forked from bitlair/ansible
Nft is now default
This commit is contained in:
parent
31d38e8f06
commit
ba3c923b77
GPG key ID:
D8674D8FC4F69BD2
16 changed files with 16 additions and 15 deletions
|
|
@ -48,7 +48,6 @@
|
||||||
|
|
||||||
- hosts: pad
|
- hosts: pad
|
||||||
roles:
|
roles:
|
||||||
- { role: "nft", tags: [ "nft" ] }
|
|
||||||
- { role: "acme", tags: [ "acme" ] }
|
- { role: "acme", tags: [ "acme" ] }
|
||||||
- { role: "nginx", tags: [ "nginx" ] }
|
- { role: "nginx", tags: [ "nginx" ] }
|
||||||
- { role: "etherpad", tags: [ "etherpad" ] }
|
- { role: "etherpad", tags: [ "etherpad" ] }
|
||||||
|
|
|
||||||
|
|
@ -4,3 +4,4 @@
|
||||||
gather_facts: true
|
gather_facts: true
|
||||||
roles:
|
roles:
|
||||||
- { role: "common", tags: [ "common" ] }
|
- { role: "common", tags: [ "common" ] }
|
||||||
|
- { role: "nft", tags: [ "nft" ] }
|
||||||
|
|
|
||||||
|
|
@ -1,3 +1,2 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
nft: true
|
|
||||||
|
|
|
||||||
|
|
@ -5,5 +5,3 @@ root_access:
|
||||||
- linor
|
- linor
|
||||||
- polyfloyd
|
- polyfloyd
|
||||||
- wilco
|
- wilco
|
||||||
|
|
||||||
nft: true
|
|
||||||
|
|
|
||||||
|
|
@ -2,4 +2,4 @@
|
||||||
|
|
||||||
forgejo_url: https://git.bitlair.nl
|
forgejo_url: https://git.bitlair.nl
|
||||||
|
|
||||||
nft: false
|
nft: false # Docker wil nog niet zo met nft
|
||||||
|
|
|
||||||
|
|
@ -6,7 +6,6 @@ git_server_domain: git.bitlair.nl
|
||||||
git_server_title: Gitlair
|
git_server_title: Gitlair
|
||||||
git_server_bootstrap_cert: no
|
git_server_bootstrap_cert: no
|
||||||
|
|
||||||
nft: true
|
|
||||||
group_nft_input:
|
group_nft_input:
|
||||||
- "# Allow web-traffic from world"
|
- "# Allow web-traffic from world"
|
||||||
- "tcp dport { http, https } accept"
|
- "tcp dport { http, https } accept"
|
||||||
|
|
|
||||||
4
group_vars/kvm.yaml
Normal file
4
group_vars/kvm.yaml
Normal file
|
|
@ -0,0 +1,4 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
# FIXME: nog niet kunnen testen, en mogelijk non-default config nodig ;)
|
||||||
|
nft: false
|
||||||
|
|
@ -1,3 +1,2 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
nft: true
|
|
||||||
|
|
|
||||||
|
|
@ -3,7 +3,6 @@ monitoring_bootstrap_cert: no
|
||||||
acme_san_domains:
|
acme_san_domains:
|
||||||
- ["{{ monitoring_domain }}", monitoring.bitlair.nl]
|
- ["{{ monitoring_domain }}", monitoring.bitlair.nl]
|
||||||
|
|
||||||
nft: true
|
|
||||||
group_nft_input:
|
group_nft_input:
|
||||||
- "# Allow web-traffic from world"
|
- "# Allow web-traffic from world"
|
||||||
- "tcp dport { http, https } accept"
|
- "tcp dport { http, https } accept"
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,4 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
nft: true
|
|
||||||
|
|
||||||
nft_group_rules:
|
nft_group_rules:
|
||||||
- { version: "ip6", from: [ '2001:470:7f95::/48' ], port: "1883" }
|
- { version: "ip6", from: [ '2001:470:7f95::/48' ], port: "1883" }
|
||||||
|
|
|
||||||
|
|
@ -1,3 +1,8 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
# Fixme, nog niet kunnen testen, was down
|
||||||
|
nft: false
|
||||||
|
|
||||||
root_access:
|
root_access:
|
||||||
- ak
|
- ak
|
||||||
- bob
|
- bob
|
||||||
|
|
|
||||||
|
|
@ -6,7 +6,6 @@ nginx_sites:
|
||||||
- server_name: "pad.bitlair.nl"
|
- server_name: "pad.bitlair.nl"
|
||||||
localproxy: "9001"
|
localproxy: "9001"
|
||||||
|
|
||||||
nft: true
|
|
||||||
group_nft_input:
|
group_nft_input:
|
||||||
- "# Allow web-traffic from world"
|
- "# Allow web-traffic from world"
|
||||||
- "tcp dport { http, https } accept"
|
- "tcp dport { http, https } accept"
|
||||||
|
|
|
||||||
4
group_vars/raspi.yaml
Normal file
4
group_vars/raspi.yaml
Normal file
|
|
@ -0,0 +1,4 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
# Nog niet kunnen testen / geen toegang
|
||||||
|
nft: false
|
||||||
|
|
@ -1,5 +1,4 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
nft: true
|
|
||||||
group_nft_input: []
|
group_nft_input: []
|
||||||
# - "udp dport 4000 accept # FIXME, werkt op dit moment toch niet hoor ik van AK
|
# - "udp dport 4000 accept # FIXME, werkt op dit moment toch niet hoor ik van AK
|
||||||
|
|
|
||||||
|
|
@ -4,8 +4,6 @@ acme_san_domains:
|
||||||
- [ bitair.nl ]
|
- [ bitair.nl ]
|
||||||
- [ ravespace.nl ]
|
- [ ravespace.nl ]
|
||||||
|
|
||||||
nft: true
|
|
||||||
|
|
||||||
group_nft_input:
|
group_nft_input:
|
||||||
- "# Allow web-traffic from world"
|
- "# Allow web-traffic from world"
|
||||||
- "tcp dport { http, https } accept"
|
- "tcp dport { http, https } accept"
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,6 @@
|
||||||
---
|
---
|
||||||
|
|
||||||
nft: false # totdat alles om is
|
nft: true # Overrule om geen nftables uit te rollen
|
||||||
nft_main_config: "/etc/nftables.conf"
|
nft_main_config: "/etc/nftables.conf"
|
||||||
|
|
||||||
# Default policies per chain ( drop / reject / accept )
|
# Default policies per chain ( drop / reject / accept )
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue