feat: add firewall module
- add nftables/ipset modules - add custom firewall module
This commit is contained in:
@@ -143,6 +143,14 @@ hiera_include:
|
||||
- networking
|
||||
- ssh::server
|
||||
- profiles::accounts::rundeck
|
||||
- firewall::rules::in::exporters
|
||||
- firewall::rules::out::consul
|
||||
- firewall::rules::out::dns
|
||||
- firewall::rules::out::http
|
||||
- firewall::rules::out::https
|
||||
- firewall::rules::out::ntp
|
||||
- firewall::rules::out::puppet
|
||||
- firewall::rules::out::vault
|
||||
|
||||
profiles::ntp::client::ntp_role: 'roles::infra::ntp::server'
|
||||
profiles::ntp::client::use_ntp: 'region'
|
||||
@@ -341,3 +349,30 @@ profiles::ceph::client::mons:
|
||||
# aliases:
|
||||
# - prodinf01n22
|
||||
# - repos.main.unkin.net
|
||||
|
||||
firewall::ipset_queries:
|
||||
certbot: "enc_role=roles::infra::pki::certbot"
|
||||
cobbler: "enc_role=roles::infra::cobbler::server"
|
||||
consul: "enc_role=roles::infra::storage::consul"
|
||||
dhcp: "enc_role=roles::infra::dhcp::server"
|
||||
dns_master: "enc_role=roles::infra::dns::master"
|
||||
dns_resolver: "enc_role=roles::infra::dns::resolver"
|
||||
edgecache: "enc_role=roles::infra::storage::edgecache"
|
||||
gitea_runner: "enc_role=roles::infra::git::runner"
|
||||
gitea_server: "enc_role=roles::infra::git::gitea"
|
||||
glauth: "enc_role=roles::infra::auth::glauth"
|
||||
gonic: "enc_role=roles::apps::music::gonic"
|
||||
grafana: "enc_role=roles::infra::metrics::grafana"
|
||||
haproxy: "enc_role=roles::infra::halb::haproxy"
|
||||
jumphost: "enc_role=roles::infra::proxy::jumphost"
|
||||
ntp: "enc_role=roles::infra::ntp::server"
|
||||
prometheus: "enc_role=roles::infra::metrics::prometheus"
|
||||
puppetboard: "enc_role=roles::infra::puppetboard::server"
|
||||
puppetmaster: "enc_role=roles::infra::puppet::master"
|
||||
puppetdb_sql: "enc_role=roles::infra::puppetdb::sql"
|
||||
puppetdb_api: "enc_role=roles::infra::puppetdb::api"
|
||||
redis: "enc_role=roles::infra::db::redis"
|
||||
rundeck: "enc_role=roles::infra::automation::rundeck"
|
||||
sql_galera: "enc_role=roles::infra::sql::galera"
|
||||
sql_patroni: "enc_role=roles::infra::sql::patroni"
|
||||
vault: "enc_role=roles::infra::storage::vault"
|
||||
|
||||
@@ -10,6 +10,8 @@ hiera_include:
|
||||
|
||||
profiles::packages::include:
|
||||
lzo: {}
|
||||
firewalld:
|
||||
ensure: absent
|
||||
network-scripts: {}
|
||||
policycoreutils: {}
|
||||
unar: {}
|
||||
|
||||
@@ -1,4 +1,10 @@
|
||||
---
|
||||
hiera_include:
|
||||
- firewall::rules::in::ssh
|
||||
- firewall::rules::in::vault
|
||||
|
||||
firewall::rules::in::ssh::ipset: jumphost
|
||||
|
||||
profiles::vault::server::members_role: roles::infra::storage::vault
|
||||
profiles::vault::server::members_lookup: true
|
||||
profiles::vault::server::data_dir: /data/vault
|
||||
|
||||
Reference in New Issue
Block a user