RWejlgaard/pez-infra
1
0
Fork 0
mirror of https://github.com/RWejlgaard/pez-infra.git synced 2026-05-06 04:14:43 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
pez-infra/ansible/roles
History
Rasmus Wejlgaard ef0ccdd84a fix(firewall_alpine): replace empty iptables ruleset with proper INPUT filtering 
The rules.v4.j2 template deployed a ruleset with INPUT ACCEPT and zero
custom rules — effectively a no-op. nuremberg-a is a public-facing mail
server and needs actual filtering.

Changes:
- INPUT default policy set to DROP
- Allow loopback, established/related, Tailscale interface, SSH, ICMP
- FORWARD stays ACCEPT for Docker port-forwarding
- Added firewall_alpine_extra_input_rules variable for host-specific rules

Mail ports remain handled by Docker's FORWARD chain, not INPUT.

Closes PESO-119
2026-04-02 20:17:28 +00:00
..
backup/tasks Add backup role to deploy hdd-backup.sh and cron to london-b (#16) 2026-03-29 15:09:01 +01:00
caddy initial commit 2026-03-28 12:39:41 +00:00
common fix: resolve UFW ansible-lint failures and deploy error (#11) 2026-03-29 10:53:54 +01:00
docker/tasks fix: remove docker-compose-v2 before installing docker-compose-plugin 2026-03-30 18:08:50 +00:00
docker_services/tasks initial commit 2026-03-28 12:39:41 +00:00
dotfiles/tasks fix remaining yaml lint nitpicks 2026-03-28 13:13:37 +00:00
firewall_alpine fix(firewall_alpine): replace empty iptables ruleset with proper INPUT filtering 2026-04-02 20:17:28 +00:00
media_stack Capture london-b media stack and systemd services (#19) 2026-03-29 19:13:48 +01:00
node_exporter Bind node_exporter to Tailscale IP on public-facing hosts 2026-03-30 21:56:36 +00:00
status_page capture helsinki-a status page cron in repo (#17) 2026-03-29 15:39:35 +01:00
systemd_services initial commit 2026-03-28 12:39:41 +00:00
zfs Add ZFS management role: scrub scheduling and pool monitoring (#18) 2026-03-29 19:12:42 +01:00