mirror of
https://github.com/RWejlgaard/pez-infra.git
synced 2026-05-06 04:14:43 +00:00
Rasmus "Pez" Wejlgaard
4554dec7d2
* Configure UFW firewall rules in common Ansible role Add UFW configuration to the common role for Debian hosts: - Default deny incoming, allow outgoing - Allow all traffic on tailscale0 interface (mesh comms) - Allow SSH port 22 as safety net - Per-host allowed ports via ufw_allowed_ports variable - Enable UFW after rules are applied helsinki-a gets ports 80/443 for reverse proxy traffic. Other Debian hosts only need Tailscale + SSH. Closes PESO-79 * Remove unused alerting and rule_files from prometheus.yml Alerting is handled by Grafana, not Prometheus Alertmanager. The empty alertmanagers and rule_files sections were just noise. Resolves PESO-74
7 lines
236 B
YAML
7 lines
236 B
YAML
---
|
|
# UFW firewall defaults
|
|
# Override ufw_allowed_ports in host_vars for public-facing services.
|
|
ufw_enabled: true
|
|
ufw_allowed_ports: []
|
|
# - { port: 80, proto: tcp, comment: "HTTP" }
|
|
# - { port: 443, proto: tcp, comment: "HTTPS" }
|