Firewallregeln verschärft

2020-12-31 14:39:17 +01:00 · 2020-12-31 14:39:17 +01:00 · 66c9174131
commit 66c9174131
parent 1fc7975323
8 changed files with 20 additions and 13 deletions
--- a/group_vars/acng.yml
+++ b/group_vars/acng.yml
@ -5,6 +5,7 @@
      to_port: 22
      protocol: tcp
      comment: 'ssh'
+      from_ip: 192.168.2.0/24
    - rule: allow
      to_port: 9999
      from_ip: 192.168.2.0/24
--- a/group_vars/all.yml
+++ b/group_vars/all.yml
@ -42,6 +42,7 @@
      to_port: 22
      protocol: tcp
      comment: 'ssh'
+      from_ip: 192.168.2.0/24
  ### ryandaniels.create_users
  users:
  - username: mg
--- a/group_vars/dns.yml
+++ b/group_vars/dns.yml
@ -5,9 +5,11 @@
      to_port: 22
      protocol: tcp
      comment: 'ssh'
+      from_ip: 192.168.2.0/24
    - rule: allow
      to_port: 80
      comment: 'pihole-webgui'
+      from_ip: 192.168.2.0/24
    - rule: allow
      to_port: 53
      comment: 'pihole-dns'
--- a/group_vars/docker.yml
+++ b/group_vars/docker.yml
@ -5,21 +5,27 @@
      to_port: 22
      protocol: tcp
      comment: 'ssh'
+      from_ip: 192.168.2.0/24
    - rule: allow
      to_port: 80
      comment: 'docker-traefik'
+      from_ip: 192.168.2.0/24
    - rule: allow
      to_port: 443
      comment: 'docker-traefik'
+      from_ip: 192.168.2.0/24
    - rule: allow
      to_port: 8080
      comment: 'docker-traefik'
+      from_ip: 192.168.2.0/24
    - rule: allow
      to_port: 333
      comment: 'docker-homer'
+      from_ip: 192.168.2.0/24
    - rule: allow
      to_port: 3001
      comment: 'docker-rssbridge'
+      from_ip: 192.168.2.0/24
 #    - rule: allow
 #      comment: 'alles erlauben'
  ### geerlingguy.docker
--- a/group_vars/dokuwiki.yml
+++ b/group_vars/dokuwiki.yml
@ -7,6 +7,8 @@
      to_port: 22
      protocol: tcp
      comment: 'ssh'
+      from_ip: 192.168.2.0/24
    - rule: allow
      to_port: 80
      comment: 'dokuwiki-webserver'
+      from_ip: 192.168.2.0/24
--- a/group_vars/gitea.yml
+++ b/group_vars/gitea.yml
@ -7,14 +7,17 @@
      to_port: 22
      protocol: tcp
      comment: 'ssh'
+      from_ip: 192.168.2.0/24
    - rule: allow
      to_port: 3000
      protocol: tcp
      comment: 'gitea'
+      from_ip: 192.168.2.0/24
    - rule: allow
      to_port: 2222
      protocol: tcp
      comment: 'gitea'
+      from_ip: 192.168.2.0/24
  ### tmaurice.gitea
  gitea_version: "1.13.0"
  gitea_app_name: "Gitea"
--- a/group_vars/jenkins.yml
+++ b/group_vars/jenkins.yml
@ -22,9 +22,11 @@
      to_port: 22
      protocol: tcp
      comment: 'ssh'
+      from_ip: 192.168.2.0/24
    - rule: allow
      to_port: 8080
      comment: 'jenkins'
+      from_ip: 192.168.2.0/24
  ### mgrote.restic
  restic_folders_to_backup: /usr/local /etc /root /home /var/lib/jenkins
  ### mgrote.install_packages
--- a/group_vars/storage.yml
+++ b/group_vars/storage.yml
@ -73,22 +73,12 @@
      to_port: 22
      protocol: tcp
      comment: 'ssh'
+      from_ip: 192.168.2.0/24
    - rule: allow
      to_port: 445
      comment: 'smb'
+      from_ip: 192.168.2.0/24
    - rule: allow
      to_port: 139
      comment: 'smb'
-    - rule: allow
-      to_port: 9000:9010
-      protocol: tcp
-      comment: 'minio'
-  ### atosatto.minio
-  minio_user: minio
-  minio_group: minio
-  minio_server_addr: ":9000"
-  minio_server_datadirs:
-    - /shares/minio
-  minio_server_make_datadirs: true
-  minio_access_key: "{{ lookup('keepass', 'minio_access_key', 'password') }}"
-  minio_secret_key: "{{ lookup('keepass', 'minio_secret_key', 'password') }}"
+      from_ip: 192.168.2.0/24