Merge branch 'master' of git.rustybever.be:rusty-bever/deployment
commit
1c31557435
|
@ -5,8 +5,9 @@
|
|||
roles:
|
||||
- create-debian-user
|
||||
|
||||
- name: Secure SSH.
|
||||
- name: Enable firewall & secure SSH.
|
||||
hosts: all
|
||||
become: yes
|
||||
roles:
|
||||
- networking
|
||||
- configure-ssh
|
||||
|
|
|
@ -2,5 +2,7 @@
|
|||
"metrics-addr" : "0.0.0.0:9323",
|
||||
"experimental" : true,
|
||||
"mtu": 1450,
|
||||
"network-control-plane-mtu": 1450
|
||||
"network-control-plane-mtu": 1450,
|
||||
"ipv6": true,
|
||||
"fixed-cidr-v6": "fd00::/80"
|
||||
}
|
||||
|
|
|
@ -34,6 +34,15 @@
|
|||
- 4789 # overlay network traffic
|
||||
- 9001 # Portainer communication
|
||||
|
||||
# - name: Open up ports for proper IPv6 service communication
|
||||
# community.general.ufw:
|
||||
# rule: allow
|
||||
# port: "{{ item }}"
|
||||
# loop:
|
||||
# - 80 # HTTP
|
||||
# - 443 # HTTPS
|
||||
# - 8000 # Portainer edge communication
|
||||
|
||||
- name: Block everything else by default & enable firewall.
|
||||
community.general.ufw:
|
||||
default: deny
|
||||
|
|
Loading…
Reference in New Issue