add firewall

2021-02-20 18:12:17 +01:00 · 2021-02-20 18:12:17 +01:00 · 718b7a9ce8
parent 36b6e801e5
commit 718b7a9ce8
1 changed files with 18 additions and 0 deletions
--- a/nodes/htz-cloud/miniserver.py
+++ b/nodes/htz-cloud/miniserver.py
@ -6,6 +6,9 @@ nodes['htz-cloud.miniserver'] = {
        'debian-buster',
        'webserver',
    },
+    'bundles': {
+        'iptables',
+    },
    'metadata': {
        'dummy': True,
        'interfaces': {
@ -20,6 +23,7 @@ nodes['htz-cloud.miniserver'] = {
        },
        'apt': {
            'packages': {
+                'mosh': {},
                'weechat': {},
                'weechat-core': {},
                'weechat-curses': {},
@ -28,6 +32,13 @@ nodes['htz-cloud.miniserver'] = {
                'weechat-python': {},
                'weechat-ruby': {},
            },
+            'repos': {
+                'weechat': {
+                    'items': {
+                        'deb https://weechat.org/debian {os_release} main',
+                    },
+                },
+            },
        },
        'backups': {
            'exclude_from_backups': True,
@ -35,6 +46,13 @@ nodes['htz-cloud.miniserver'] = {
        'icinga_options': {
            'exclude_from_monitoring': True,
        },
+        'iptables': {
+            'custom_rules': [
+                'iptables_both -A INPUT -p udp --dport 60000:61000 -j ACCEPT', # mosh
+                'iptables_both -A INPUT -p tcp --dport 9001 -j ACCEPT', # weechat
+
+            ],
+        },
        'letsencrypt': {
            'concat_and_deploy': {
                'sophie-weechat': {