ansible-debops-infrastructure

DebOps and Ansible scripts to manage my infrastructure
git clone git://git.erethon.com/ansible-debops-infrastructure
Log | Files | Refs

ferm.yml (1129B)


      1 ---
      2 
      3 ferm__host_rules:
      4   - type: 'accept'
      5     filename: 'nodeexporter'
      6     name: 'nodeexporter'
      7     table: 'filter'
      8     chain: 'INPUT'
      9     dport: [ 9100 ]
     10     protocol: 'tcp'
     11     # Current prometheus host
     12     saddr: '163.172.24.171/32'
     13     domain: 'ip'
     14 
     15   - type: 'accept'
     16     filename: 'wg0'
     17     name: 'wg0'
     18     table: 'filter'
     19     chain: 'INPUT'
     20     dport: [ 8443 ]
     21     protocol: 'udp'
     22     domain: 'ip'
     23 
     24   - type: 'accept'
     25     filename: 'vmnet135'
     26     name: 'vmnet135'
     27     table: 'filter'
     28     chain: 'FORWARD'
     29     domain: 'ip'
     30     interface_present: 'wg0'
     31     outerface_present: 'virbr1'
     32     comment: 'Forward traffic from Wireguard to VMs'
     33 
     34   - type: 'accept'
     35     filename: 'vmnet135_public'
     36     name: 'vmnet135_public'
     37     table: 'filter'
     38     chain: 'FORWARD'
     39     domain: 'ip'
     40     interface_present: 'virbr1'
     41     saddr: '192.168.135.0/24'
     42     comment: 'Forward traffic from VMs to the internet'
     43 
     44   - type: 'custom'
     45     filename: 'vmnet_nat'
     46     name: 'vmnet_nat'
     47     comment: 'Perform NAT for VMs'
     48     rules: |
     49       domain ip table nat chain POSTROUTING {
     50         outerface enp35s0 {
     51           MASQUERADE;
     52         }
     53       }