Joakim
2fe194ba82
- Restructure security playbook with modular nftables loader - Base rules loaded first, service rules second, drop rule last - Add Gitea self-contained firewall management (port 2222) - Add fail2ban protection for Gitea SSH brute force attacks - Update documentation with new firewall architecture - Create comprehensive Gitea deployment and testing guide This enables self-contained service roles to manage their own firewall rules without modifying the central security playbook. Each service deploys rules to /etc/nftables.d/ which are loaded before the final drop rule, maintaining the defense-in-depth security model.
38 lines
854 B
YAML
38 lines
854 B
YAML
---
|
|
# Homelab Infrastructure Deployment
|
|
#
|
|
# Deploys personal homelab services to arch-vps including:
|
|
# - PostgreSQL database
|
|
# - Valkey cache/session store
|
|
# - Podman container runtime
|
|
# - Caddy web server
|
|
# - Nextcloud cloud storage
|
|
# - Authentik SSO/authentication
|
|
# - Gitea git hosting
|
|
#
|
|
# Usage:
|
|
# ansible-playbook playbooks/homelab.yml
|
|
|
|
- import_playbook: playbooks/security.yml
|
|
- name: Deploy Homelab Infrastructure
|
|
hosts: homelab
|
|
become: true
|
|
gather_facts: true
|
|
|
|
tasks:
|
|
# - name: Deploy Authentik
|
|
# include_role:
|
|
# name: authentik
|
|
# tags: ['authentik', 'sso', 'auth']
|
|
|
|
- name: Deploy Gitea
|
|
include_role:
|
|
name: gitea
|
|
tags: ['gitea', 'git', 'development']
|
|
|
|
# - name: Deploy Nextcloud
|
|
# include_role:
|
|
# name: nextcloud
|
|
# tags: ['nextcloud', 'cloud', 'storage']
|
|
|