Add Proxmox host role, WireGuard VPN, and public Gitea via Traefik HTTPS
Ansible Lint / lint (push) Successful in 4s
Ansible Lint / lint (push) Successful in 4s
Proxmox host role: - Admin user setup, SSH hardening (port 2222, no root login) - claude-code SFTP chroot user - Unattended upgrades, DuckDNS dynamic DNS updater (vault-encrypted token) - WireGuard VPN server (10.10.10.0/24) with Fedora client registered - Proxmox firewall management via pvesh API (idempotent Python script) Public Gitea exposure: - Traefik: add HTTPS entrypoint, Let's Encrypt ACME (HTTP-01), StripPrefix middleware for /git subpath, HTTP→HTTPS redirect - Gitea ROOT_URL updated to https://adyrem.duckdns.org/git/ - Pi-hole split DNS: adyrem.duckdns.org → 10.10.1.3 for internal hairpin bypass SSH config fixes: - StrictHostKeyChecking no → accept-new across all hosts - Proxmox jump host: port 2222, user adyrem (root login disabled) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -0,0 +1,8 @@
|
||||
vault_duckdns_token: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
34386432626362373134333765386630616466383661623463363465353135633763623364366166
|
||||
3233343837653638613262663537383630376635323031350a653464653166396165643136643163
|
||||
66376663666332303337306165313337303261373033363834373031303335383839383139663461
|
||||
3036356435613435660a323432303964326362646462653139656664653439346331323261636436
|
||||
62343135373431326231333736613836366238663064623163336636393663633862383439363333
|
||||
6530326532373062636237613765353039373164333063613331
|
||||
Reference in New Issue
Block a user