bastian/deploy_home
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
228 Commits 1 Branch 0 Tags
master
Commit Graph

16 Commits

Author SHA1 Message Date
Bastian de Byl
61692b36a2 refactor: reorganize fluent-bit and geoip out of containers 
- Move fluent-bit to common role (systemd service, not a container)
- Move geoip to podman/tasks/data/ (data prep, not a container)
- Remove debyltech tag from geoip (not a debyltech service)
- Fix check_mode for fetch subuid task to enable dry-run mode

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-28 12:34:43 -05:00
Bastian de Byl
9d562c7188 feat: smart zomboid traffic filtering with packet-size detection 
Replace per-IP hashlimit with smarter filtering that distinguishes
legitimate players from scanner bots based on packet behavior:
- Players send varied packet sizes (53, 37, 1472 bytes)
- Scanners only send 53-byte query packets

New firewall rule chain:
- Priority 2: Mark + ACCEPT non-query packets (verifies player)
- Priority 3: ACCEPT queries from verified IPs (1 hour TTL)
- Priority 4: LOG rate-limited queries from unverified IPs
- Priority 5: DROP rate-limited queries (2 burst, then 1/hour)

Also includes:
- Fail2ban zomboid jail with tighter thresholds (5 retries/4h, 1w ban)
- Graylog streams for zomboid-connections, zomboid-ratelimit, fail2ban
- GeoIP pipeline enrichment for zomboid traffic
- Fluent-bit inputs for ratelimit logs and fail2ban events
- Remove Legendary Katana mod (Workshop 3418366499) - removed from Steam
- Bump Immich to v2.5.0
- Fix fulfillr config (nil → null)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
 2026-01-27 15:09:26 -05:00
Bastian de Byl
38561cb968 gitea, zomboid updates, ssh key fixes 2025-12-19 10:39:56 -05:00
Bastian de Byl
c5bc5a91ac moved nginx, graylog to podman 2022-05-01 03:31:16 -04:00
Bastian de Byl
cb2001357f moved ddns, partkeepr, hass to podman, selinux 2022-04-30 03:44:55 -04:00
Bastian de Byl
2360c82f98 CU-251akbj added graylog and additional fixes from discovered logs 2022-04-18 03:15:52 -04:00
Bastian de Byl
78f8ce2c6f ansible lint additions, .yamllint.yml configuratuion 2022-04-12 01:43:26 -04:00
Bastian de Byl
cc834df161 added partkeepr, motion, and relevant secrets 2021-11-28 16:38:52 -05:00
Bastian de Byl
40e4cf5774 noticket Added cronie to common services 2020-12-07 19:17:17 -05:00
Bastian de Byl
17dd1fc372 noticket Changes from redeploy to new server 2020-10-07 22:46:13 -04:00
Bastian de Byl
c89079b810 ansible_fixes Replaced 'with_items' with 'loop' 2020-10-02 22:31:52 -04:00
Bastian de Byl
798c3bbb80 CU-cyk0dp Added more rules to modsecurity 2020-09-30 22:58:33 -04:00
Bastian de Byl
4ef5cc815f Fixed linting, ignore vault file for linting 2020-09-25 12:17:06 -04:00
Bastian de Byl
3b4ad7c45c GitHub linguist .yml, fail2ban config fixes 2020-09-25 11:41:15 -04:00
Bastian de Byl
53f2868916 Implemented working version of drone w/nginx https 2020-09-24 22:52:33 -04:00
Bastian de Byl
e0abdbe506 Initial working commit 2020-09-24 21:06:56 -04:00