diff --git a/group_vars/all.yml b/group_vars/all.yml index 46cabbf2..6d8c2b3e 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -96,6 +96,11 @@ ufw_rules: protocol: tcp comment: 'munin' from_ip: 192.168.2.0/24 + - rule: allow + to_port: 9080 + protocol: tcp + comment: 'promtail' + from_ip: 192.168.2.0/24 ufw_default_incoming_policy: deny ufw_default_outgoing_policy: allow diff --git a/group_vars/blocky.yml b/group_vars/blocky.yml index f667a14c..370c2e29 100644 --- a/group_vars/blocky.yml +++ b/group_vars/blocky.yml @@ -14,6 +14,11 @@ ufw_rules: protocol: tcp comment: 'munin' from_ip: 192.168.2.0/24 + - rule: allow + to_port: 9080 + protocol: tcp + comment: 'promtail' + from_ip: 192.168.2.0/24 - rule: allow to_port: 53 comment: 'dns' diff --git a/group_vars/docker.yml b/group_vars/docker.yml index b0ebe4e6..f539bf71 100644 --- a/group_vars/docker.yml +++ b/group_vars/docker.yml @@ -140,6 +140,11 @@ ufw_rules: protocol: tcp comment: 'munin' from_ip: 192.168.2.0/24 + - rule: allow + to_port: 9080 + protocol: tcp + comment: 'promtail' + from_ip: 192.168.2.0/24 - rule: allow from_ip: 192.168.0.0/16 comment: 'docker networks' diff --git a/group_vars/fileserver.yml b/group_vars/fileserver.yml index 94df5466..bb7eeb96 100644 --- a/group_vars/fileserver.yml +++ b/group_vars/fileserver.yml @@ -14,6 +14,11 @@ ufw_rules: protocol: tcp comment: 'munin' from_ip: 192.168.2.0/24 + - rule: allow + to_port: 9080 + protocol: tcp + comment: 'promtail' + from_ip: 192.168.2.0/24 - rule: allow to_port: 445 comment: 'smb' diff --git a/group_vars/git.yml b/group_vars/git.yml index c665b37b..03f82bc6 100644 --- a/group_vars/git.yml +++ b/group_vars/git.yml @@ -41,6 +41,11 @@ ufw_rules: protocol: tcp comment: 'munin' from_ip: 192.168.2.0/24 + - rule: allow + to_port: 9080 + protocol: tcp + comment: 'promtail' + from_ip: 192.168.2.0/24 - rule: allow to_port: "{{ gitea_http_port }}" protocol: tcp diff --git a/group_vars/ldap.yml b/group_vars/ldap.yml index 846c9e82..e918cfd2 100644 --- a/group_vars/ldap.yml +++ b/group_vars/ldap.yml @@ -18,6 +18,11 @@ ufw_rules: protocol: tcp comment: 'munin' from_ip: 192.168.2.0/24 + - rule: allow + to_port: 9080 + protocol: tcp + comment: 'promtail' + from_ip: 192.168.2.0/24 - rule: allow to_port: "{{ lldap_http_port }}" protocol: tcp diff --git a/group_vars/munin.yml b/group_vars/munin.yml index 6fbfc29d..7a8aabd1 100644 --- a/group_vars/munin.yml +++ b/group_vars/munin.yml @@ -7,10 +7,14 @@ ufw_rules: comment: 'ssh' from_ip: 0.0.0.0/0 - rule: allow - to_port: 80 #TODO passt? + to_port: 80 protocol: tcp comment: 'munin' - + - rule: allow + to_port: 9080 + protocol: tcp + comment: 'promtail' + from_ip: 192.168.2.0/24 ### mgrote_restic restic_folders_to_backup: "/usr/local /etc /root /home /var/lib/munin"