Commit graph

36 commits

Author SHA1 Message Date
92052a3d0a
Unify nginx configuration
This creates a simple base configuration skeleton, that other configuration can be easily loaded into.
2023-12-16 17:47:04 +00:00
5a0df92a6a
Disable ip_forward
All checks were successful
/ terraform (push) Successful in 1m4s
/ ansible (push) Successful in 2m20s
I don't need P2P comms for this, so disable this for extra security.

I should add a proper firewall at some point...
2023-09-01 19:52:36 +01:00
da55e3fb5f
Fix references to home dir
All checks were successful
/ terraform (push) Successful in 47s
/ ansible (push) Successful in 1m46s
2023-06-17 16:00:30 +01:00
2af9f8529d
Fix new ansible-lint errors
All checks were successful
/ terraform (push) Successful in 46s
/ ansible (push) Successful in 1m53s
Quite a few changes here, hopefully they work!
2023-06-15 15:16:19 +01:00
f07b5d9b7b
Migrate include: to include_tasks 2022-01-22 20:21:32 +00:00
188b7c9dd6
Install wireguard tools before provisioning config 2022-01-21 20:29:34 +00:00
c5215e330b
Update yamllint to fix dependency issue
I think this still validates everything we need it to
2022-01-11 20:51:12 +00:00
a54d373526
Replace edge proxy with nginx
The config makes more sense, and it has more of the features I need, which will come later.
2021-08-22 22:35:09 +01:00
58879d2e1d
Ensure fail2ban and logrotate are available on all machines 2020-12-27 22:39:33 +00:00
5eb3870fbe
Set mode on fail2ban filter and jail 2020-10-24 12:10:54 +01:00
bedbb0f5f4
Fix service to restart 2020-10-16 19:16:42 +01:00
1930cc83e8
Use generic package module 2020-10-16 19:16:42 +01:00
4890c3d3e5
Revert "Remove fail2ban"
This reverts commit 1f0e33acc8.
2020-10-16 19:16:42 +01:00
24d11deeae
Update ansible-lint
Required a lot of renaming :(
2020-09-26 17:53:47 +01:00
913ee4759f
Quote value to silence errors 2020-06-18 21:18:47 +01:00
600bc4bb58
Ensure sysctl change is persisted
See note in https://wiki.archlinux.org/index.php/Sysctl#Configuration
2020-05-16 16:15:58 +01:00
112e8ce985
Install some wireguard tools 2020-05-11 11:59:46 +01:00
5289206f14
Remove unnecessary quotes 2020-05-09 20:11:08 +01:00
1f0e33acc8
Remove fail2ban
Keeps getting hit by stats. I should fix that at some point
2020-05-09 20:09:36 +01:00
059cb585db
Use OS-agnostic package install for haproxy 2020-05-09 20:08:14 +01:00
095c8c4562
Use sysctl to enable p2p comms 2020-05-09 20:07:19 +01:00
974e0e8467
Enable services
Not just during reload
2020-04-28 20:48:15 +01:00
051ec43769
wg-quick can't be reloaed
This might break things!
2020-04-26 12:05:45 +01:00
1da3ca95e7
Stop using unstable repos to install wireguard
It's in backports now, which is much easier to install from!
2020-04-17 09:08:10 +01:00
1afc28ec17
Standardize string quotes in yaml 2020-03-25 21:27:15 +00:00
7eda50239c
Remove reference to become_user: root
This was the default anyway
2020-03-17 21:11:02 +00:00
708250005a
Install fail2ban 2020-03-13 23:08:26 +00:00
253453ba16
Reload wireguard rather than restarting
Hopefully this stops it dropping connections
2020-02-07 21:09:41 +00:00
7eaf608e3c
Revoke exposed wireguard keys
Derp derp derp
2020-01-19 17:41:34 +00:00
35605ce0a6
Move wireguard clients configuration to home dir
Makes it easier to provision machines
2020-01-19 17:33:14 +00:00
251fe11113
Output wireguard client config files 2020-01-19 16:43:51 +00:00
f6ffb1ceef
Template haproxy better 2020-01-17 22:56:45 +00:00
78fa36f20a
Move variables to 1 place
Much easier to manage
2020-01-17 22:31:50 +00:00
23a472f764
Add wireguard server config 2019-12-08 21:05:20 +00:00
730246e67f
Install wireguard server 2019-12-08 20:16:42 +00:00
58a3683355 Define haproxy config 2019-12-08 16:47:28 +00:00