stargate-cluster/vm-ansible
stargate-cluster/vm-ansible
1
0
Fork 0
Code Pull Requests Releases Activity

change to ufw from firewalld

Browse Source
This commit is contained in:
Torma Kristóf 2022-02-05 20:00:55 +01:00
parent 6cd64d6f29
commit 2677085a15
9 changed files with 55 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
requirements.yaml
View File

@ -1,3 +1,4 @@
--- ---
collections: collections:
- ansible.posix - ansible.posix
- community.general

27
roles/common/tasks/firewalld.yaml
View File

@ -1,27 +0,0 @@
---
- name: "Install Docker via apt"
apt:
update_cache: yes
state: present
name:
- firewalld
- name: Start and enable firewalld
service:
name: firewalld
state: restarted
enabled: yes
- name: Permit traffic in public zone for https service
ansible.posix.firewalld:
zone: public
service: https
permanent: yes
state: enabled
- name: Permit traffic in public zone for ssh service
ansible.posix.firewalld:
zone: public
service: ssh
permanent: yes
state: enabled

2
roles/common/tasks/main.yaml
View File

@ -4,7 +4,7 @@
- include_tasks: clean-motd.yaml - include_tasks: clean-motd.yaml
- include_tasks: remove-snap.yaml - include_tasks: remove-snap.yaml
- include_tasks: disable-cloudinit.yaml - include_tasks: disable-cloudinit.yaml
- include_tasks: firewalld.yaml - include_tasks: ufw.yaml
- include_tasks: service-user.yaml - include_tasks: service-user.yaml
- include_tasks: ssh-security-settings.yaml - include_tasks: ssh-security-settings.yaml
- include_tasks: timesync.yaml - include_tasks: timesync.yaml

20
roles/common/tasks/ufw.yaml Normal file
View File

@ -0,0 +1,20 @@
---
- name: "Install ufw via apt"
apt:
update_cache: yes
state: present
name:
- ufw
- name: Enable ufw
community.general.ufw:
state: enabled
- name: Reset ufw rules to default
community.general.ufw:
state: reset
- name: Allow ssh via ufw
community.general.ufw:
rule: allow
port: ssh

6
roles/mariadb/tasks/main.yaml
View File

@ -11,3 +11,9 @@
name: mariadb name: mariadb
state: restarted state: restarted
enabled: yes enabled: yes
- name: Allow mysql port via ufw
community.general.ufw:
rule: allow
port: 3306
proto: tcp

6
roles/postgresql/tasks/main.yaml
View File

@ -11,3 +11,9 @@
name: postgresql name: postgresql
state: restarted state: restarted
enabled: yes enabled: yes
- name: Allow postgresql port via ufw
community.general.ufw:
rule: allow
port: 5432
proto: tcp

5
roles/smtpgateway/tasks/main.yaml
View File

@ -25,3 +25,8 @@
name: postfix name: postfix
state: restarted state: restarted
enabled: yes enabled: yes
- name: Allow smtp port via ufw
community.general.ufw:
rule: allow
port: smtp

10
roles/webgateway/tasks/main.yaml
View File

@ -13,3 +13,13 @@
name: apache2 name: apache2
state: restarted state: restarted
enabled: yes enabled: yes
- name: Allow http port via ufw
community.general.ufw:
rule: allow
port: http
- name: Allow https port via ufw
community.general.ufw:
rule: allow
port: https

5
roles/webserver/tasks/main.yaml
View File

@ -21,3 +21,8 @@
name: apache2 name: apache2
state: restarted state: restarted
enabled: yes enabled: yes
- name: Allow https port via ufw
community.general.ufw:
rule: allow
port: https