-
Notifications
You must be signed in to change notification settings - Fork 3
Home
Brutesque edited this page Aug 23, 2021
·
2 revisions
Welcome to the docker-swarm-over-vpn-mesh wiki!
- Overwrite any passwords generated by the provider at vps creation
- Set "PermitRootLogin no" after becoming different user in playbook
- Don't allow ssh as root; implement ansible user that becomes root
- Check docker services and implement non-root user where possible
- Tls verification for docker? (assuming this is not applicable since this already uses tinc vpn)
- Figure out a better way for storing terraform secrets, other than environment variables. Preferably some kind of vault
- Use ansible vault for secrets (if still applicable after terraform secrets method)
- Use chronyd to synchronize time between nodes
- implement bastion (ssh and vpn) for secure acces to nodes and admin services
- Configure Tinc nodes to use private networking, if made available by the provider. Minimizes data cost.
- Create upgrade playbook, that safely drains an upgraded node before it reboots it.
- Check deployment logs thoroughly and make sure sensitive data is being masked
- Automate manager promotion when manager instance has been removed by terraform
- Figure out if it's possible to have certbot in it's own service dealing the certificates for a cluster of traefik instances to use.