From c5dc3db2bebe3cc9dc15f104272f07a9e2eebe99 Mon Sep 17 00:00:00 2001 From: Jef Roosens Date: Thu, 16 Dec 2021 10:18:17 +0100 Subject: [PATCH 1/2] Tried adding proper IPv6 support --- roles/docker/files/daemon.json | 4 +++- roles/networking/tasks/main.yml | 9 +++++++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/roles/docker/files/daemon.json b/roles/docker/files/daemon.json index 123edbc..39cfead 100644 --- a/roles/docker/files/daemon.json +++ b/roles/docker/files/daemon.json @@ -2,5 +2,7 @@ "metrics-addr" : "0.0.0.0:9323", "experimental" : true, "mtu": 1450, - "network-control-plane-mtu": 1450 + "network-control-plane-mtu": 1450, + "ipv6": true, + "fixed-cidr-v6": "fd00::/80" } diff --git a/roles/networking/tasks/main.yml b/roles/networking/tasks/main.yml index 61286b8..f196760 100644 --- a/roles/networking/tasks/main.yml +++ b/roles/networking/tasks/main.yml @@ -34,6 +34,15 @@ - 4789 # overlay network traffic - 9001 # Portainer communication +# - name: Open up ports for proper IPv6 service communication +# community.general.ufw: +# rule: allow +# port: "{{ item }}" +# loop: +# - 80 # HTTP +# - 443 # HTTPS +# - 8000 # Portainer edge communication + - name: Block everything else by default & enable firewall. community.general.ufw: default: deny From 8923065e3415dd46a554a8d975bca16b76bbc1c4 Mon Sep 17 00:00:00 2001 From: Jef Roosens Date: Fri, 17 Dec 2021 12:36:34 +0100 Subject: [PATCH 2/2] Added extra bootstrap step to avoid lockout --- bootstrap.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/bootstrap.yml b/bootstrap.yml index f4cc8d6..0d9d17b 100644 --- a/bootstrap.yml +++ b/bootstrap.yml @@ -5,8 +5,9 @@ roles: - create-debian-user -- name: Secure SSH. +- name: Enable firewall & secure SSH. hosts: all become: yes roles: + - networking - configure-ssh