joakim/rick-infra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
2fe194ba8228080d16d9757d8030f12544074b75
rick-infra/now-what.md
Joakim 2fe194ba82 Implement modular nftables architecture and Gitea SSH firewall management 
- Restructure security playbook with modular nftables loader
- Base rules loaded first, service rules second, drop rule last
- Add Gitea self-contained firewall management (port 2222)
- Add fail2ban protection for Gitea SSH brute force attacks
- Update documentation with new firewall architecture
- Create comprehensive Gitea deployment and testing guide

This enables self-contained service roles to manage their own firewall
rules without modifying the central security playbook. Each service
deploys rules to /etc/nftables.d/ which are loaded before the final
drop rule, maintaining the defense-in-depth security model.
2025-12-16 21:45:22 +01:00

486 B
Raw Blame History

Now what?

  • Redeploy on clean VPS to test playbook

    • Must set up mini-vps for sigvild and devigo

  • What gets served on jnss.me?

  • Backups

  • Configure and set up Nextcloud

    • OAuth
    • Settings
    • Contacts and calendars
    • Storage bucket integration?

  • Gitea

    • SSH setup

  • Authentik Invitations for users?

  • Sail the high seas

    • Set up Jellyfin
    • Set up *arr applications

  • "Blog post"

Reference in New Issue View Git Blame Copy Permalink