|
92052a3d0a
|
Unify nginx configuration
This creates a simple base configuration skeleton, that other configuration can be easily loaded into.
|
2023-12-16 17:47:04 +00:00 |
|
|
5a0df92a6a
|
Disable ip_forward
/ terraform (push) Successful in 1m4s
/ ansible (push) Successful in 2m20s
I don't need P2P comms for this, so disable this for extra security.
I should add a proper firewall at some point...
|
2023-09-01 19:52:36 +01:00 |
|
|
da55e3fb5f
|
Fix references to home dir
/ terraform (push) Successful in 47s
/ ansible (push) Successful in 1m46s
|
2023-06-17 16:00:30 +01:00 |
|
|
2af9f8529d
|
Fix new ansible-lint errors
/ terraform (push) Successful in 46s
/ ansible (push) Successful in 1m53s
Quite a few changes here, hopefully they work!
|
2023-06-15 15:16:19 +01:00 |
|
|
f07b5d9b7b
|
Migrate include: to include_tasks
|
2022-01-22 20:21:32 +00:00 |
|
|
188b7c9dd6
|
Install wireguard tools before provisioning config
|
2022-01-21 20:29:34 +00:00 |
|
|
c5215e330b
|
Update yamllint to fix dependency issue
I think this still validates everything we need it to
|
2022-01-11 20:51:12 +00:00 |
|
|
a54d373526
|
Replace edge proxy with nginx
The config makes more sense, and it has more of the features I need, which will come later.
|
2021-08-22 22:35:09 +01:00 |
|
|
58879d2e1d
|
Ensure fail2ban and logrotate are available on all machines
|
2020-12-27 22:39:33 +00:00 |
|
|
5eb3870fbe
|
Set mode on fail2ban filter and jail
|
2020-10-24 12:10:54 +01:00 |
|
|
bedbb0f5f4
|
Fix service to restart
|
2020-10-16 19:16:42 +01:00 |
|
|
1930cc83e8
|
Use generic package module
|
2020-10-16 19:16:42 +01:00 |
|
|
4890c3d3e5
|
Revert "Remove fail2ban"
This reverts commit 1f0e33acc8 .
|
2020-10-16 19:16:42 +01:00 |
|
|
24d11deeae
|
Update ansible-lint
Required a lot of renaming :(
|
2020-09-26 17:53:47 +01:00 |
|
|
913ee4759f
|
Quote value to silence errors
|
2020-06-18 21:18:47 +01:00 |
|
|
600bc4bb58
|
Ensure sysctl change is persisted
See note in https://wiki.archlinux.org/index.php/Sysctl#Configuration
|
2020-05-16 16:15:58 +01:00 |
|
|
112e8ce985
|
Install some wireguard tools
|
2020-05-11 11:59:46 +01:00 |
|
|
5289206f14
|
Remove unnecessary quotes
|
2020-05-09 20:11:08 +01:00 |
|
|
1f0e33acc8
|
Remove fail2ban
Keeps getting hit by stats. I should fix that at some point
|
2020-05-09 20:09:36 +01:00 |
|
|
059cb585db
|
Use OS-agnostic package install for haproxy
|
2020-05-09 20:08:14 +01:00 |
|
|
095c8c4562
|
Use sysctl to enable p2p comms
|
2020-05-09 20:07:19 +01:00 |
|
|
974e0e8467
|
Enable services
Not just during reload
|
2020-04-28 20:48:15 +01:00 |
|
|
051ec43769
|
wg-quick can't be reloaed
This might break things!
|
2020-04-26 12:05:45 +01:00 |
|
|
1da3ca95e7
|
Stop using unstable repos to install wireguard
It's in backports now, which is much easier to install from!
|
2020-04-17 09:08:10 +01:00 |
|
|
1afc28ec17
|
Standardize string quotes in yaml
|
2020-03-25 21:27:15 +00:00 |
|
|
7eda50239c
|
Remove reference to become_user: root
This was the default anyway
|
2020-03-17 21:11:02 +00:00 |
|
|
708250005a
|
Install fail2ban
|
2020-03-13 23:08:26 +00:00 |
|
|
253453ba16
|
Reload wireguard rather than restarting
Hopefully this stops it dropping connections
|
2020-02-07 21:09:41 +00:00 |
|
|
7eaf608e3c
|
Revoke exposed wireguard keys
Derp derp derp
|
2020-01-19 17:41:34 +00:00 |
|
|
35605ce0a6
|
Move wireguard clients configuration to home dir
Makes it easier to provision machines
|
2020-01-19 17:33:14 +00:00 |
|
|
251fe11113
|
Output wireguard client config files
|
2020-01-19 16:43:51 +00:00 |
|
|
f6ffb1ceef
|
Template haproxy better
|
2020-01-17 22:56:45 +00:00 |
|
|
78fa36f20a
|
Move variables to 1 place
Much easier to manage
|
2020-01-17 22:31:50 +00:00 |
|
|
23a472f764
|
Add wireguard server config
|
2019-12-08 21:05:20 +00:00 |
|
|
730246e67f
|
Install wireguard server
|
2019-12-08 20:16:42 +00:00 |
|
|
58a3683355
|
Define haproxy config
|
2019-12-08 16:47:28 +00:00 |
|