Merge branch 'master' of git.rustybever.be:rusty-bever/deployment
commit
1c31557435
|
@ -5,8 +5,9 @@
|
||||||
roles:
|
roles:
|
||||||
- create-debian-user
|
- create-debian-user
|
||||||
|
|
||||||
- name: Secure SSH.
|
- name: Enable firewall & secure SSH.
|
||||||
hosts: all
|
hosts: all
|
||||||
become: yes
|
become: yes
|
||||||
roles:
|
roles:
|
||||||
|
- networking
|
||||||
- configure-ssh
|
- configure-ssh
|
||||||
|
|
|
@ -2,5 +2,7 @@
|
||||||
"metrics-addr" : "0.0.0.0:9323",
|
"metrics-addr" : "0.0.0.0:9323",
|
||||||
"experimental" : true,
|
"experimental" : true,
|
||||||
"mtu": 1450,
|
"mtu": 1450,
|
||||||
"network-control-plane-mtu": 1450
|
"network-control-plane-mtu": 1450,
|
||||||
|
"ipv6": true,
|
||||||
|
"fixed-cidr-v6": "fd00::/80"
|
||||||
}
|
}
|
||||||
|
|
|
@ -34,6 +34,15 @@
|
||||||
- 4789 # overlay network traffic
|
- 4789 # overlay network traffic
|
||||||
- 9001 # Portainer communication
|
- 9001 # Portainer communication
|
||||||
|
|
||||||
|
# - name: Open up ports for proper IPv6 service communication
|
||||||
|
# community.general.ufw:
|
||||||
|
# rule: allow
|
||||||
|
# port: "{{ item }}"
|
||||||
|
# loop:
|
||||||
|
# - 80 # HTTP
|
||||||
|
# - 443 # HTTPS
|
||||||
|
# - 8000 # Portainer edge communication
|
||||||
|
|
||||||
- name: Block everything else by default & enable firewall.
|
- name: Block everything else by default & enable firewall.
|
||||||
community.general.ufw:
|
community.general.ufw:
|
||||||
default: deny
|
default: deny
|
||||||
|
|
Loading…
Reference in New Issue