ansible-debops-infrastructure

DebOps and Ansible scripts to manage my infrastructure
git clone git://git.erethon.com/ansible-debops-infrastructure
Log | Files | Refs

commit 348271f44da000cd313db854ca516a66401a61d8
parent 9959aa35805a2c0903890caedcbacd526a1a9b25
Author: Dionysis Grigoropoulos <dgrig@erethon.com>
Date:   Mon, 17 May 2021 01:35:01 +0300

brighty: Init host_vars for brighty

Diffstat:
ansible/inventory/host_vars/brighty/ferm.yml | 53+++++++++++++++++++++++++++++++++++++++++++++++++++++
ansible/inventory/host_vars/brighty/resources.yml | 6++++++
ansible/inventory/host_vars/brighty/wireguard.yml | 9+++++++++
3 files changed, 68 insertions(+), 0 deletions(-)

diff --git a/ansible/inventory/host_vars/brighty/ferm.yml b/ansible/inventory/host_vars/brighty/ferm.yml @@ -0,0 +1,53 @@ +--- + +ferm__host_rules: + - type: 'accept' + filename: 'nodeexporter' + name: 'nodeexporter' + table: 'filter' + chain: 'INPUT' + dport: [ 9100 ] + protocol: 'tcp' + # Current prometheus host + saddr: '163.172.24.171/32' + domain: 'ip' + + - type: 'accept' + filename: 'wg0' + name: 'wg0' + table: 'filter' + chain: 'INPUT' + dport: [ 8443 ] + protocol: 'udp' + domain: 'ip' + + - type: 'accept' + filename: 'vmnet135' + name: 'vmnet135' + table: 'filter' + chain: 'FORWARD' + domain: 'ip' + interface_present: 'wg0' + outerface_present: 'virbr1' + comment: 'Forward traffic from Wireguard to VMs' + + - type: 'accept' + filename: 'vmnet135_public' + name: 'vmnet135_public' + table: 'filter' + chain: 'FORWARD' + domain: 'ip' + interface_present: 'virbr1' + saddr: '192.168.135.0/24' + comment: 'Forward traffic from VMs to the internet' + + - type: 'custom' + filename: 'vmnet_nat' + name: 'vmnet_nat' + comment: 'Perform NAT for VMs' + rules: | + domain ip table nat chain POSTROUTING { + outerface enp35s0 { + MASQUERADE; + } + } diff --git a/ansible/inventory/host_vars/brighty/resources.yml b/ansible/inventory/host_vars/brighty/resources.yml @@ -0,0 +1,6 @@ +--- + +resources__host_files: + - dest: '/etc/default/prometheus-node-exporter' + content: | + ARGS="--web.listen-address={{ node_exporter__listen_address }}:9100" diff --git a/ansible/inventory/host_vars/brighty/wireguard.yml b/ansible/inventory/host_vars/brighty/wireguard.yml @@ -0,0 +1,9 @@ +--- + +wireguard__host_ip: "10.0.135.1/24" +wireguard__listen_port: 8443 +wireguard__host_peers: + - public_key_host: "warden" + allowed_ips: "10.0.135.2/32" + - public_key: "ZDmHC9aaH2bhDcgQEyStweMfvdt1WDeA2iJ93X7UUiw=" + allowed_ips: "10.0.135.3/32"