Commit graph

45 commits

Author SHA1 Message Date
4d218248fa
Remotely connect to fail2ban to do ports
Traefik can affect the edge, so blocks work there and prevent traffic hitting home network.
2021-03-28 16:06:36 +01:00
5084bfecdf
Ignore PVE interface from f2b jails 2021-03-24 22:35:28 +00:00
f7a0877e72
Exclude nebula from fail2ban 2021-02-14 11:39:01 +00:00
385917ba4e
Decrease find time
Hopefully reduce false-positive catches
2021-02-14 11:22:32 +00:00
c38ecfebd7
Update gateway to point to ingress instance 2021-01-09 18:17:54 +00:00
58879d2e1d
Ensure fail2ban and logrotate are available on all machines 2020-12-27 22:39:33 +00:00
5eb3870fbe
Set mode on fail2ban filter and jail 2020-10-24 12:10:54 +01:00
bedbb0f5f4
Fix service to restart 2020-10-16 19:16:42 +01:00
1930cc83e8
Use generic package module 2020-10-16 19:16:42 +01:00
b2e91d7d6d
Update haproxy fail2ban jail to use systemd for logs 2020-10-16 19:16:42 +01:00
4890c3d3e5
Revert "Remove fail2ban"
This reverts commit 1f0e33acc8.
2020-10-16 19:16:42 +01:00
29c9e14f62
Remove haproxy chroot
This is technically _slightly_ less secure, but means it logs to journald properly, so can be picked up by fail2ban in future
2020-10-05 11:10:29 +01:00
24d11deeae
Update ansible-lint
Required a lot of renaming :(
2020-09-26 17:53:47 +01:00
dd12b795b5
Remove pihole
Internal VPN server is working just perfectly instead
2020-06-24 18:46:13 +01:00
913ee4759f
Quote value to silence errors 2020-06-18 21:18:47 +01:00
600bc4bb58
Ensure sysctl change is persisted
See note in https://wiki.archlinux.org/index.php/Sysctl#Configuration
2020-05-16 16:15:58 +01:00
112e8ce985
Install some wireguard tools 2020-05-11 11:59:46 +01:00
5289206f14
Remove unnecessary quotes 2020-05-09 20:11:08 +01:00
1f0e33acc8
Remove fail2ban
Keeps getting hit by stats. I should fix that at some point
2020-05-09 20:09:36 +01:00
f3126e34b9
Update haproxy config for use on arch 2020-05-09 20:08:27 +01:00
059cb585db
Use OS-agnostic package install for haproxy 2020-05-09 20:08:14 +01:00
095c8c4562
Use sysctl to enable p2p comms 2020-05-09 20:07:19 +01:00
974e0e8467
Enable services
Not just during reload
2020-04-28 20:48:15 +01:00
051ec43769
wg-quick can't be reloaed
This might break things!
2020-04-26 12:05:45 +01:00
ff8beea3c4
Massively increase timeouts to prevent websocket issues 2020-04-17 23:04:20 +01:00
1da3ca95e7
Stop using unstable repos to install wireguard
It's in backports now, which is much easier to install from!
2020-04-17 09:08:10 +01:00
f32e0bfe59
Only add timeout for core HTTP ports 2020-03-31 19:27:47 +01:00
1afc28ec17
Standardize string quotes in yaml 2020-03-25 21:27:15 +00:00
7eda50239c
Remove reference to become_user: root
This was the default anyway
2020-03-17 21:11:02 +00:00
cdcfcf3c66
Increase fail2ban threshold 2020-03-15 15:02:57 +00:00
708250005a
Install fail2ban 2020-03-13 23:08:26 +00:00
92af315e69
Change haproxy timeouts 2020-03-13 22:26:30 +00:00
253453ba16
Reload wireguard rather than restarting
Hopefully this stops it dropping connections
2020-02-07 21:09:41 +00:00
b4bb3f01f2
Convert haproxy config to use spaces 2020-01-26 18:17:55 +00:00
ac5a9aa0f0
Remove SSL block from haproxy config 2020-01-26 18:15:19 +00:00
af936990e2
Add custom DNS server 2020-01-23 20:06:45 +00:00
ec478c3cf5
Fix client config 2020-01-19 17:59:36 +00:00
7eaf608e3c
Revoke exposed wireguard keys
Derp derp derp
2020-01-19 17:41:34 +00:00
35605ce0a6
Move wireguard clients configuration to home dir
Makes it easier to provision machines
2020-01-19 17:33:14 +00:00
251fe11113
Output wireguard client config files 2020-01-19 16:43:51 +00:00
f6ffb1ceef
Template haproxy better 2020-01-17 22:56:45 +00:00
78fa36f20a
Move variables to 1 place
Much easier to manage
2020-01-17 22:31:50 +00:00
23a472f764
Add wireguard server config 2019-12-08 21:05:20 +00:00
730246e67f
Install wireguard server 2019-12-08 20:16:42 +00:00
58a3683355 Define haproxy config 2019-12-08 16:47:28 +00:00