kotovalexarian/fedihub-ansible
Archived
1
0
Fork 0
Code Activity
This repository has been archived on 2023-03-27. You can view files and clone it, but cannot push or open issues or pull requests.
fedihub-ansible/host_vars/git.crypto-libertarian.com.yml
Alex Kotov d8eaf9c5cd
Improve iptables
2020-07-13 22:27:44 +05:00

35 lines
1.6 KiB
YAML
Raw Blame History

---
ansible_become_pass_for:
kotovalexarian: !vault |
$ANSIBLE_VAULT;1.2;AES256;kotovalexarian
66653237663434333835653436376637653961656334336462313366336631643935636133373466
3830663364376231343335396631376133333332313466640a656135363061383136623038613334
37623132343764353561666465353263303266336136393663383366373036626163326637343861
3039303536646536300a313465363631633666653336386433613361333761636133376664393633
37303763616361653265663532316637663430666436366461313064656233313235383766633064
6334613838376431303330393165306533633261646335666234
ansible_become_pass: "{{ ansible_become_pass_for[admin] }}"
common__apache__state: install
common__apache__listen: [80, 443]
common__apache__modules: ['alias', 'cgid', 'env', 'rewrite', 'ssl']
common__certbot__cert_name: 'git.crypto-libertarian.com'
common__certbot__cert_domains:
- 'git.crypto-libertarian.com'
common__certbot__post_hook: 'systemctl is-active apache2.service || systemctl start apache2.service'
common__certbot__pre_hook: 'systemctl is-active apache2.service && systemctl stop apache2.service || true'
common__iptables__drop_by_default: true
common__iptables__v4_filter: |
# Allow incoming HTTP, HTTPS.
-A INPUT -p tcp -m multiport --dports 80,443 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT
-A OUTPUT -p tcp -m multiport --sports 80,443 -m conntrack --ctstate ESTABLISHED -j ACCEPT
# Deny other HTTP, HTTPS.
-A INPUT -p tcp -m multiport --dports 80,443 -j REJECT
-A OUTPUT -p tcp -m multiport --sports 80,443 -j REJECT
common__iptables__v6_filter: '{{ common__iptables__v4_filter }}'
View git blame Copy permalink