kunsi/bundlewrap
1
0
Fork 0
Code Issues 1 Pull requests 1 Releases Activity

add firewall
All checks were successful
bundlewrap/pipeline/head This commit looks good
Details

Browse source
This commit is contained in:
Sophie Schiller 2021-02-20 18:12:17 +01:00
parent 36b6e801e5
commit 718b7a9ce8
1 changed files with 18 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
nodes/htz-cloud/miniserver.py
View file

@ -6,6 +6,9 @@ nodes['htz-cloud.miniserver'] = {
'debian-buster', 'debian-buster',
'webserver', 'webserver',
}, },
'bundles': {
'iptables',
},
'metadata': { 'metadata': {
'dummy': True, 'dummy': True,
'interfaces': { 'interfaces': {
@ -20,6 +23,7 @@ nodes['htz-cloud.miniserver'] = {
}, },
'apt': { 'apt': {
'packages': { 'packages': {
'mosh': {},
'weechat': {}, 'weechat': {},
'weechat-core': {}, 'weechat-core': {},
'weechat-curses': {}, 'weechat-curses': {},
@ -28,6 +32,13 @@ nodes['htz-cloud.miniserver'] = {
'weechat-python': {}, 'weechat-python': {},
'weechat-ruby': {}, 'weechat-ruby': {},
}, },
'repos': {
'weechat': {
'items': {
'deb https://weechat.org/debian {os_release} main',
},
},
},
}, },
'backups': { 'backups': {
'exclude_from_backups': True, 'exclude_from_backups': True,
@ -35,6 +46,13 @@ nodes['htz-cloud.miniserver'] = {
'icinga_options': { 'icinga_options': {
'exclude_from_monitoring': True, 'exclude_from_monitoring': True,
}, },
'iptables': {
'custom_rules': [
'iptables_both -A INPUT -p udp --dport 60000:61000 -j ACCEPT', # mosh
'iptables_both -A INPUT -p tcp --dport 9001 -j ACCEPT', # weechat
],
},
'letsencrypt': { 'letsencrypt': {
'concat_and_deploy': { 'concat_and_deploy': {
'sophie-weechat': { 'sophie-weechat': {