Browse Source

update iptables and main playbook

master
Markus Bergholz 1 month ago
parent
commit
c5db448cc1

+ 6
- 6
ansible/osuv.yml View File

@@ -13,12 +13,6 @@
# - ipv6 # chain DOCKER-USER is not available for ipv6. that might exists why docker swarm mode does not work with ipv6

tasks:
- name: I need my dotfiles
git:
repo: "https://git.osuv.de/m/dotfiles"
dest: /home/m/git/dotfiles
update: yes

- name: create my aws cwl groups
cloudwatchlogs_log_group:
region: eu-central-1
@@ -27,6 +21,12 @@
with_items: "{{ cwl_groups }}"
delegate_to: localhost

- name: I need my dotfiles
git:
repo: "https://git.osuv.de/m/dotfiles"
dest: /home/m/git/dotfiles
update: yes

- name: setup iptables
include_role:
name: iptables

+ 1
- 1
ansible/roles/iptables/files/my_iptables.service View File

@@ -5,7 +5,7 @@ Requires=docker.service

[Service]
Type=simple
ExecStart=/usr/local/bin/ansible-playbook /home/m/dotfiles/ansible/local.yml
ExecStart=/usr/local/bin/ansible-playbook /home/m/git/dotfiles/ansible/local.yml
Restart=on-failure
RestartSec=2


+ 15
- 5
ansible/roles/iptables/tasks/main.yml View File

@@ -11,6 +11,7 @@
group: root

- name: enable my_iptables service
become: yes
systemd:
enabled: yes
state: started
@@ -29,19 +30,28 @@
port: ssh
proto: tcp

- name: allow port 80
- name: allow docker swarm internally
become: yes
ufw:
rule: allow
port: 80
proto: tcp
port: "{{ item }}"
proto: any
src: 10.0.0.0/8
with_items:
- "2377"
- "2376"
- "7946"
- "4789"

- name: allow port 443
- name: allow port 80 and 443
become: yes
ufw:
rule: allow
port: 443
port: "{{ item }}"
proto: tcp
with_items:
- "80"
- "443"

- name: enable UFW
become: yes

Loading…
Cancel
Save