more nft

2024-07-24 22:10:28 +02:00 · 2024-07-24 22:10:28 +02:00 · 31d38e8f06
commit 31d38e8f06
parent aa242b0327
3 changed files with 18 additions and 0 deletions
--- a/group_vars/monitoring.yaml
+++ b/group_vars/monitoring.yaml
@ -3,6 +3,11 @@ monitoring_bootstrap_cert: no
 acme_san_domains:
  - ["{{ monitoring_domain }}", monitoring.bitlair.nl]

+nft: true
+group_nft_input:
+  - "# Allow web-traffic from world"
+  - "tcp dport { http, https } accept"
+
 prometheus_scrape_configs:
  - job_name: "node"
    static_configs:
--- a/group_vars/services.yaml
+++ b/group_vars/services.yaml
@ -0,0 +1,5 @@
+---
+
+nft: true
+group_nft_input: []
+#  - "udp dport 4000 accept  # FIXME, werkt op dit moment toch niet hoor ik van AK
--- a/group_vars/wiki.yaml
+++ b/group_vars/wiki.yaml
@ -4,6 +4,14 @@ acme_san_domains:
  - [ bitair.nl ]
  - [ ravespace.nl ]

+nft: true
+
+group_nft_input:
+  - "# Allow web-traffic from world"
+  - "tcp dport { http, https } accept"
+  - "# mqtt from world"
+  - "tcp dport { 1883 } accept"
+
 nginx_sites:
  - server_name: "bitlair.nl"
    server_alias: "wiki.bitlair.nl www.bitlair.nl cyber.bitlair.nl"