justin/new-site
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
758 commits 2 branches 0 tags 96 MiB
Commit graph

2 commits

Author SHA1 Message Date
justin
c8a0824143 firewall: allow ezstorehost (207.174.124.51) to reach Forgejo SSH 
Add ezstorehost to trusted_admin in both layers — the nft input set and
the DOCKER-USER iptables chain (Forgejo is containerised; DNAT means the
post-DNAT dport 22 rule applies). Required for static-tenant deploys from
ezStorehost-infra to clone repos over ssh://.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
 2026-06-10 22:45:43 -05:00
justin
695c3e2431 security: drop all CBC TLS suites (Qualys WEAK -> AEAD-only, still A+); sync ansible nginx templates (ciphers + ywxi CSP); capture host firewall as IaC 2026-06-06 00:49:21 -05:00