geir/home-lab
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
home-lab/machines
History
Geir Okkenhaug Jerstad 304e868e09 Add reverse-proxy configuration with DMZ-specific security 
- Create reverse-proxy machine configuration for VPS edge server
- Configure SSH access only via Tailscale (100.96.189.104)
- Implement strict DMZ firewall rules (HTTP/HTTPS only externally)
- Add enhanced fail2ban settings for DMZ environment
- Include sma user with SSH key management
- Configure Nginx reverse proxy with Let's Encrypt SSL
- Add reverse-proxy to flake.nix nixosConfigurations

Security features:
- SSH only accessible through Tailscale interface
- Aggressive fail2ban settings (24h ban, 3 max retries)
- Firewall rejects all non-essential traffic
- No common network config to avoid security conflicts
2025-06-05 16:47:52 +02:00
..
congenital-optimist feat: add NFS server and Transmission service to sleeper-service 2025-06-05 16:31:09 +02:00
grey-area docs: update grey-area hardware specifications 2025-06-04 16:36:06 +02:00
reverse-proxy Add reverse-proxy configuration with DMZ-specific security 2025-06-05 16:47:52 +02:00
sleeper-service feat: add NFS server and Transmission service to sleeper-service 2025-06-05 16:31:09 +02:00