Commit graph

17 commits

Author SHA1 Message Date
8424b3211b
Allow ingress to serve as tailscale exit node
All checks were successful
/ terraform (push) Successful in 38s
/ ansible (push) Successful in 1m46s
2024-03-28 23:30:24 +00:00
f88d224168
Allow only exposing services over Tailscale
Some checks failed
/ terraform (push) Failing after 41s
/ ansible (push) Successful in 1m41s
This works using public DNS, so doesn't need Tailscale's magic DNS to override my local.
2024-03-07 22:30:10 +00:00
02847355a7
Install tailscale
All checks were successful
/ terraform (push) Successful in 29s
/ ansible (push) Successful in 1m34s
Install, not configure
2024-02-01 19:41:47 +00:00
53c758a781
Monitor headscale with prometheus
All checks were successful
/ terraform (push) Successful in 29s
/ ansible (push) Successful in 1m38s
2024-01-27 17:40:02 +00:00
92052a3d0a
Unify nginx configuration
This creates a simple base configuration skeleton, that other configuration can be easily loaded into.
2023-12-16 17:47:04 +00:00
943c141d59
Ensure ingress proxy doesn't terminate connections
All checks were successful
/ terraform (push) Successful in 1m6s
/ ansible (push) Successful in 2m16s
This mostly works around a weird issues with Jellyfin
2023-12-14 22:08:02 +00:00
5fb605231d
Allow pings to ingress
All checks were successful
/ terraform (push) Successful in 33s
/ ansible (push) Successful in 1m50s
This makes testing connections much simpler
2023-11-05 21:48:25 +00:00
850278ab19
Allow nebula through firewall
Some checks failed
/ terraform (push) Successful in 1m6s
/ ansible (push) Failing after 2m8s
2023-11-03 18:06:36 +00:00
9f83efa53b
Use nftables for firewall on ingress
See ya never, iptables!
2023-10-26 21:34:06 +01:00
1db289b604
Show domain in logs rather than upstream
The upstream is always the same, and no use to us
2022-01-19 09:00:20 +00:00
a278443850
Use auto on nginx configs
Let nginx work it out, and default to 1 per core
2021-09-04 22:41:30 +01:00
453a374801
Replace ingress proxy with nginx
This enables HTTPS redirecting at it too much more easily, and matches the gateway configuration.

Requires using upstream versions of nginx to enable https://nginx.org/en/docs/stream/ngx_stream_realip_module.html
2021-08-24 14:21:51 +01:00
edc5c325b7
Correctly check hostname against PVE hosts
Some of the hostnames have `-` in instead, which caused issues with the SSH config detecting which users to allow
2021-08-23 19:56:04 +01:00
93cba46dd1
Redirect to HTTPS at the edge 2021-08-23 16:10:37 +01:00
797c44a27d
Use proxy protocol v2
Apparently it's better for chaining, and may be faster anyway
2021-07-01 22:28:25 +01:00
3485f8e1f0
Actually version the ingress haproxy config 2021-06-12 17:32:47 +01:00
30cb9e52e7
Install and provision wireguard client on ingress server 2020-12-21 18:24:35 +00:00