sonny/debian-setup
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: sonny:483e94b8aea11a0590203d285b480d16296bc051
Branches Tags
sonny:main
..
compare: sonny:a8b30402e31e0f9af11c9649e9c291d33939e69f
Branches Tags
sonny:main

No commits in common. "483e94b8aea11a0590203d285b480d16296bc051" and "a8b30402e31e0f9af11c9649e9c291d33939e69f" have entirely different histories.
483e94b8ae ... a8b30402e3

5 changed files with 9 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

1
ansible.cfg
View file

@ -1,6 +1,5 @@
[defaults] [defaults]
ask_vault_pass = True ask_vault_pass = True
inventory = inventory.yml
[privilege_escalation] [privilege_escalation]
become_ask_pass = True become_ask_pass = True

4
inventory.yml
View file

@ -1,4 +0,0 @@
bookworm:
hosts:
fudiggity:
ansible_connection: local

2
playbook.yml
View file

@ -1,5 +1,5 @@
- name: Provision debian server - name: Provision debian server
hosts: bookworm hosts: localhost
pre_tasks: pre_tasks:
- name: Install shared packages - name: Install shared packages
become: true become: true

8
templates/network/resolved.j2
View file

@ -28,10 +28,10 @@
#DNSOverTLS=no #DNSOverTLS=no
#MulticastDNS=yes #MulticastDNS=yes
#LLMNR=yes #LLMNR=yes
Cache=yes #Cache=yes
CacheFromLocalhost=yes #CacheFromLocalhost=no
DNSStubListener=yes #DNSStubListener=yes
DNSStubListenerExtra={{ vpn_listen_address }} DNSStubListenerExtra={{ vpn_listen_address }}
DNSStubListenerExtra={{ vpn_media_listen_address }} DNSStubListenerExtra={{ vpn_media_listen_address }}
ReadEtcHosts=yes #ReadEtcHosts=yes
#ResolveUnicastSingleLabel=no #ResolveUnicastSingleLabel=no

6
templates/nftables.j2
View file

@ -52,9 +52,11 @@ table ip filter {
chain vpn_chain { chain vpn_chain {
meta l4proto { tcp, udp } th dport 53 ip saddr . ip daddr @vpn_set accept comment "DNS" meta l4proto { tcp, udp } th dport 53 ip saddr . ip daddr @vpn_set accept comment "DNS"
tcp dport { {{ http_port }}, {{ https_port }} } ip saddr . ip daddr @vpn_set accept comment "HTTP/HTTPS" # TODO: remove?
tcp dport 80 ip saddr {{ vpn_subnet }} ip daddr {{ transmission_nginx_ip }} accept comment "Transmission Web" tcp dport 80 ip saddr {{ vpn_subnet }} ip daddr {{ transmission_nginx_ip }} accept comment "Transmission Web"
tcp dport 80 ip saddr {{ vpn_subnet }} ip daddr {{ syncthing_nginx_ip }} accept comment "Syncthing Web" tcp dport { 80, 443 } ip saddr {{ vpn_subnet }} ip daddr {{ syncthing_nginx_ip }} accept comment "Syncthing Web"
tcp dport {{ syncthing_protocol_port }} ip saddr {{ vpn_subnet }} ip daddr {{ syncthing_app_ip }} accept comment "Syncthing protocol" tcp dport {{ syncthing_protocol_port }} ip saddr {{ vpn_subnet }} ip daddr {{ syncthing_app_ip }} accept comment "Syncthing protocol"
tcp dport 80 ip saddr {{ vpn_subnet }} ip daddr {{ radicale_nginx_ip }} accept comment "Radicale" tcp dport 80 ip saddr {{ vpn_subnet }} ip daddr {{ radicale_nginx_ip }} accept comment "Radicale"
@ -73,7 +75,7 @@ table ip filter {
chain media_vpn_chain { chain media_vpn_chain {
meta l4proto { tcp, udp } th dport 53 ip saddr . ip daddr @vpn_media_set accept comment "DNS" meta l4proto { tcp, udp } th dport 53 ip saddr . ip daddr @vpn_media_set accept comment "DNS"
tcp dport 80 ip saddr {{ vpn_media_subnet }} ip daddr {{ jellyfin_nginx_ip }} accept comment "Jellyfin" tcp dport { 80, 443 } ip saddr {{ vpn_media_subnet }} ip daddr {{ jellyfin_nginx_ip }} accept comment "Jellyfin"
} }
# docker's user configurable forward hook chain # docker's user configurable forward hook chain