dustin
/
configpolicy
1
1
Fork 0
Code Issues Releases Activity
Ansible configuration policy for the private network/home lab of Dustin C. Hatch http://dustin.hatch.name/
274 Commits
14 Branches
0 Tags
7.3 MiB
Jinja 86.3%
Python 6.7%
Shell 4.5%
Groovy 2.5%
 
 
 
 
Go to file
Dustin a1ca06a3c5 Move VPN server to dedicated VM 
The VPN capability of the UniFi Security Gateway is extremely limited.
It does not support road-warrior IPsec/IKEv2 configuration, and its
OpenVPN configuration is inflexible. As with DHCP, the best solution is
to simply move service to another machine.

To that end, I created a new VM, *vpn0.pyrocufflink.blue*, to host both
strongSwan and OpenVPN. For this to work, the necessary TCP/UDP ports
need to be forwarded, of course, and all of the remote subnets need
static routes on the gateway, specifying this machine as the next hop.
Additionally, ICMP redirects need to be disabled, to prevent confusing
the routing tables of devices on the same subnet as the VPN gateway.
 		2018-10-07 21:42:18 -05:00
certs/koji/koji0.pyrocufflink.blue hosts: Add koji0.pyrocufflink.blue 2018-08-12 10:27:20 -05:00
ci ci: Add pipeline for Koji 2018-08-12 10:27:20 -05:00
group_vars Move VPN server to dedicated VM 2018-10-07 21:42:18 -05:00
host_vars hosts: Add dns1.pyrocufflink.blue 2018-08-12 17:24:37 -05:00
passwords/kojiweb_secret hosts: Add koji0.pyrocufflink.blue 2018-08-12 10:27:20 -05:00
roles Move VPN server to dedicated VM 2018-10-07 21:42:18 -05:00
vault hosts: Add file0.p.b to burp-client 2018-08-08 22:07:32 -05:00
.gitignore Protect vault secret with GPG 2018-01-29 15:11:07 -06:00
.vault-secret.sh Protect vault secret with GPG 2018-01-29 15:11:07 -06:00
ansible.cfg ansible.cfg: Fix remote_tmp 2018-05-19 10:20:22 -05:00
ansible.yml ansible: Install Ansible 2018-04-08 12:20:03 -05:00
aria2.yml aria2: Deploy aria2 download manager 2018-08-19 14:17:48 -05:00
base.yml base: Base playbook 2018-01-29 15:03:45 -06:00
burp-client.yml burp-{client,server}: PBs to deploy BURP 2018-08-08 20:14:25 -05:00
burp-server.yml burp-{client,server}: PBs to deploy BURP 2018-08-08 20:14:25 -05:00
certbot.yml certbot: Playbook to deploy certbot 2018-06-13 22:23:27 -05:00
dch-gw.yml dch-gw: Initial commit 2018-03-27 20:44:43 -05:00
dch-proxy.yml dch-proxy: PB to deploy HAProxy 2018-07-01 15:19:20 -05:00
dch-root-ca.crt pyrocufflink: Trust DCH Root CA 2018-06-04 20:03:55 -05:00
dch-vpn.yml Move VPN server to dedicated VM 2018-10-07 21:42:18 -05:00
dhcpcd.yml dhcpcd: Install and configure dhcpcd 2018-03-13 23:19:50 -05:00
dhcpd.yml dhcpd: Install and configure ISC DHCPD 2018-03-27 20:44:43 -05:00
domain-controller.yml domain-controller: Configure local AD authentication 2018-03-11 18:16:17 -05:00
dyngroups.yml dyngroups: Dynamic host classification 2018-03-27 20:44:43 -05:00
fileserver.yml fileserver: PB to deploy fileserver role 2018-08-01 22:08:24 -05:00
firewalld.yml firewalld: Playbook to bootstrap firewalld 2018-01-29 15:11:07 -06:00
gitea.yml gitea: Restrict SSH configuration 2018-06-06 21:45:36 -05:00
hostname.yml hostname: Also write /etc/hosts 2018-04-08 10:11:43 -05:00
hosts Move VPN server to dedicated VM 2018-10-07 21:42:18 -05:00
hosts.offline hosts: Move vmhost1.p.b to hosts.offline 2018-08-04 11:31:40 -05:00
jenkins-slave.yml jenkins-slave: Apply ssh-hostkeys role 2018-04-08 12:32:02 -05:00
koji-builder.yml koji: Add playbooks for Koji 2018-08-12 10:14:25 -05:00
koji-hub.yml koji: Add playbooks for Koji 2018-08-12 10:14:25 -05:00
koji-web.yml koji: Add playbooks for Koji 2018-08-12 10:14:25 -05:00
koji.yml koji: Add playbooks for Koji 2018-08-12 10:14:25 -05:00
named-server.yml named-server: Playbook to deploy BIND 2018-01-29 15:10:04 -06:00
net-ifaces.yml net-ifaces: PB to apply net-ifaces role 2018-07-23 17:35:10 -05:00
network.yml network: Playbook to configure networking 2018-03-27 20:44:43 -05:00
ntp.yml ntp: Initial PB and role to set up ntpd 2018-04-22 11:19:22 -05:00
postgresql.yml postgresql: PB to deploy PostgreSQL server 2018-04-14 15:28:46 -05:00
pyrocufflink.yml pyrocufflink: Trust DCH Root CA 2018-06-04 20:03:55 -05:00
radius.yml radius: PB to configure RADIUS servers 2018-05-06 13:09:18 -05:00
radvd.yml radvd: Install and configure radvd 2018-03-27 20:44:43 -05:00
remount.yml remount: PB to remount read-only filesystems 2018-04-15 13:45:38 -05:00
rngd.yml rngd: PB to set up rngd 2018-08-13 20:25:22 -05:00
samba-dc.yml samba-dc: Configure samba4 winbind 2018-03-11 18:16:17 -05:00
smtp-relay.yml smtp-relay: PB to deploy Postfix SMTP relay 2018-04-15 11:38:51 -05:00
squid.yml squid: Add role and PB to deploy Squid 2018-08-12 16:00:32 -05:00
vmhost.yml vmhost: PB to set up VM hosts 2018-07-23 17:35:10 -05:00
websites.yml websites: PB to deploy public-facing websites 2018-07-29 09:37:47 -05:00
zabbix-agent.yml zabbix: Playbooks for Zabbix server, agents 2018-04-14 15:31:17 -05:00
zabbix-server.yml zabbix: Playbooks for Zabbix server, agents 2018-04-14 15:31:17 -05:00
zabbix.yml zabbix: Playbooks for Zabbix server, agents 2018-04-14 15:31:17 -05:00