From 66c91741318195035422124632335d2f9817e4ae Mon Sep 17 00:00:00 2001
From: Michael Grote <38253905+quotengrote@users.noreply.github.com>
Date: Thu, 31 Dec 2020 14:39:17 +0100
Subject: [PATCH] =?UTF-8?q?Firewallregeln=20versch=C3=A4rft?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 group_vars/acng.yml     |  1 +
 group_vars/all.yml      |  1 +
 group_vars/dns.yml      |  2 ++
 group_vars/docker.yml   |  6 ++++++
 group_vars/dokuwiki.yml |  2 ++
 group_vars/gitea.yml    |  3 +++
 group_vars/jenkins.yml  |  2 ++
 group_vars/storage.yml  | 16 +++-------------
 8 files changed, 20 insertions(+), 13 deletions(-)

diff --git a/group_vars/acng.yml b/group_vars/acng.yml
index 8104b13f..5e26e205 100644
--- a/group_vars/acng.yml
+++ b/group_vars/acng.yml
@@ -5,6 +5,7 @@
       to_port: 22
       protocol: tcp
       comment: 'ssh'
+      from_ip: 192.168.2.0/24
     - rule: allow
       to_port: 9999
       from_ip: 192.168.2.0/24
diff --git a/group_vars/all.yml b/group_vars/all.yml
index 9e339664..36932479 100644
--- a/group_vars/all.yml
+++ b/group_vars/all.yml
@@ -42,6 +42,7 @@
       to_port: 22
       protocol: tcp
       comment: 'ssh'
+      from_ip: 192.168.2.0/24
   ### ryandaniels.create_users
   users:
   - username: mg
diff --git a/group_vars/dns.yml b/group_vars/dns.yml
index bab88c81..d2b950e9 100644
--- a/group_vars/dns.yml
+++ b/group_vars/dns.yml
@@ -5,9 +5,11 @@
       to_port: 22
       protocol: tcp
       comment: 'ssh'
+      from_ip: 192.168.2.0/24
     - rule: allow
       to_port: 80
       comment: 'pihole-webgui'
+      from_ip: 192.168.2.0/24
     - rule: allow
       to_port: 53
       comment: 'pihole-dns'
diff --git a/group_vars/docker.yml b/group_vars/docker.yml
index 76c4f769..4ecdf638 100644
--- a/group_vars/docker.yml
+++ b/group_vars/docker.yml
@@ -5,21 +5,27 @@
       to_port: 22
       protocol: tcp
       comment: 'ssh'
+      from_ip: 192.168.2.0/24
     - rule: allow
       to_port: 80
       comment: 'docker-traefik'
+      from_ip: 192.168.2.0/24
     - rule: allow
       to_port: 443
       comment: 'docker-traefik'
+      from_ip: 192.168.2.0/24
     - rule: allow
       to_port: 8080
       comment: 'docker-traefik'
+      from_ip: 192.168.2.0/24
     - rule: allow
       to_port: 333
       comment: 'docker-homer'
+      from_ip: 192.168.2.0/24
     - rule: allow
       to_port: 3001
       comment: 'docker-rssbridge'
+      from_ip: 192.168.2.0/24
 #    - rule: allow
 #      comment: 'alles erlauben'
   ### geerlingguy.docker
diff --git a/group_vars/dokuwiki.yml b/group_vars/dokuwiki.yml
index 453f1807..732a47ab 100644
--- a/group_vars/dokuwiki.yml
+++ b/group_vars/dokuwiki.yml
@@ -7,6 +7,8 @@
       to_port: 22
       protocol: tcp
       comment: 'ssh'
+      from_ip: 192.168.2.0/24
     - rule: allow
       to_port: 80
       comment: 'dokuwiki-webserver'
+      from_ip: 192.168.2.0/24
diff --git a/group_vars/gitea.yml b/group_vars/gitea.yml
index 66e07dae..a200d3eb 100644
--- a/group_vars/gitea.yml
+++ b/group_vars/gitea.yml
@@ -7,14 +7,17 @@
       to_port: 22
       protocol: tcp
       comment: 'ssh'
+      from_ip: 192.168.2.0/24
     - rule: allow
       to_port: 3000
       protocol: tcp
       comment: 'gitea'
+      from_ip: 192.168.2.0/24
     - rule: allow
       to_port: 2222
       protocol: tcp
       comment: 'gitea'
+      from_ip: 192.168.2.0/24
   ### tmaurice.gitea
   gitea_version: "1.13.0"
   gitea_app_name: "Gitea"
diff --git a/group_vars/jenkins.yml b/group_vars/jenkins.yml
index 9cd8989a..91afb562 100644
--- a/group_vars/jenkins.yml
+++ b/group_vars/jenkins.yml
@@ -22,9 +22,11 @@
       to_port: 22
       protocol: tcp
       comment: 'ssh'
+      from_ip: 192.168.2.0/24
     - rule: allow
       to_port: 8080
       comment: 'jenkins'
+      from_ip: 192.168.2.0/24
   ### mgrote.restic
   restic_folders_to_backup: /usr/local /etc /root /home /var/lib/jenkins
   ### mgrote.install_packages
diff --git a/group_vars/storage.yml b/group_vars/storage.yml
index b1e370ed..5c323959 100644
--- a/group_vars/storage.yml
+++ b/group_vars/storage.yml
@@ -73,22 +73,12 @@
       to_port: 22
       protocol: tcp
       comment: 'ssh'
+      from_ip: 192.168.2.0/24
     - rule: allow
       to_port: 445
       comment: 'smb'
+      from_ip: 192.168.2.0/24
     - rule: allow
       to_port: 139
       comment: 'smb'
-    - rule: allow
-      to_port: 9000:9010
-      protocol: tcp
-      comment: 'minio'
-  ### atosatto.minio
-  minio_user: minio
-  minio_group: minio
-  minio_server_addr: ":9000"
-  minio_server_datadirs:
-    - /shares/minio
-  minio_server_make_datadirs: true
-  minio_access_key: "{{ lookup('keepass', 'minio_access_key', 'password') }}"
-  minio_secret_key: "{{ lookup('keepass', 'minio_secret_key', 'password') }}"
+      from_ip: 192.168.2.0/24