WoodSmellParticle/ansible-infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: WoodSmellParticle:95e483c2fb6ecaf679ff16d59225edf0bd4328a3
Branches Tags
WoodSmellParticle:main
..
compare: WoodSmellParticle:1c625d2d84e11030dd0ad057e6378095678d8bd4
Branches Tags
WoodSmellParticle:main

No commits in common. "95e483c2fb6ecaf679ff16d59225edf0bd4328a3" and "1c625d2d84e11030dd0ad057e6378095678d8bd4" have entirely different histories.
95e483c2fb ... 1c625d2d84

5 changed files with 3 additions and 38 deletions
Show stats Expand all files Collapse all files

2
ansible_collections/nullified/infrastructure/roles/deluge/defaults/main.yml
View file

@ -17,5 +17,3 @@ deluge_daemon_incoming_port: 6881
deluge_daemon_outgoing_port_lo: 6889 deluge_daemon_outgoing_port_lo: 6889
deluge_daemon_outgoing_port_hi: 6899 deluge_daemon_outgoing_port_hi: 6899
deluge_web_expose_client: false deluge_web_expose_client: false
deluge_allow_remote_control: false
deluge_allowed_remotes: []

2
ansible_collections/nullified/infrastructure/roles/deluge/templates/core.conf.j2
View file

@ -3,7 +3,7 @@
"format": 1 "format": 1
}{ }{
"add_paused": false, "add_paused": false,
"allow_remote": {{ 'true' if deluge_allow_remote_control is truthy else 'false' }}, "allow_remote": false,
"auto_manage_prefer_seeds": false, "auto_manage_prefer_seeds": false,
"auto_managed": true, "auto_managed": true,
"cache_expiry": 60, "cache_expiry": 60,

31
ansible_collections/nullified/infrastructure/roles/deluge/templates/nftables.d/deluge.nft.j2
View file

@ -1,18 +1,3 @@
{% set deluge_allowed_remotes_ip4 = deluge_allowed_remotes | default([]) | ansible.utils.ipv4 %}
{% set deluge_allowed_remotes_ip6 = deluge_allowed_remotes | default([]) | ansible.utils.ipv6 %}
{% if deluge_allow_remote_control and deluge_allowed_remotes_ip4 | length > 0 %}
define allowed_controllers4 = {
{{ deluge_allowed_remotes_ip4 | join(", ") | wordwrap(40, wrapstring="\n ", break_long_words=False) }}
}
{% endif %}
{% if deluge_allow_remote_control and deluge_allowed_remotes_ip6 | length > 0 %}
define allowed_controllers6 = {
{{ deluge_allowed_remotes_ip6 | join(", ") | wordwrap(40, wrapstring="\n ", break_long_words=False) }}
}
{% endif %}
table inet filter { table inet filter {
chain input { chain input {
{% if deluge_web_expose_client %} {% if deluge_web_expose_client %}
@ -21,14 +6,6 @@ table inet filter {
meta nfproto { ipv4, ipv6 } iifname "lo" tcp dport {{ deluge_web_port }} accept meta nfproto { ipv4, ipv6 } iifname "lo" tcp dport {{ deluge_web_port }} accept
{% endif %} {% endif %}
iifname "lo" tcp dport {{ deluge_daemon_control_port }} accept iifname "lo" tcp dport {{ deluge_daemon_control_port }} accept
{% if deluge_allow_remote_control %}
{% if deluge_allowed_remotes_ip4 | length > 0 %}
ip saddr $allowed_controllers4 meta l4proto { tcp, udp } th dport {{ deluge_daemon_control_port }} accept
{% endif %}
{% if deluge_allowed_remotes_ip6 | length > 0 %}
ip6 saddr $allowed_controllers6 meta l4proto { tcp, udp } th dport {{ deluge_daemon_control_port }} accept
{% endif %}
{% endif %}
meta l4proto { tcp, udp } th dport {{ deluge_daemon_incoming_port }} accept meta l4proto { tcp, udp } th dport {{ deluge_daemon_incoming_port }} accept
meta l4proto { tcp, udp } th dport { {{ deluge_daemon_outgoing_port_lo }}-{{ deluge_daemon_outgoing_port_hi }} } accept meta l4proto { tcp, udp } th dport { {{ deluge_daemon_outgoing_port_lo }}-{{ deluge_daemon_outgoing_port_hi }} } accept
} }
@ -38,14 +15,6 @@ table inet filter {
meta nfproto { ipv4, ipv6 } tcp sport {{ deluge_web_port }} accept meta nfproto { ipv4, ipv6 } tcp sport {{ deluge_web_port }} accept
{% else %} {% else %}
meta nfproto { ipv4, ipv6 } oifname "lo" tcp sport {{ deluge_web_port }} accept meta nfproto { ipv4, ipv6 } oifname "lo" tcp sport {{ deluge_web_port }} accept
{% endif %}
{% if deluge_allow_remote_control %}
{% if deluge_allowed_remotes_ip4 | length > 0 %}
ip saddr $allowed_controllers4 meta l4proto { tcp, udp } th dport {{ deluge_daemon_control_port }} accept
{% endif %}
{% if deluge_allowed_remotes_ip6 | length > 0 %}
ip6 saddr $allowed_controllers6 meta l4proto { tcp, udp } th dport {{ deluge_daemon_control_port }} accept
{% endif %}
{% endif %} {% endif %}
meta l4proto { tcp, udp } th sport { {{ deluge_daemon_outgoing_port_lo }}-{{ deluge_daemon_outgoing_port_hi }} } accept meta l4proto { tcp, udp } th sport { {{ deluge_daemon_outgoing_port_lo }}-{{ deluge_daemon_outgoing_port_hi }} } accept
oifname "lo" tcp sport {{ deluge_daemon_control_port }} accept oifname "lo" tcp sport {{ deluge_daemon_control_port }} accept

4
ansible_collections/nullified/infrastructure/roles/nginx/templates/ingress_http_nginx.nft.j2
View file

@ -1,9 +1,9 @@
table inet filter { table inet filter {
chain input { chain input {
meta l4proto { tcp, udp } th dport { http, https } accept meta nfproto { ipv4, ipv6 } tcp dport { http, https } accept
} }
chain output { chain output {
meta l4proto { tcp, udp } th sport { http, https } accept meta nfproto { ipv4, ipv6 } tcp sport { http, https } accept
} }
} }

2
inventory/host_vars/lithium/vars.yml
View file

@ -6,7 +6,5 @@ nginx_sites: "{{ vault_nginx_sites }}"
nginx_streams: "{{ vault_nginx_streams }}" nginx_streams: "{{ vault_nginx_streams }}"
deluge_web_password: '{{ vault_deluge_web_password }}' deluge_web_password: '{{ vault_deluge_web_password }}'
deluge_web_password_salt: '{{ vault_deluge_web_password_salt }}' deluge_web_password_salt: '{{ vault_deluge_web_password_salt }}'
deluge_allow_remote_control: '{{ vault_deluge_allow_remote_control }}'
deluge_allowed_remotes: '{{ vault_deluge_allowed_remotes }}'
global_dns_udp_dns4: "{{ vault_global_dns_udp_dns4 }}" global_dns_udp_dns4: "{{ vault_global_dns_udp_dns4 }}"
global_dns_udp_dns6: "{{ vault_global_dns_udp_dns6 }}" global_dns_udp_dns6: "{{ vault_global_dns_udp_dns6 }}"