bundles/docker-ce: add nftables rules

This commit is contained in:
Franzi 2022-12-24 18:22:29 +01:00
parent efdff6ef28
commit 071250d798
Signed by: kunsi
GPG key ID: 12E3D2136B818350
2 changed files with 27 additions and 1 deletions

View file

@ -12,4 +12,30 @@ defaults = {
'docker-ce-cli': {}, 'docker-ce-cli': {},
}, },
}, },
'nftables': {
'rules': {
'00-docker-ce': {
'inet filter forward ct state { related, established } accept',
'inet filter forward iifname docker0 accept',
},
},
},
} }
@metadata_reactor.provides(
'nftables/rules/00-docker-ce',
)
def nftables_nat(metadata):
rules = set()
for iface in metadata.get('interfaces'):
rules.add(f'nat postrouting oifname {iface} masquerade')
return {
'nftables': {
'rules': {
'00-docker-ce': rules,
},
},
}

View file

@ -10,7 +10,7 @@ actions['install_woodpecker-agent'] = {
'dpkg -i /tmp/woodpecker-agent.deb', 'dpkg -i /tmp/woodpecker-agent.deb',
]), ]),
'unless': f'''bash -c "[[ \"$(woodpecker-agent --version | cut -d' ' -f3)\" == "{version}" ]]"''', 'unless': f'''bash -c "[[ \"$(woodpecker-agent --version | cut -d' ' -f3)\" == "{version}" ]]"''',
'triggers': {i 'triggers': {
'svc_systemd:woodpecker-agent:restart', 'svc_systemd:woodpecker-agent:restart',
}, },
} }