From 071250d798afefc870b487c7e4b4f4dbc5ad1cae Mon Sep 17 00:00:00 2001 From: Franziska Kunsmann Date: Sat, 24 Dec 2022 18:22:29 +0100 Subject: [PATCH] bundles/docker-ce: add nftables rules --- bundles/docker-ce/metadata.py | 26 ++++++++++++++++++++++++++ bundles/woodpecker-agent/items.py | 2 +- 2 files changed, 27 insertions(+), 1 deletion(-) diff --git a/bundles/docker-ce/metadata.py b/bundles/docker-ce/metadata.py index a7d0c98..1315d1c 100644 --- a/bundles/docker-ce/metadata.py +++ b/bundles/docker-ce/metadata.py @@ -12,4 +12,30 @@ defaults = { 'docker-ce-cli': {}, }, }, + 'nftables': { + 'rules': { + '00-docker-ce': { + 'inet filter forward ct state { related, established } accept', + 'inet filter forward iifname docker0 accept', + }, + }, + }, } + + +@metadata_reactor.provides( + 'nftables/rules/00-docker-ce', +) +def nftables_nat(metadata): + rules = set() + + for iface in metadata.get('interfaces'): + rules.add(f'nat postrouting oifname {iface} masquerade') + + return { + 'nftables': { + 'rules': { + '00-docker-ce': rules, + }, + }, + } diff --git a/bundles/woodpecker-agent/items.py b/bundles/woodpecker-agent/items.py index d33df40..01e30e4 100644 --- a/bundles/woodpecker-agent/items.py +++ b/bundles/woodpecker-agent/items.py @@ -10,7 +10,7 @@ actions['install_woodpecker-agent'] = { 'dpkg -i /tmp/woodpecker-agent.deb', ]), 'unless': f'''bash -c "[[ \"$(woodpecker-agent --version | cut -d' ' -f3)\" == "{version}" ]]"''', - 'triggers': {i + 'triggers': { 'svc_systemd:woodpecker-agent:restart', }, }