WoodSmellParticle/ansible-infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
101 commits 1 branch 0 tags 24 MiB
Commit graph

15 commits

Author SHA1 Message Date
NaeiKinDus
63a306f54a
chore(security): removed allowed cipher chacha20-poly1350@openssh.com from allowed ciphers list for sshd due to security concerns 2024-12-27 00:00:00 +00:00
NaeiKinDus
21185a17c4
feat(security): moved nftables reserved networks behind a feature flag and no longer block 0.0.0.0/8 and 169.254.0.0/16 by default to ease DHCP and APIPA configuration 2024-12-27 00:00:00 +00:00
NaeiKinDus
3701ea6276
fix(security,common)!: moved sysctl and resolvconf tasks from common to security role to fix DNS resolution fail due to firewall rules 2024-08-08 00:00:00 +00:00
NaeiKinDus
b7ba39bce9
feat(security): tightened files mode for ssh configuration and enabled ipv6 on ssh, along with an increase on max sessions from 3 to 5 2024-08-08 00:00:00 +00:00
NaeiKinDus
3acdd804df
fix(security): fixed invalid template generation for nft rules 02 and 03 when ipv6 addresses are specified in controllers ips list 2024-08-08 00:00:00 +00:00
NaeiKinDus
b83c6c1d4f
fix(security): fixed wordwrap breaking long strings (ipv6 addresses) in nftables.conf 2024-08-08 00:00:00 +00:00
NaeiKinDus
068a2e2790
fix(security): fixed an issue leading to an invalid nftables.conf file being generated using provisioners ip addresses 2024-07-27 00:00:00 +00:00
NaeiKinDus
14a46715c7
feat(security): allow all registered provisioners to connect without limitations instead of the one running playbooks only 2024-07-11 00:00:00 +00:00
NaeiKinDus
779f2766f2
refactor!: switch hosts variables to a flat layout 2024-01-21 00:00:00 +00:00
NaeiKinDus
da45c7c409
refactor(security): reworked firewall configuration and added support for DNS, HTTP and ICMP rules; added autoconf for resolv.conf to match FW rules 2024-01-06 00:00:00 +00:00
NaeiKinDus
19f509888a
fix(security): typo in supervisors ip6 variable name 2023-12-26 00:00:00 +00:00
NaeiKinDus
2dc90631fb
refactor(security): fix line indentation in mangle table template 2023-12-25 00:00:00 +00:00
NaeiKinDus
3659c15749
fix(security): find controllers IP from SSH connection, not from hostname lookup 2023-12-25 00:00:00 +00:00
NaeiKinDus
639b01c351
feat(security): added nftables firewall 2023-12-12 00:00:00 +00:00
NaeiKinDus
e4770a7343
feat: base configuration automation 2023-11-08 00:00:00 +00:00