|
3c8d9fe940
|
Block all ports
|
2021-03-28 16:28:07 +01:00 |
|
|
4d218248fa
|
Remotely connect to fail2ban to do ports
Traefik can affect the edge, so blocks work there and prevent traffic hitting home network.
|
2021-03-28 16:06:36 +01:00 |
|
|
5084bfecdf
|
Ignore PVE interface from f2b jails
|
2021-03-24 22:35:28 +00:00 |
|
|
f7a0877e72
|
Exclude nebula from fail2ban
|
2021-02-14 11:39:01 +00:00 |
|
|
385917ba4e
|
Decrease find time
Hopefully reduce false-positive catches
|
2021-02-14 11:22:32 +00:00 |
|
|
c38ecfebd7
|
Update gateway to point to ingress instance
|
2021-01-09 18:17:54 +00:00 |
|
|
58879d2e1d
|
Ensure fail2ban and logrotate are available on all machines
|
2020-12-27 22:39:33 +00:00 |
|
|
5eb3870fbe
|
Set mode on fail2ban filter and jail
|
2020-10-24 12:10:54 +01:00 |
|
|
bedbb0f5f4
|
Fix service to restart
|
2020-10-16 19:16:42 +01:00 |
|
|
1930cc83e8
|
Use generic package module
|
2020-10-16 19:16:42 +01:00 |
|
|
b2e91d7d6d
|
Update haproxy fail2ban jail to use systemd for logs
|
2020-10-16 19:16:42 +01:00 |
|
|
4890c3d3e5
|
Revert "Remove fail2ban"
This reverts commit 1f0e33acc8 .
|
2020-10-16 19:16:42 +01:00 |
|
|
29c9e14f62
|
Remove haproxy chroot
This is technically _slightly_ less secure, but means it logs to journald properly, so can be picked up by fail2ban in future
|
2020-10-05 11:10:29 +01:00 |
|
|
24d11deeae
|
Update ansible-lint
Required a lot of renaming :(
|
2020-09-26 17:53:47 +01:00 |
|
|
dd12b795b5
|
Remove pihole
Internal VPN server is working just perfectly instead
|
2020-06-24 18:46:13 +01:00 |
|
|
913ee4759f
|
Quote value to silence errors
|
2020-06-18 21:18:47 +01:00 |
|
|
600bc4bb58
|
Ensure sysctl change is persisted
See note in https://wiki.archlinux.org/index.php/Sysctl#Configuration
|
2020-05-16 16:15:58 +01:00 |
|
|
112e8ce985
|
Install some wireguard tools
|
2020-05-11 11:59:46 +01:00 |
|
|
5289206f14
|
Remove unnecessary quotes
|
2020-05-09 20:11:08 +01:00 |
|
|
1f0e33acc8
|
Remove fail2ban
Keeps getting hit by stats. I should fix that at some point
|
2020-05-09 20:09:36 +01:00 |
|
|
f3126e34b9
|
Update haproxy config for use on arch
|
2020-05-09 20:08:27 +01:00 |
|
|
059cb585db
|
Use OS-agnostic package install for haproxy
|
2020-05-09 20:08:14 +01:00 |
|
|
095c8c4562
|
Use sysctl to enable p2p comms
|
2020-05-09 20:07:19 +01:00 |
|
|
974e0e8467
|
Enable services
Not just during reload
|
2020-04-28 20:48:15 +01:00 |
|
|
051ec43769
|
wg-quick can't be reloaed
This might break things!
|
2020-04-26 12:05:45 +01:00 |
|
|
ff8beea3c4
|
Massively increase timeouts to prevent websocket issues
|
2020-04-17 23:04:20 +01:00 |
|
|
1da3ca95e7
|
Stop using unstable repos to install wireguard
It's in backports now, which is much easier to install from!
|
2020-04-17 09:08:10 +01:00 |
|
|
f32e0bfe59
|
Only add timeout for core HTTP ports
|
2020-03-31 19:27:47 +01:00 |
|
|
1afc28ec17
|
Standardize string quotes in yaml
|
2020-03-25 21:27:15 +00:00 |
|
|
7eda50239c
|
Remove reference to become_user: root
This was the default anyway
|
2020-03-17 21:11:02 +00:00 |
|
|
cdcfcf3c66
|
Increase fail2ban threshold
|
2020-03-15 15:02:57 +00:00 |
|
|
708250005a
|
Install fail2ban
|
2020-03-13 23:08:26 +00:00 |
|
|
92af315e69
|
Change haproxy timeouts
|
2020-03-13 22:26:30 +00:00 |
|
|
253453ba16
|
Reload wireguard rather than restarting
Hopefully this stops it dropping connections
|
2020-02-07 21:09:41 +00:00 |
|
|
b4bb3f01f2
|
Convert haproxy config to use spaces
|
2020-01-26 18:17:55 +00:00 |
|
|
ac5a9aa0f0
|
Remove SSL block from haproxy config
|
2020-01-26 18:15:19 +00:00 |
|
|
af936990e2
|
Add custom DNS server
|
2020-01-23 20:06:45 +00:00 |
|
|
ec478c3cf5
|
Fix client config
|
2020-01-19 17:59:36 +00:00 |
|
|
7eaf608e3c
|
Revoke exposed wireguard keys
Derp derp derp
|
2020-01-19 17:41:34 +00:00 |
|
|
35605ce0a6
|
Move wireguard clients configuration to home dir
Makes it easier to provision machines
|
2020-01-19 17:33:14 +00:00 |
|
|
251fe11113
|
Output wireguard client config files
|
2020-01-19 16:43:51 +00:00 |
|
|
f6ffb1ceef
|
Template haproxy better
|
2020-01-17 22:56:45 +00:00 |
|
|
78fa36f20a
|
Move variables to 1 place
Much easier to manage
|
2020-01-17 22:31:50 +00:00 |
|
|
23a472f764
|
Add wireguard server config
|
2019-12-08 21:05:20 +00:00 |
|
|
730246e67f
|
Install wireguard server
|
2019-12-08 20:16:42 +00:00 |
|
|
58a3683355
|
Define haproxy config
|
2019-12-08 16:47:28 +00:00 |
|