deployment/ansible/roles/networking/tasks/main.yml

50 lines
1.1 KiB
YAML
Raw Permalink Normal View History

2021-12-12 16:36:49 +01:00
- name: Install fail2ban & ufw.
2021-12-11 16:28:17 +01:00
apt:
2021-12-12 16:36:49 +01:00
name:
- fail2ban
- ufw
2021-12-11 16:28:17 +01:00
state: present
# TODO add proper fail2ban config
- name: Ensure fail2ban is started & enabled.
service:
name: fail2ban
state: started
enabled: true
2021-12-12 16:36:49 +01:00
- name: Ensure ufw is started & enabled.
service:
name: fail2ban
state: started
enabled: true
- name: Allow SSH connections.
community.general.ufw:
rule: allow
port: 2222
2021-12-12 22:34:38 +01:00
- name: Open necessary ports for Docker swarm communication.
community.general.ufw:
rule: allow
port: "{{ item }}"
loop:
- 2377 # cluster management communications
- 7946 # communication among nodes
- 4789 # overlay network traffic
2021-12-12 23:39:06 +01:00
- 9001 # Portainer communication
2021-12-12 22:34:38 +01:00
2021-12-16 10:18:17 +01:00
# - name: Open up ports for proper IPv6 service communication
# community.general.ufw:
# rule: allow
# port: "{{ item }}"
# loop:
# - 80 # HTTP
# - 443 # HTTPS
# - 8000 # Portainer edge communication
2021-12-12 16:36:49 +01:00
- name: Block everything else by default & enable firewall.
community.general.ufw:
default: deny
state: enabled