dustin
/
configpolicy
1
1
Fork 0
Code Issues Releases Activity
880 Commits
14 Branches
0 Tags
7.3 MiB
Commit Graph

5 Commits (dfc1a36ee51bf7fafe9391e611704d9ab0551be3)

Author SHA1 Message Date
Dustin 4bdd00d339 gw1: Do not reboot after dnf automatic updates 
We don't want the firewall rebooting itself after kernel updates.
Instead, I will reboot it manually at the next appropriate time.
 2024-06-13 08:10:55 -05:00
Dustin c51589adff gw1: Scrape BIND DNS server logs 
The BIND server on the firewall is configured to write query logs and
RPZ rewrite logs to files under `/var/log/named`.  We can scrape these
logs with Promtail and use the messages for analytics on the DNS-based
firewall, etc.
 2024-02-28 19:06:23 -06:00
Dustin 1bff9b2649 gw1: Enable pam_ssh_agent_auth for sudo 
This machine is _not_ a member of the _pyrocufflink.blue_ AD domain, so
it does not inherit the settings from that group.  Also, Jenkins does
not manage it, so only my personal keys are authorized.
 2024-01-28 12:16:35 -06:00
Dustin 423951bac1 {burp1, gw1}: Configure upsmon 2024-01-19 21:55:36 -06:00
Dustin d0b0f2ff38 hosts: gw1: Deploy BURP, collectd 
Although *gw1* is not really managed by Ansible, it is much easier to
deploy collectd and BURP with the existing playbooks.
 2024-01-19 20:52:48 -06:00