Joakim
2fe194ba82
- Restructure security playbook with modular nftables loader - Base rules loaded first, service rules second, drop rule last - Add Gitea self-contained firewall management (port 2222) - Add fail2ban protection for Gitea SSH brute force attacks - Update documentation with new firewall architecture - Create comprehensive Gitea deployment and testing guide This enables self-contained service roles to manage their own firewall rules without modifying the central security playbook. Each service deploys rules to /etc/nftables.d/ which are loaded before the final drop rule, maintaining the defense-in-depth security model.
26 lines
486 B
Markdown
26 lines
486 B
Markdown
# Now what?
|
|
|
|
- [x] Redeploy on clean VPS to test playbook
|
|
- [x] Must set up mini-vps for sigvild and devigo
|
|
|
|
- [ ] What gets served on jnss.me?
|
|
- [ ] Backups
|
|
|
|
- [ ] Configure and set up Nextcloud
|
|
- [ ] OAuth
|
|
- [ ] Settings
|
|
- [ ] Contacts and calendars
|
|
- [ ] Storage bucket integration?
|
|
|
|
- [ ] Gitea
|
|
- [ ] SSH setup
|
|
|
|
- [ ] Authentik Invitations for users?
|
|
|
|
- [ ] Sail the high seas
|
|
- [ ] Set up Jellyfin
|
|
- [ ] Set up *arr applications
|
|
|
|
- [ ] "Blog post"
|
|
|