dustin/configpolicy: Ansible configuration policy for the private network/home lab of Dustin C. Hatch - configpolicy - Gitea: Git with a cup of tea

dustin/configpolicy

Go to file

Dustin C. Hatch a1ca06a3c5 Move VPN server to dedicated VM

The VPN capability of the UniFi Security Gateway is extremely limited.
It does not support road-warrior IPsec/IKEv2 configuration, and its
OpenVPN configuration is inflexible. As with DHCP, the best solution is
to simply move service to another machine.

To that end, I created a new VM, *vpn0.pyrocufflink.blue*, to host both
strongSwan and OpenVPN. For this to work, the necessary TCP/UDP ports
need to be forwarded, of course, and all of the remote subnets need
static routes on the gateway, specifying this machine as the next hop.
Additionally, ICMP redirects need to be disabled, to prevent confusing
the routing tables of devices on the same subnet as the VPN gateway.

2018-10-07 21:42:18 -05:00

certs/koji/koji0.pyrocufflink.blue

hosts: Add koji0.pyrocufflink.blue

2018-08-12 10:27:20 -05:00

ci: Add pipeline for Koji

2018-08-12 10:27:20 -05:00

Move VPN server to dedicated VM

2018-10-07 21:42:18 -05:00

hosts: Add dns1.pyrocufflink.blue

2018-08-12 17:24:37 -05:00

passwords/kojiweb_secret

hosts: Add koji0.pyrocufflink.blue

2018-08-12 10:27:20 -05:00

Move VPN server to dedicated VM

2018-10-07 21:42:18 -05:00

hosts: Add file0.p.b to burp-client

2018-08-08 22:07:32 -05:00

.gitignore

Protect vault secret with GPG

2018-01-29 15:11:07 -06:00

.vault-secret.sh

Protect vault secret with GPG

2018-01-29 15:11:07 -06:00

ansible.cfg

ansible.cfg: Fix remote_tmp

2018-05-19 10:20:22 -05:00

ansible.yml

ansible: Install Ansible

2018-04-08 12:20:03 -05:00

aria2.yml

aria2: Deploy aria2 download manager

2018-08-19 14:17:48 -05:00

base.yml

base: Base playbook

2018-01-29 15:03:45 -06:00

burp-client.yml

burp-{client,server}: PBs to deploy BURP

2018-08-08 20:14:25 -05:00

burp-server.yml

burp-{client,server}: PBs to deploy BURP

2018-08-08 20:14:25 -05:00

certbot.yml

certbot: Playbook to deploy certbot

2018-06-13 22:23:27 -05:00

dch-gw.yml

dch-gw: Initial commit

2018-03-27 20:44:43 -05:00

dch-proxy.yml

dch-proxy: PB to deploy HAProxy

2018-07-01 15:19:20 -05:00

dch-root-ca.crt

pyrocufflink: Trust DCH Root CA

2018-06-04 20:03:55 -05:00

dch-vpn.yml

Move VPN server to dedicated VM

2018-10-07 21:42:18 -05:00

dhcpcd.yml

dhcpcd: Install and configure dhcpcd

2018-03-13 23:19:50 -05:00

dhcpd.yml

dhcpd: Install and configure ISC DHCPD

2018-03-27 20:44:43 -05:00

domain-controller.yml

domain-controller: Configure local AD authentication

2018-03-11 18:16:17 -05:00

dyngroups.yml

dyngroups: Dynamic host classification

2018-03-27 20:44:43 -05:00

fileserver.yml

fileserver: PB to deploy fileserver role

2018-08-01 22:08:24 -05:00

firewalld.yml

firewalld: Playbook to bootstrap firewalld

2018-01-29 15:11:07 -06:00

gitea.yml

gitea: Restrict SSH configuration

2018-06-06 21:45:36 -05:00

hostname.yml

hostname: Also write /etc/hosts

2018-04-08 10:11:43 -05:00

hosts

Move VPN server to dedicated VM

2018-10-07 21:42:18 -05:00

hosts.offline

hosts: Move vmhost1.p.b to hosts.offline

2018-08-04 11:31:40 -05:00

jenkins-slave.yml

jenkins-slave: Apply ssh-hostkeys role

2018-04-08 12:32:02 -05:00

koji-builder.yml

koji: Add playbooks for Koji

2018-08-12 10:14:25 -05:00

koji-hub.yml

koji: Add playbooks for Koji

2018-08-12 10:14:25 -05:00

koji-web.yml

koji: Add playbooks for Koji

2018-08-12 10:14:25 -05:00

koji.yml

koji: Add playbooks for Koji

2018-08-12 10:14:25 -05:00

named-server.yml

named-server: Playbook to deploy BIND

2018-01-29 15:10:04 -06:00

net-ifaces.yml

net-ifaces: PB to apply net-ifaces role

2018-07-23 17:35:10 -05:00

network.yml

network: Playbook to configure networking

2018-03-27 20:44:43 -05:00

ntp.yml

ntp: Initial PB and role to set up ntpd

2018-04-22 11:19:22 -05:00

postgresql.yml

postgresql: PB to deploy PostgreSQL server

2018-04-14 15:28:46 -05:00

pyrocufflink.yml

pyrocufflink: Trust DCH Root CA

2018-06-04 20:03:55 -05:00

radius.yml

radius: PB to configure RADIUS servers

2018-05-06 13:09:18 -05:00

radvd.yml

radvd: Install and configure radvd

2018-03-27 20:44:43 -05:00

remount.yml

remount: PB to remount read-only filesystems

2018-04-15 13:45:38 -05:00

rngd.yml

rngd: PB to set up rngd

2018-08-13 20:25:22 -05:00

samba-dc.yml

samba-dc: Configure samba4 winbind

2018-03-11 18:16:17 -05:00

smtp-relay.yml

smtp-relay: PB to deploy Postfix SMTP relay

2018-04-15 11:38:51 -05:00

squid.yml

squid: Add role and PB to deploy Squid

2018-08-12 16:00:32 -05:00

vmhost.yml

vmhost: PB to set up VM hosts

2018-07-23 17:35:10 -05:00

websites.yml

websites: PB to deploy public-facing websites

2018-07-29 09:37:47 -05:00

zabbix-agent.yml

zabbix: Playbooks for Zabbix server, agents

2018-04-14 15:31:17 -05:00

zabbix-server.yml

zabbix: Playbooks for Zabbix server, agents

2018-04-14 15:31:17 -05:00

zabbix.yml

zabbix: Playbooks for Zabbix server, agents

2018-04-14 15:31:17 -05:00