dogeystamp/homeserver-iac
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
62 Commits 1 Branch 0 Tags 199 KiB
864c1bdfd3
Commit Graph

11 Commits

Author SHA1 Message Date
dogeystamp
864c1bdfd3
haproxy, firewall, containers: force connections through bastion vpn 
docker is now listening on localhost, with a haproxy on the services
server to forward the ports outwards. this is because docker tends to
disregard UFW's rules, but haproxy should be better in that regard.

meanwhile, the firewall rules have been configured properly to only
allow the bastion IP in over the wireguard connection, for proper
authentication.
 2024-06-19 23:02:08 -04:00
dogeystamp
0c8d18dcce
wireguard: use vpn for bastion-fleet comms 
supposedly fleet will be more secure this way
 2024-06-16 21:32:52 -04:00
dogeystamp
03177a1ee7
roles/wireguard: implemented 2024-06-16 15:05:12 -04:00
dogeystamp
4144a0647e
roles/synapse: added 2023-09-07 21:47:16 -04:00
dogeystamp
3b6ec76ce8
roles/firewall: fix invalid argument 2023-09-03 21:49:43 -04:00
dogeystamp
9b4e047171
firewall: fix glaring errors 2023-08-27 19:36:52 -04:00
dogeystamp
1e4cae244f
fix minor issues 2023-08-26 22:02:29 -04:00
dogeystamp
e32301fa3c
roles/firewall: make bastion_ip a variable 2023-08-23 21:14:39 -04:00
dogeystamp
dce5b25702
autogenerate hosts 2023-08-23 17:54:55 -04:00
dogeystamp
523cfec521
moved hosts to yml format 2023-08-23 17:31:22 -04:00
dogeystamp
52de6b7b70
initial commit: upload essentials from original playbook 
most non-dockerized services should be here
 2023-08-21 17:19:29 -04:00