 22:08:02 +00:00
Jake Howard
5fb605231d
Allow pings to ingress 
This makes testing connections much simpler
 2023-11-05 21:48:25 +00:00
Jake Howard
dd1558bafa
Set sensible permissions on nftables config 2023-11-05 21:43:16 +00:00
Jake Howard
850278ab19
Allow nebula through firewall 2023-11-03 18:06:36 +00:00
Jake Howard
9f83efa53b
Use nftables for firewall on ingress 
See ya never, iptables!
 2023-10-26 21:34:06 +01:00
Jake Howard
f07b5d9b7b
Migrate include: to include_tasks 2022-01-22 20:21:32 +00:00
Jake Howard
1db289b604
Show domain in logs rather than upstream 
The upstream is always the same, and no use to us
 2022-01-19 09:00:20 +00:00
Jake Howard
c5215e330b
Update yamllint to fix dependency issue 
I think this still validates everything we need it to
 2022-01-11 20:51:12 +00:00
Jake Howard
a278443850
Use auto on nginx configs 
Let nginx work it out, and default to 1 per core
 2021-09-04 22:41:30 +01:00
Jake Howard
453a374801
Replace ingress proxy with nginx 
This enables HTTPS redirecting at it too much more easily, and matches the gateway configuration.

Requires using upstream versions of nginx to enable https://nginx.org/en/docs/stream/ngx_stream_realip_module.html
 2021-08-24 14:21:51 +01:00
Jake Howard
f14e723d40
Fix service name on ingress 
It's not alpine
 2021-08-24 11:52:35 +01:00
Jake Howard
edc5c325b7
Correctly check hostname against PVE hosts 
Some of the hostnames have `-` in instead, which caused issues with the SSH config detecting which users to allow
 2021-08-23 19:56:04 +01:00
Jake Howard
93cba46dd1
Redirect to HTTPS at the edge 2021-08-23 16:10:37 +01:00
Jake Howard
797c44a27d
Use proxy protocol v2 
Apparently it's better for chaining, and may be faster anyway
 2021-07-01 22:28:25 +01:00
Jake Howard
3485f8e1f0
Actually version the ingress haproxy config 2021-06-12 17:32:47 +01:00
Jake Howard
a2c6d7c276
Swap out alpine for debian on ingress 
Mostly for future nebula deployment
 2021-01-22 14:53:02 +00:00
Jake Howard
30cb9e52e7
Install and provision wireguard client on ingress server 2020-12-21 18:24:35 +00:00