01c236e4e9
Remove Nebula
...
/ terraform (push) Successful in 54s
/ ansible (push) Successful in 3m34s
I'm basically all in on Tailscale now
2024-09-01 20:21:29 +01:00
7ff44ee238
Add IPv6 to proxmox internal network
2024-04-20 18:00:08 +01:00
f88d224168
Allow only exposing services over Tailscale
...
/ terraform (push) Failing after 41s
/ ansible (push) Successful in 1m41s
This works using public DNS, so doesn't need Tailscale's magic DNS to override my local.
2024-03-07 22:30:10 +00:00
0dcc3f7c30
Use regular version of nginx on Arch
...
/ terraform (push) Successful in 30s
/ ansible (push) Successful in 1m30s
`nginx-mainline` requires modules be recompiled each time, and isn't handled automatically. It's still a very new and maintained release.
2024-02-29 19:46:32 +00:00
808e72553b
Add the basics of some edge caching
/ ansible (push) Has been cancelled
/ terraform (push) Has been cancelled
2024-02-21 21:42:16 +00:00
b6eca40ae0
Allow tailscale IP in more places
2024-02-07 18:21:16 +00:00
dfa8328e7b
Move gateway logs to separate file
2024-01-31 21:06:19 +00:00
2ceeaf091d
Deploy headscale
/ terraform (push) Failing after 11m20s
/ ansible (push) Failing after 11m6s
2024-01-27 14:18:37 +00:00
92052a3d0a
Unify nginx configuration
...
This creates a simple base configuration skeleton, that other configuration can be easily loaded into.
2023-12-16 17:47:04 +00:00
2af9f8529d
Fix new ansible-lint errors
...
/ terraform (push) Successful in 46s
/ ansible (push) Successful in 1m53s
Quite a few changes here, hopefully they work!
2023-06-15 15:16:19 +01:00
1db289b604
Show domain in logs rather than upstream
...
The upstream is always the same, and no use to us
2022-01-19 09:00:20 +00:00
4db474034e
Ignore my VMs from a fail2ban
2021-09-27 14:49:56 +01:00
a278443850
Use auto
on nginx configs
...
Let nginx work it out, and default to 1 per core
2021-09-04 22:41:30 +01:00
95216b32c4
Consolidate server blocks
2021-08-24 14:31:12 +01:00
ecb946bab4
Remove nginx version from headers
2021-08-23 16:12:34 +01:00
93cba46dd1
Redirect to HTTPS at the edge
2021-08-23 16:10:37 +01:00
a54d373526
Replace edge proxy with nginx
...
The config makes more sense, and it has more of the features I need, which will come later.
2021-08-22 22:35:09 +01:00
797c44a27d
Use proxy protocol v2
...
Apparently it's better for chaining, and may be faster anyway
2021-07-01 22:28:25 +01:00
3485f8e1f0
Actually version the ingress haproxy config
2021-06-12 17:32:47 +01:00
33fcf1a9e5
Fix matrix federation
...
Apparently this has been broken since like March...
It seems communication over port 8448 is required for server-to-server
comms, even if the client doesn't use it.
2021-06-12 17:32:47 +01:00
3c8d9fe940
Block all ports
2021-03-28 16:28:07 +01:00
4d218248fa
Remotely connect to fail2ban to do ports
...
Traefik can affect the edge, so blocks work there and prevent traffic hitting home network.
2021-03-28 16:06:36 +01:00
5084bfecdf
Ignore PVE interface from f2b jails
2021-03-24 22:35:28 +00:00
f7a0877e72
Exclude nebula from fail2ban
2021-02-14 11:39:01 +00:00
385917ba4e
Decrease find time
...
Hopefully reduce false-positive catches
2021-02-14 11:22:32 +00:00
c38ecfebd7
Update gateway to point to ingress instance
2021-01-09 18:17:54 +00:00
b2e91d7d6d
Update haproxy fail2ban jail to use systemd for logs
2020-10-16 19:16:42 +01:00
4890c3d3e5
Revert "Remove fail2ban"
...
This reverts commit 1f0e33acc8
.
2020-10-16 19:16:42 +01:00
29c9e14f62
Remove haproxy chroot
...
This is technically _slightly_ less secure, but means it logs to journald properly, so can be picked up by fail2ban in future
2020-10-05 11:10:29 +01:00
dd12b795b5
Remove pihole
...
Internal VPN server is working just perfectly instead
2020-06-24 18:46:13 +01:00
1f0e33acc8
Remove fail2ban
...
Keeps getting hit by stats. I should fix that at some point
2020-05-09 20:09:36 +01:00
f3126e34b9
Update haproxy config for use on arch
2020-05-09 20:08:27 +01:00
ff8beea3c4
Massively increase timeouts to prevent websocket issues
2020-04-17 23:04:20 +01:00
1da3ca95e7
Stop using unstable repos to install wireguard
...
It's in backports now, which is much easier to install from!
2020-04-17 09:08:10 +01:00
f32e0bfe59
Only add timeout for core HTTP ports
2020-03-31 19:27:47 +01:00
cdcfcf3c66
Increase fail2ban threshold
2020-03-15 15:02:57 +00:00
708250005a
Install fail2ban
2020-03-13 23:08:26 +00:00
92af315e69
Change haproxy timeouts
2020-03-13 22:26:30 +00:00
b4bb3f01f2
Convert haproxy config to use spaces
2020-01-26 18:17:55 +00:00
ac5a9aa0f0
Remove SSL block from haproxy config
2020-01-26 18:15:19 +00:00
af936990e2
Add custom DNS server
2020-01-23 20:06:45 +00:00
ec478c3cf5
Fix client config
2020-01-19 17:59:36 +00:00
251fe11113
Output wireguard client config files
2020-01-19 16:43:51 +00:00
f6ffb1ceef
Template haproxy better
2020-01-17 22:56:45 +00:00
78fa36f20a
Move variables to 1 place
...
Much easier to manage
2020-01-17 22:31:50 +00:00
23a472f764
Add wireguard server config
2019-12-08 21:05:20 +00:00
730246e67f
Install wireguard server
2019-12-08 20:16:42 +00:00
58a3683355
Define haproxy config
2019-12-08 16:47:28 +00:00