WoodSmellParticle/ansible-infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: added mariadb role

Browse source
This commit is contained in:
NaeiKinDus 2024-02-07 00:00:00 +00:00
parent 83c6ce3513
commit d1c59d65de
Signed by: WoodSmellParticle
GPG key ID: 8E52ADFF7CA8AE56
13 changed files with 170 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

26
collections/ansible_collections/nullified/infrastructure/roles/mariadb/templates/nftables.d/mariadb.nft.j2 Normal file
View file

@ -0,0 +1,26 @@
{%- set allowed_ingress_list4 = mariadb_nft_allowed_ingress_list | ansible.utils.ipv4 -%}
{%- set allowed_ingress_list6 = mariadb_nft_allowed_ingress_list | ansible.utils.ipv6 -%}
{%- set allowed_egress_list4 = mariadb_nft_allowed_egress_list | ansible.utils.ipv4 | default([], true) -%}
{%- set allowed_egress_list6 = mariadb_nft_allowed_egress_list | ansible.utils.ipv6 | default([], true) -%}
table inet filter {
{% if mariadb_install_server %}
chain input {
{% if mariadb_nft_filter_input %}
{%+ if allowed_ingress_list4 %}ip saddr { {{ allowed_ingress_list4 | join(', ') }} } tcp dport {{ mariadb_server_port }} accept{% endif +%}
{%+ if allowed_ingress_list6 %}ip6 saddr { {{ allowed_ingress_list6 | join(', ') }} } tcp dport {{ mariadb_server_port }} accept{% endif +%}
{% else %}
tcp dport {{ mariadb_server_port }} accept
{% endif %}
}
{% endif %}
{% if mariadb_install_client %}
chain output {
{% if mariadb_nft_filter_output %}
{%+ if allowed_egress_list4 %}ip daddr { {{ allowed_egress_list4 | join(', ') }} } tcp dport {{ mariadb_server_port }} accept{% endif +%}
{%+ if allowed_egress_list6 %}ip daddr { {{ allowed_egress_list6 | join(', ') }} } tcp dport {{ mariadb_server_port }} accept{% endif +%}
{% else %}
tcp dport {{ mariadb_server_port }} accept
{% endif %}
}
{% endif %}
}