From c22d6bde865427905802c104281b85ab70a91240 Mon Sep 17 00:00:00 2001 From: albert Date: Thu, 12 Sep 2024 19:17:27 +0900 Subject: [PATCH] Remove Treafik Fail2Ban Configs. Fixes Issue 5 --- nixos/hosts/framework-server/default.nix | 4 +++- nixos/hosts/osaka-linode-01/firewall.nix | 6 ++++-- nixos/hosts/osaka-linode-01/wireguard.nix | 2 +- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/nixos/hosts/framework-server/default.nix b/nixos/hosts/framework-server/default.nix index 2de53afd..0be40ace 100644 --- a/nixos/hosts/framework-server/default.nix +++ b/nixos/hosts/framework-server/default.nix @@ -9,7 +9,9 @@ ../../common/modules/ssh-luks.nix ../../common/services/docker.nix ../../common/services/tailscale-autoconnect.nix - ../../common/modules/fail2ban/traefik.nix + # Disabling -- I don't know why but this all of a sudden breaks Headscale. + # Sep 12 2024 + # ../../common/modules/fail2ban/traefik.nix ./containers.nix ./disks.nix ./wireguard.nix diff --git a/nixos/hosts/osaka-linode-01/firewall.nix b/nixos/hosts/osaka-linode-01/firewall.nix index 21b67bc4..569e4147 100644 --- a/nixos/hosts/osaka-linode-01/firewall.nix +++ b/nixos/hosts/osaka-linode-01/firewall.nix @@ -65,19 +65,21 @@ frontend http mode http bind :80 - bind :443 ssl crt /Storage/Data/Docker/sysctl.io/letsencrypt/external/*.sysctl.io/combined.pem + # bind :443 ssl crt /Storage/Data/Docker/sysctl.io/letsencrypt/external/*.sysctl.io/combined.pem http-request redirect scheme https unless { ssl_fc } default_backend backend_http backend backend_http mode http option forwardfor option forwarded - server framework-server 10.100.0.2:443 ssl verify required ca-file ${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt sni req.hdr(Host) + # server framework-server 10.100.0.2:443 ssl verify required ca-file ${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt sni req.hdr(Host) + server framework-server 10.100.0.2 frontend tcp mode tcp bind :25565 bind :4443 + bind :443 default_backend backend_tcp backend backend_tcp mode tcp diff --git a/nixos/hosts/osaka-linode-01/wireguard.nix b/nixos/hosts/osaka-linode-01/wireguard.nix index 27b8f8b8..1ff77890 100644 --- a/nixos/hosts/osaka-linode-01/wireguard.nix +++ b/nixos/hosts/osaka-linode-01/wireguard.nix @@ -3,7 +3,7 @@ # Allow these hosts to directly communicate with their hostnames networking.extraHosts = '' 10.100.0.1 osaka-linode-01 - 10.100.0.2 headscale.sysctl.io + # 10.100.0.2 headscale.sysctl.io 10.100.0.3 backups-rpi4 10.100.0.4 frankfurt-linode-01 '';