forked from bitlair/ansible
Nft is now default
This commit is contained in:
parent
31d38e8f06
commit
ba3c923b77
GPG key ID:
D8674D8FC4F69BD2
16 changed files with 16 additions and 15 deletions
|
|
@ -48,7 +48,6 @@
|
|||
|
||||
- hosts: pad
|
||||
roles:
|
||||
- { role: "nft", tags: [ "nft" ] }
|
||||
- { role: "acme", tags: [ "acme" ] }
|
||||
- { role: "nginx", tags: [ "nginx" ] }
|
||||
- { role: "etherpad", tags: [ "etherpad" ] }
|
||||
|
|
|
|||
|
|
@ -4,3 +4,4 @@
|
|||
gather_facts: true
|
||||
roles:
|
||||
- { role: "common", tags: [ "common" ] }
|
||||
- { role: "nft", tags: [ "nft" ] }
|
||||
|
|
|
|||
|
|
@ -1,3 +1,2 @@
|
|||
---
|
||||
|
||||
nft: true
|
||||
|
|
|
|||
|
|
@ -5,5 +5,3 @@ root_access:
|
|||
- linor
|
||||
- polyfloyd
|
||||
- wilco
|
||||
|
||||
nft: true
|
||||
|
|
|
|||
|
|
@ -2,4 +2,4 @@
|
|||
|
||||
forgejo_url: https://git.bitlair.nl
|
||||
|
||||
nft: false
|
||||
nft: false # Docker wil nog niet zo met nft
|
||||
|
|
|
|||
|
|
@ -6,7 +6,6 @@ git_server_domain: git.bitlair.nl
|
|||
git_server_title: Gitlair
|
||||
git_server_bootstrap_cert: no
|
||||
|
||||
nft: true
|
||||
group_nft_input:
|
||||
- "# Allow web-traffic from world"
|
||||
- "tcp dport { http, https } accept"
|
||||
|
|
|
|||
4
group_vars/kvm.yaml
Normal file
4
group_vars/kvm.yaml
Normal file
|
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
|
||||
# FIXME: nog niet kunnen testen, en mogelijk non-default config nodig ;)
|
||||
nft: false
|
||||
|
|
@ -1,3 +1,2 @@
|
|||
---
|
||||
|
||||
nft: true
|
||||
|
|
|
|||
|
|
@ -3,7 +3,6 @@ monitoring_bootstrap_cert: no
|
|||
acme_san_domains:
|
||||
- ["{{ monitoring_domain }}", monitoring.bitlair.nl]
|
||||
|
||||
nft: true
|
||||
group_nft_input:
|
||||
- "# Allow web-traffic from world"
|
||||
- "tcp dport { http, https } accept"
|
||||
|
|
|
|||
|
|
@ -1,6 +1,4 @@
|
|||
---
|
||||
|
||||
nft: true
|
||||
|
||||
nft_group_rules:
|
||||
- { version: "ip6", from: [ '2001:470:7f95::/48' ], port: "1883" }
|
||||
|
|
|
|||
|
|
@ -1,3 +1,8 @@
|
|||
---
|
||||
|
||||
# Fixme, nog niet kunnen testen, was down
|
||||
nft: false
|
||||
|
||||
root_access:
|
||||
- ak
|
||||
- bob
|
||||
|
|
|
|||
|
|
@ -6,7 +6,6 @@ nginx_sites:
|
|||
- server_name: "pad.bitlair.nl"
|
||||
localproxy: "9001"
|
||||
|
||||
nft: true
|
||||
group_nft_input:
|
||||
- "# Allow web-traffic from world"
|
||||
- "tcp dport { http, https } accept"
|
||||
|
|
|
|||
4
group_vars/raspi.yaml
Normal file
4
group_vars/raspi.yaml
Normal file
|
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
|
||||
# Nog niet kunnen testen / geen toegang
|
||||
nft: false
|
||||
|
|
@ -1,5 +1,4 @@
|
|||
---
|
||||
|
||||
nft: true
|
||||
group_nft_input: []
|
||||
# - "udp dport 4000 accept # FIXME, werkt op dit moment toch niet hoor ik van AK
|
||||
|
|
|
|||
|
|
@ -4,8 +4,6 @@ acme_san_domains:
|
|||
- [ bitair.nl ]
|
||||
- [ ravespace.nl ]
|
||||
|
||||
nft: true
|
||||
|
||||
group_nft_input:
|
||||
- "# Allow web-traffic from world"
|
||||
- "tcp dport { http, https } accept"
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
---
|
||||
|
||||
nft: false # totdat alles om is
|
||||
nft: true # Overrule om geen nftables uit te rollen
|
||||
nft_main_config: "/etc/nftables.conf"
|
||||
|
||||
# Default policies per chain ( drop / reject / accept )
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue