mirror of
https://gitlab.archlinux.org/archlinux/infrastructure.git
synced 2025-01-07 04:24:10 +01:00
27553ab31a
With the support for network.wireguard.* credentials[1] in systemd v256[2], we can now easily avoid storing the credentials centrally in our ansible vault, which is preferable as it makes the private keys less exposed. It may also make fine-grained access easier in the future[3] as there is no longer a vault file for each server. All the keys have been rotated and the new private keys are only stored on the servers. [1] https://github.com/systemd/systemd/pull/30826 [2] https://github.com/systemd/systemd/releases/tag/v256 [3] https://gitlab.archlinux.org/archlinux/infrastructure/-/issues/64
15 lines
343 B
YAML
15 lines
343 B
YAML
filesystem: btrfs
|
|
|
|
ipv4_address: "188.245.228.0"
|
|
ipv4_netmask: "/32"
|
|
ipv6_address: "2a01:4f8:c012:d0ce::1"
|
|
fail2ban_jails:
|
|
sshd: true
|
|
postfix: false
|
|
dovecot: false
|
|
nginx_limit_req: false
|
|
wireguard_address: 10.0.0.46
|
|
wireguard_public_key: BD2cbLkESFRPLy4luZlwEPc45yBFmd1Ti2nSFd1hVBQ=
|
|
certbot_dns_support: true
|
|
certbot_tsig_name: mumble
|