fleet-infra

davide/fleet-infra

Fork 0

Commit Graph

Author	SHA1	Message	Date
Davide Piu	d19ede0559	feat: enable CrowdSec Traefik bouncer on all ingresses - Add Traefik plugin via HelmChartConfig (crowdsec-bouncer-traefik-plugin) - Create bouncer Middleware in stream mode - Apply bouncer to all public ingresses - IPs flagged by CrowdSec will now be blocked at Traefik level	2026-02-19 23:53:00 +00:00
Davide Piu	d59ac2a933	sec: disable Vaultwarden open signups, add admin token - signupsAllowed: false - prevents public registration - invitationsAllowed: false - prevents invitation abuse - adminToken from Secret for /admin panel access	2026-02-19 22:58:29 +00:00
Davide Piu	c2a803d28b	feat: deploy Wave 1 - Vaultwarden, Uptime Kuma, Trivy Operator, Authelia GitOps manifests for security stack Wave 1: - Vaultwarden (vault.davidepiu.xyz) - password manager - Uptime Kuma (status.davidepiu.xyz) - uptime monitoring - Trivy Operator - vulnerability scanning - Authelia (auth.davidepiu.xyz) - SSO + 2FA All with NetworkPolicies for Traefik ingress.	2026-02-19 22:44:34 +00:00

Author

SHA1

Message

Date

Davide Piu

d19ede0559

feat: enable CrowdSec Traefik bouncer on all ingresses

- Add Traefik plugin via HelmChartConfig (crowdsec-bouncer-traefik-plugin)
- Create bouncer Middleware in stream mode
- Apply bouncer to all public ingresses
- IPs flagged by CrowdSec will now be blocked at Traefik level

2026-02-19 23:53:00 +00:00

Davide Piu

d59ac2a933

sec: disable Vaultwarden open signups, add admin token

- signupsAllowed: false - prevents public registration
- invitationsAllowed: false - prevents invitation abuse
- adminToken from Secret for /admin panel access

2026-02-19 22:58:29 +00:00

Davide Piu

c2a803d28b

feat: deploy Wave 1 - Vaultwarden, Uptime Kuma, Trivy Operator, Authelia

GitOps manifests for security stack Wave 1:
- Vaultwarden (vault.davidepiu.xyz) - password manager
- Uptime Kuma (status.davidepiu.xyz) - uptime monitoring
- Trivy Operator - vulnerability scanning
- Authelia (auth.davidepiu.xyz) - SSO + 2FA

All with NetworkPolicies for Traefik ingress.

2026-02-19 22:44:34 +00:00

3 Commits