WoodSmellParticle/ansible-infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ansible-infra/collections/ansible_collections/nullified/infrastructure/roles/vault/templates/vault.nft.j2
NaeiKinDus ddf406fd37
feat(vault): add a HashiCorp Vault role
2024-06-26 00:00:00 +00:00

13 lines
784 B
Django/Jinja
Raw Blame History

{%- set api_source_ips = firewall_lb_ips | default({}, True) -%}
{%- set noop = api_source_ips.update(firewall_cluster_nodes_ips) -%}
table inet filter {
chain input {
{% if firewall_lb_ips %}ip saddr { {{ api_source_ips | join (', ') }} } {% endif %}tcp dport {{ hc_vault_api_port }} accept
{% if firewall_cluster_nodes_ips %}ip saddr { {{ firewall_cluster_nodes_ips | join(', ') }} } tcp dport {{ hc_vault_raft_cluster_port }}{% endif +%}
}
chain output {
{% if firewall_lb_ips %}ip daddr { {{ api_source_ips | join (', ') }} } {% endif %}tcp sport {{ hc_vault_api_port }} accept
{% if firewall_cluster_nodes_ips %}ip daddr { {{ firewall_cluster_nodes_ips | join(', ') }} } tcp sport {{ hc_vault_raft_cluster_port }}{% endif +%}
}
}
Reference in a new issue View git blame Copy permalink