Allow tailscale IP in more places

This commit is contained in:
Jake Howard 2024-02-07 18:21:16 +00:00
parent 6c1c245c23
commit b6eca40ae0
Signed by: jake
GPG key ID: 57AFB45680EDD477
7 changed files with 9 additions and 7 deletions

View file

@ -1,6 +1,6 @@
nebula_is_lighthouse: true nebula_is_lighthouse: true
nebula_listen_port: "{{ nebula_lighthouse_port }}" nebula_listen_port: "{{ nebula_lighthouse_port }}"
ssh_extra_allowed_users: f2b@{{ nebula.cidr }} f2b@{{ pve_hosts.internal_cidr }} ssh_extra_allowed_users: f2b@{{ nebula.cidr }} f2b@{{ pve_hosts.internal_cidr }} f2b@{{ tailscale_cidr }}
nginx_https_redirect: true nginx_https_redirect: true

View file

@ -4,4 +4,4 @@ bantime = 600
findtime = 30 findtime = 30
maxretry = 5 maxretry = 5
port = {{ ssh_port }},ssh port = {{ ssh_port }},ssh
ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }} ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ tailscale_cidr }}

View file

@ -2,7 +2,7 @@
# Change to a high/odd port if this server is exposed to the internet directly # Change to a high/odd port if this server is exposed to the internet directly
Port {{ ssh_port }} Port {{ ssh_port }}
AllowUsers {% if hostname_slug in pve_hosts %}{{ me.user }}@{{ pve_hosts.internal_cidr }}{% endif %} {% if hostname_slug in nebula.clients %}{{ me.user }}@{{ nebula.cidr }}{% endif %} {{ ssh_extra_allowed_users }} AllowUsers {% if hostname_slug in pve_hosts %}{{ me.user }}@{{ pve_hosts.internal_cidr }}{% endif %} {% if hostname_slug in nebula.clients %}{{ me.user }}@{{ nebula.cidr }}{% endif %} {{ me.user }}@{{ tailscale_cidr }} {{ ssh_extra_allowed_users }}
# Bind to all interfaces (change to specific interface if needed) # Bind to all interfaces (change to specific interface if needed)
ListenAddress 0.0.0.0 ListenAddress 0.0.0.0

View file

@ -6,9 +6,9 @@ maxretry = 100
filter = nginx-tcp filter = nginx-tcp
logpath = /var/log/nginx/ips.log logpath = /var/log/nginx/ips.log
port = http,https,8448 port = http,https,8448
ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ vps_hosts.values()|sort|join(",") }} ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ vps_hosts.values()|sort|join(",") }},{{ tailscale_cidr }}
[traefik] [traefik]
enabled = true enabled = true
port = http,https,8448 port = http,https,8448
ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ vps_hosts.values()|sort|join(",") }} ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ vps_hosts.values()|sort|join(",") }},{{ tailscale_cidr }}

View file

@ -2,7 +2,7 @@
# Recommended minimum configuration: # Recommended minimum configuration:
# #
acl hide_internal dst {{ wireguard.cidr }} {{ nebula.cidr }} {{ pve_hosts.internal_cidr }} acl hide_internal dst {{ wireguard.cidr }} {{ nebula.cidr }} {{ pve_hosts.internal_cidr }} {{ tailscale_cidr }}
# Example rule allowing access from your local networks. # Example rule allowing access from your local networks.
# Adapt to list your (internal) IP networks from where browsing # Adapt to list your (internal) IP networks from where browsing

View file

@ -6,5 +6,5 @@ maxretry = 5
filter = traefik filter = traefik
logpath = /tmp/traefik-logs/access.log logpath = /tmp/traefik-logs/access.log
port = http,https port = http,https
ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ vps_hosts.values()|sort|join(",") }} ignoreip = {{ wireguard.cidr }},{{ nebula.cidr }},{{ pve_hosts.internal_cidr }},{{ vps_hosts.values()|sort|join(",") }},{{ tailscale_cidr }}
action = gateway action = gateway

View file

@ -11,6 +11,7 @@ entryPoints:
- "{{ wireguard.cidr }}" - "{{ wireguard.cidr }}"
- "{{ pve_hosts.internal_cidr }}" - "{{ pve_hosts.internal_cidr }}"
- "{{ nebula.cidr }}" - "{{ nebula.cidr }}"
- "{{ tailscale_cidr }}"
web-secure: web-secure:
address: :443 address: :443
http: http:
@ -33,6 +34,7 @@ entryPoints:
- "{{ wireguard.cidr }}" - "{{ wireguard.cidr }}"
- "{{ pve_hosts.internal_cidr }}" - "{{ pve_hosts.internal_cidr }}"
- "{{ nebula.cidr }}" - "{{ nebula.cidr }}"
- "{{ tailscale_cidr }}"
traefik: traefik:
address: :8080 address: :8080