phfroidmont/self-hosting
1
0
Fork 0
mirror of https://github.com/phfroidmont/self-hosting.git synced 2025-12-25 13:46:59 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Use tinc for private networking

Browse source
This commit is contained in:
Paul-Henri Froidmont 2019-04-07 16:26:03 +02:00
parent 904167ec30
commit 224bdffc8b
9 changed files with 29 additions and 41 deletions
Download patch file Download diff file Expand all files Collapse all files

26
group_vars/all/vars.yml Normal file
View file

@ -0,0 +1,26 @@
---
ansible_python_interpreter: /usr/bin/python3
harden_linux_root_password: "{{k8s_scaleway_root_password}}"
harden_linux_deploy_user: deploy
harden_linux_deploy_user_password: "{{k8s_scaleway_deploy_user_password}}"
harden_linux_deploy_user_home: /home/deploy
harden_linux_ufw_defaults_user:
"^DEFAULT_FORWARD_POLICY": 'DEFAULT_FORWARD_POLICY="ACCEPT"'
harden_linux_deploy_user_public_keys: "{{ scw_authorized_keys }}"
harden_linux_ufw_allow_networks:
- "10.0.0.0/8"
- "172.16.0.0/12"
- "192.168.0.0/16"
harden_linux_sysctl_settings_user:
"net.ipv4.ip_forward": 1
"net.ipv6.conf.default.forwarding": 1
"net.ipv6.conf.all.forwarding": 1
harden_linux_ufw_logging: 'on'
harden_linux_sshguard_whitelist:
- "127.0.0.0/8"
- "::1/128"
- "212.83.165.111"
- "10.3.0.0/24"
- "10.200.0.0/16"