mirror of
https://github.com/RWejlgaard/pez-infra.git
synced 2026-05-06 04:14:43 +00:00
Rasmus "Pez" Wejlgaard
4554dec7d2
* Configure UFW firewall rules in common Ansible role Add UFW configuration to the common role for Debian hosts: - Default deny incoming, allow outgoing - Allow all traffic on tailscale0 interface (mesh comms) - Allow SSH port 22 as safety net - Per-host allowed ports via ufw_allowed_ports variable - Enable UFW after rules are applied helsinki-a gets ports 80/443 for reverse proxy traffic. Other Debian hosts only need Tailscale + SSH. Closes PESO-79 * Remove unused alerting and rule_files from prometheus.yml Alerting is handled by Grafana, not Prometheus Alertmanager. The empty alertmanagers and rule_files sections were just noise. Resolves PESO-74
7 lines
270 B
YAML
7 lines
270 B
YAML
---
|
|
host_role: mail
|
|
host_description: "Mail server (poste.io)"
|
|
host_location: "Hetzner Cloud"
|
|
ansible_python_interpreter: /usr/bin/python3
|
|
# NOTE: Alpine host — UFW tasks are Debian-only.
|
|
# Firewall rules for mail ports (25,465,587,993,143,80,443) managed separately.
|