commit b228544927c5b17c9fe23b424f2fa2869b39eeed
parent 3060eb91334a22c9f7af246feb2a0df70825a3f3
Author: Dionysis Grigoropoulos <dgrig@erethon.com>
Date: Sun, 24 Jan 2021 23:31:15 +0200
ansible: Initialize k3s and autonomous vars
Diffstat:
4 files changed, 73 insertions(+), 0 deletions(-)
diff --git a/ansible/inventory/group_vars/k3s/ferm.yml b/ansible/inventory/group_vars/k3s/ferm.yml
@@ -0,0 +1,21 @@
+---
+
+ferm__group_rules:
+ - type: 'accept'
+ filename: 'k3sapi'
+ name: 'k3sapi'
+ table: 'filter'
+ chain: 'INPUT'
+ dport: ['2379', '2380', '6443']
+ protocol: 'tcp'
+ domain: 'ip'
+ saddr: "{{ k3s__nodes }}"
+ - type: 'accept'
+ filename: 'k3sflannel'
+ name: 'k3sflannel'
+ table: 'filter'
+ chain: 'INPUT'
+ dport: ['8472']
+ saddr: "{{ k3s__nodes }}"
+ protocol: 'udp'
+ domain: 'ip'
diff --git a/ansible/inventory/group_vars/k3s/k3s.yml b/ansible/inventory/group_vars/k3s/k3s.yml
@@ -0,0 +1,4 @@
+---
+
+# Hardcoded for now since it's simpler this way
+k3s__nodes: ['192.168.133.2', '192.168.133.3', '192.168.133.4']
diff --git a/ansible/inventory/host_vars/autonomous/apt_install.yml b/ansible/inventory/host_vars/autonomous/apt_install.yml
@@ -0,0 +1,6 @@
+---
+
+apt_install__host_packages: ['haproxy', 'cryptsetup', 'qemu-kvm',
+ 'libvirt-clients', 'libvirt-daemon-system', 'ebtables', 'dnsmasq',
+ 'bridge-utils', 'qemu-utils', 'virtinst', 'openvpn', 'easy-rsa',
+ 'pdns-server', 'netcat-openbsd', 'smartmontools']
diff --git a/ansible/inventory/host_vars/autonomous/ferm.yml b/ansible/inventory/host_vars/autonomous/ferm.yml
@@ -0,0 +1,42 @@
+---
+
+ferm__host_rules:
+ - type: 'accept'
+ filename: 'wg0'
+ name: 'wg0'
+ table: 'filter'
+ chain: 'INPUT'
+ dport: [ 8443 ]
+ protocol: 'udp'
+ domain: 'ip'
+
+ - type: 'accept'
+ filename: 'vmnet133'
+ name: 'vmnet133'
+ table: 'filter'
+ chain: 'FORWARD'
+ domain: 'ip'
+ interface_present: 'wg0'
+ outerface_present: 'virbr1'
+ comment: 'Forward traffic from Wireguard to VMs'
+
+ - type: 'accept'
+ filename: 'vmnet133_public'
+ name: 'vmnet133_public'
+ table: 'filter'
+ chain: 'FORWARD'
+ domain: 'ip'
+ interface_present: 'virbr1'
+ saddr: '192.168.133.0/24'
+ comment: 'Forward traffic from VMs to the internet'
+
+ - type: 'custom'
+ filename: 'vmnet_nat'
+ name: 'vmnet_nat'
+ comment: 'Perform NAT for VMs'
+ rules: |
+ domain ip table nat chain POSTROUTING {
+ outerface enp2s0 {
+ MASQUERADE;
+ }
+ }
