From 69547fc540b38a01843f92ea33969c57f414561f Mon Sep 17 00:00:00 2001 From: Mark Janssen Date: Mon, 2 Dec 2024 21:57:47 +0100 Subject: [PATCH] Firewall comments --- group_vars/all.yaml | 2 +- group_vars/fotos.yaml | 3 +-- group_vars/git.yaml | 3 +-- group_vars/homeassistant.yaml | 6 ++---- group_vars/monitoring.yaml | 3 +-- group_vars/pad.yaml | 3 +-- group_vars/shell.yaml | 3 +-- group_vars/wiki.yaml | 6 ++---- 8 files changed, 10 insertions(+), 19 deletions(-) diff --git a/group_vars/all.yaml b/group_vars/all.yaml index dd6b832..f439200 100644 --- a/group_vars/all.yaml +++ b/group_vars/all.yaml @@ -20,7 +20,7 @@ trusted_ranges: # - { v: ipv6, cidr: "2a02:166b:92::/48", comment: "bitlair" } # /48's kunnen niet in de ipset - { v: ipv6, cidr: "2001:678:814:68::/64", comment: "bitlair wifi" } - { v: ipv6, cidr: "2a05:2d01:0:4042::/64", comment: "bitlair servers" } - - { v: ipv6, cidr: "2a05:2d01:1337::/48", comment: "eventinfra v6-range" } + - { v: ipv6, cidr: "2a05:2d01:1337::/48", comment: "bitlair space v6-range" } - { v: ipv6, cidr: "2a0e:5700:4:2::/64", comment: "foobar ipv6" } trusted_ports: - ssh diff --git a/group_vars/fotos.yaml b/group_vars/fotos.yaml index ca34caa..94751d2 100644 --- a/group_vars/fotos.yaml +++ b/group_vars/fotos.yaml @@ -11,6 +11,5 @@ trusted_ports: - microsoft-ds group_nft_input: - - "# Allow traffic from wiki" - - "ip saddr 204.2.64.19 tcp dport { 4567 } accept" + - "ip saddr 204.2.64.19 tcp dport { 4567 } accept # Allow traffic from wiki" diff --git a/group_vars/git.yaml b/group_vars/git.yaml index 03f8559..b938f18 100644 --- a/group_vars/git.yaml +++ b/group_vars/git.yaml @@ -7,8 +7,7 @@ git_server_title: Gitlair git_server_bootstrap_cert: no group_nft_input: - - "# Allow ssh(git) + web-traffic from world" - - "tcp dport { ssh, http, https } accept" + - "tcp dport { ssh, http, https } accept # Allow ssh(git) + web-traffic from world" nginx_client_max_body_size: 4G diff --git a/group_vars/homeassistant.yaml b/group_vars/homeassistant.yaml index d43165b..4c826c5 100644 --- a/group_vars/homeassistant.yaml +++ b/group_vars/homeassistant.yaml @@ -3,10 +3,8 @@ acme_san_domains: - [ homeassistant.bitlair.nl ] group_nft_input: - - "# Allow web-traffic from world" - - "tcp dport { http, https } accept" - - "# mqtt from world" - - "tcp dport { 1883 } accept" + - "tcp dport { http, https } accept # Allow web-traffic from world" + - "tcp dport { 1883 } accept # mqtt from world" nginx_sites: - server_name: "homeassistant.bitlair.nl" diff --git a/group_vars/monitoring.yaml b/group_vars/monitoring.yaml index 260e159..61c5cae 100644 --- a/group_vars/monitoring.yaml +++ b/group_vars/monitoring.yaml @@ -4,8 +4,7 @@ acme_san_domains: - ["{{ monitoring_domain }}"] group_nft_input: - - "# Allow web-traffic from world" - - "tcp dport { http, https } accept" + - "tcp dport { http, https } accept # Allow web-traffic from world" prometheus_scrape_configs: - job_name: "node" diff --git a/group_vars/pad.yaml b/group_vars/pad.yaml index a629003..6f4babc 100644 --- a/group_vars/pad.yaml +++ b/group_vars/pad.yaml @@ -25,5 +25,4 @@ nginx_sites: - "}" group_nft_input: - - "# Allow web-traffic from world" - - "tcp dport { http, https } accept" + - "tcp dport { http, https } accept # Allow web-traffic from world" diff --git a/group_vars/shell.yaml b/group_vars/shell.yaml index 4c28989..3d7c4b8 100644 --- a/group_vars/shell.yaml +++ b/group_vars/shell.yaml @@ -3,5 +3,4 @@ manage_sshd_config: false group_nft_input: - - "# Allow SSH from world" - - "tcp dport { ssh } accept" + - "tcp dport { ssh } accept # Allow SSH from world" diff --git a/group_vars/wiki.yaml b/group_vars/wiki.yaml index 1f2bd2c..7bc009b 100644 --- a/group_vars/wiki.yaml +++ b/group_vars/wiki.yaml @@ -5,10 +5,8 @@ acme_san_domains: - [ ravespace.nl ] group_nft_input: - - "# Allow web-traffic from world" - - "tcp dport { http, https } accept" - - "# mqtt from world" - - "tcp dport { 1883 } accept" + - "tcp dport { http, https } accept # Allow web-traffic from world" + - "tcp dport { 1883 } accept # mqtt from world" nginx_sites: - server_name: "bitlair.nl"