diff --git a/ansible/bootstrap.yml b/ansible/bootstrap.yml index f4cc8d6..0d9d17b 100644 --- a/ansible/bootstrap.yml +++ b/ansible/bootstrap.yml @@ -5,8 +5,9 @@ roles: - create-debian-user -- name: Secure SSH. +- name: Enable firewall & secure SSH. hosts: all become: yes roles: + - networking - configure-ssh diff --git a/ansible/roles/docker/files/daemon.json b/ansible/roles/docker/files/daemon.json index 123edbc..39cfead 100644 --- a/ansible/roles/docker/files/daemon.json +++ b/ansible/roles/docker/files/daemon.json @@ -2,5 +2,7 @@ "metrics-addr" : "0.0.0.0:9323", "experimental" : true, "mtu": 1450, - "network-control-plane-mtu": 1450 + "network-control-plane-mtu": 1450, + "ipv6": true, + "fixed-cidr-v6": "fd00::/80" } diff --git a/ansible/roles/networking/tasks/main.yml b/ansible/roles/networking/tasks/main.yml index 61286b8..f196760 100644 --- a/ansible/roles/networking/tasks/main.yml +++ b/ansible/roles/networking/tasks/main.yml @@ -34,6 +34,15 @@ - 4789 # overlay network traffic - 9001 # Portainer communication +# - name: Open up ports for proper IPv6 service communication +# community.general.ufw: +# rule: allow +# port: "{{ item }}" +# loop: +# - 80 # HTTP +# - 443 # HTTPS +# - 8000 # Portainer edge communication + - name: Block everything else by default & enable firewall. community.general.ufw: default: deny