Georg Pfuetzenreuter
824baf386b
All checks were successful
ci/lysergic/push/pipeline Pipeline was successful
Detect which interfaces belong to which zones, and configure firewalld accordingly. Backend zone is currently only prepared and yet to be tested and enabled. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
35 lines
728 B
Plaintext
35 lines
728 B
Plaintext
{%- from slspath ~ '/map.jinja' import firewall_interfaces, public, internal, backend %}
|
|
|
|
include:
|
|
- role.salt.common
|
|
- role.salt.minion
|
|
- .mta
|
|
- .ssh
|
|
|
|
managed_header_pound: |
|
|
### This file is managed via https://git.com.de/LibertaCasa/salt
|
|
### Manual changes will be overwritten
|
|
|
|
{%- if grains['os'] == 'SUSE' %}
|
|
zypper:
|
|
refreshdb_force: False
|
|
|
|
firewalld:
|
|
zones:
|
|
internal:
|
|
{{ firewall_interfaces(internal) }}
|
|
ports:
|
|
- comment: node_exporter
|
|
port: 9200
|
|
protocol: tcp
|
|
{%- if public | length %}
|
|
public:
|
|
{{ firewall_interfaces(public) }}
|
|
{%- endif %}
|
|
{%- endif %}
|
|
|
|
mine_functions:
|
|
network.ip_addrs: []
|
|
network.ip_addrs6: []
|
|
network.interfaces: []
|