|
|
e660aeac36
|
roles/printserver: use http to connect to CUPS
|
2025-10-24 16:07:55 -04:00 |
|
|
|
4eedb341d8
|
roles/printserver: remove insecureSkipVerify opt
|
2025-10-24 16:04:50 -04:00 |
|
|
|
2b71a3f01f
|
hosts/print-01: change serverAlias to loopback IP, not localhost
|
2025-10-24 16:03:51 -04:00 |
|
|
|
cb281f8ffb
|
roles/printserver: change reverse proxy from caddy to traefik
|
2025-10-24 15:50:09 -04:00 |
|
|
|
bc623309ba
|
roles/syncthingserver: change reverse proxy from caddy to traefik
|
2025-10-24 15:30:29 -04:00 |
|
|
|
241674cb83
|
hosts/lax-01: Hostsni -> HostSNI
|
2025-10-24 11:53:22 -04:00 |
|
|
|
46e4aa90de
|
hosts/lax-01: add iPhone ssh key
|
2025-10-24 08:12:22 -04:00 |
|
|
|
96b591aa2a
|
base/network: fix call for enableTSExitNode in tailscale config
|
2025-10-20 10:20:06 -07:00 |
|
|
|
f3386283ee
|
base/network: add mkOption attr to enableTSExitNode
|
2025-10-20 10:17:03 -07:00 |
|
|
|
510dc8c6f8
|
base/network: use if then else instead of mkIf in tailscale routing config
|
2025-10-20 10:14:54 -07:00 |
|
|
|
e7845c4800
|
hosts/lax-01: enable tailscale exit node
|
2025-10-20 10:01:39 -07:00 |
|
|
|
490b1f972b
|
base/network: add opt enableTSExitNode
|
2025-10-20 10:00:29 -07:00 |
|
|
|
35eac0db2e
|
hosts/hel-01: add config and credentials for borg backups
|
2025-10-19 11:36:44 -07:00 |
|
|
|
4af5feb6c8
|
hosts/nbg-01: use correct repo path for borg backups
|
2025-10-19 11:31:27 -07:00 |
|
|
|
638f1d61fe
|
hosts/nbg-01: add borgmatic config
|
2025-10-19 11:27:43 -07:00 |
|
|
|
69bb2a900f
|
hosts/lax-01: add int port for db in container
|
2025-10-19 08:01:37 -07:00 |
|
|
|
2e4027f09b
|
hosts: cleanup formatting for sops.secrets blocks
|
2025-10-19 07:56:07 -07:00 |
|
|
|
a5952afb88
|
hosts/lax-01: enable sops credentials for borg
|
2025-10-19 07:53:05 -07:00 |
|
|
|
3658b6dd0d
|
hosts/lax-01: add borgmatic config
|
2025-10-19 07:46:14 -07:00 |
|
|
|
c1920fe438
|
lax-01: add credentials for backups
|
2025-10-19 07:42:04 -07:00 |
|
|
|
0fe2de0826
|
hosts/borg-01: add keys for hel-01,lax-01,nbg-01
|
2025-10-19 07:28:24 -07:00 |
|
|
|
a00479186d
|
Merge branch 'services.crowdsec'
|
2025-10-18 22:56:29 -07:00 |
|
|
|
2cb43f946b
|
secrets/nbg-01: rotate crowdsec lapiKey for traefik bouncer
|
2025-10-18 22:56:08 -07:00 |
|
|
|
b2d590a899
|
hosts: enable crowdsec-firewall-bouncer module for web-exposed hosts
|
2025-10-18 22:48:16 -07:00 |
|
|
|
3199b45957
|
Merge branch 'services.crowdsec' into services
|
2025-10-18 22:46:00 -07:00 |
|
|
|
bfd5dfbd2d
|
crowdsec-traefik-bouncer: cleanup unneeded vars
|
2025-10-18 22:45:35 -07:00 |
|
|
|
80ee346387
|
services/crowdsec-firewall-bouncer: only use mkIf cfg.enable conditional
|
2025-10-18 22:44:23 -07:00 |
|
|
|
fba44b786d
|
services: add crowdsec-firewall-bouncer module
|
2025-10-18 22:43:58 -07:00 |
|
|
|
3d0a91417b
|
services/healthchecks: use healthchecks name in opt example
|
2025-10-18 21:45:40 -07:00 |
|
|
|
2e8156f2fe
|
flake.lock: update 2025-10-18
|
2025-10-18 15:39:32 -07:00 |
|
|
|
e8ea6dd73b
|
base/secrets: fix missing age subdir in ageKeyDir
|
2025-10-18 15:33:33 -07:00 |
|
|
|
274b059311
|
base/secrets: var usage sopsDir -> ageKeyDir
|
2025-10-18 15:30:12 -07:00 |
|
|
|
3a46f6b4de
|
base/secrets: add tmpfiles rules for creating key storage file
|
2025-10-18 15:27:41 -07:00 |
|
|
|
cd1c09f28e
|
hosts/nbg-01: add config for crowdsec traefik bouncer
|
2025-10-18 15:23:22 -07:00 |
|
|
|
2ab3816414
|
secrets/nbg-01: add crowdsec lapiKey
|
2025-10-18 15:20:35 -07:00 |
|
|
|
3ca64a9ba6
|
sops.yaml: add key for nbg-01
|
2025-10-18 15:19:42 -07:00 |
|
|
|
6fc106abad
|
hosts/lax-01: set permission for bouncer key to traefik
|
2025-10-18 15:08:55 -07:00 |
|
|
|
2b19bc29d7
|
services/crowdsec-traefik-bouncer: rename bouncer plugin instance
|
2025-10-18 14:57:02 -07:00 |
|
|
|
32a19f6acb
|
services/traefik: set service's working directory
|
2025-10-18 14:52:29 -07:00 |
|
|
|
1ad5628ee9
|
services/crowdsec-traefik-bouncer: update comment about tmpfiles
|
2025-10-18 14:40:50 -07:00 |
|
|
|
111506f08c
|
services/crowdsec: add rules to create credentials files
|
2025-10-18 14:39:48 -07:00 |
|
|
|
e52a73d1a5
|
services/crowdsec-traefik-bouncer: create subdirectory sources under plugins-storage
|
2025-10-18 14:37:03 -07:00 |
|
|
|
bbb6fc8059
|
services/crowdsec-traefik-bouncer: create directory for plugins storage
|
2025-10-18 14:31:55 -07:00 |
|
|
|
45f4e1af44
|
services/crowdsec-traefik-bouncer: fix section of middlewares for bouncer
|
2025-10-18 14:28:57 -07:00 |
|
|
|
19c28ebe3c
|
services/crowdsec-traefik-bouncer: var lapiAddress -> lapiHost
|
2025-10-18 14:19:44 -07:00 |
|
|
|
a4a24c82df
|
secrets/lax-01: add lapi key for bouncer
|
2025-10-18 14:19:24 -07:00 |
|
|
|
a373364c25
|
hosts/lax-01: enable crowdsec-traefik-bouncer module
|
2025-10-18 13:52:24 -07:00 |
|
|
|
a55d163bae
|
hosts/log-01: consolidate sops.secrets blocks
|
2025-10-18 13:50:37 -07:00 |
|
|
|
60762435f5
|
services/crowdsec-traefik-bouncer: fix scope of lapiKeyFile
|
2025-10-18 13:14:09 -07:00 |
|
|
|
c1ac126dd4
|
services/crowdsec-traefik-bouncer: reorder config opts
|
2025-10-18 13:13:36 -07:00 |
|
