diff options
| author | Christian Pointner <equinox@spreadspace.org> | 2020-08-27 23:52:35 +0200 |
|---|---|---|
| committer | Christian Pointner <equinox@spreadspace.org> | 2020-08-27 23:52:35 +0200 |
| commit | 2916f604e6a974360a4c5bbe4339f20d281af5cf (patch) | |
| tree | a2b6c1022b7db92c897be75771db38a8d45959cf /inventory | |
| parent | enable acmetool for ch-imap-proxy (diff) | |
finalize ch-imap-proxy
Diffstat (limited to 'inventory')
| -rw-r--r-- | inventory/group_vars/chaos-at-home/network.yml | 17 | ||||
| -rw-r--r-- | inventory/host_vars/ch-imap-proxy.yml | 2 | ||||
| -rw-r--r-- | inventory/host_vars/ch-router.yml | 9 |
3 files changed, 16 insertions, 12 deletions
diff --git a/inventory/group_vars/chaos-at-home/network.yml b/inventory/group_vars/chaos-at-home/network.yml index 332729a1..d2bbde0a 100644 --- a/inventory/group_vars/chaos-at-home/network.yml +++ b/inventory/group_vars/chaos-at-home/network.yml @@ -15,11 +15,13 @@ network_zones: ch-oulu: 2 ## testing ch-oulu-vm1: 3 ## testing ch-mc: 10 - ch-auth-legacy: 88 ## legacy - ch-prometheus-legacy: 99 ## legacy ch-prometheus: 200 ch-prometheus-old: 250 ch-gw-lan: 254 + ############# + ## legacy stuff + ch-auth-legacy: 88 ## legacy + ch-prometheus-legacy: 99 ## legacy wifi: ssid: "chaos at home" encryption: "psk2" @@ -46,16 +48,19 @@ network_zones: offsets: ch-apps: 1 ch-imap-proxy: 9 - ch-stats-legacy: 10 ## legacy ch-jump: 22 ch-gw-lan: 28 ch-nic: 53 - ch-web-legacy: 80 ## legacy __svc_web__: 80 - ch-mail-legacy: 143 ## legacy __svc_imap__: 143 ch-router-obsd: 253 ch-router: 254 + ############# + ## legacy stuff + ch-stats-legacy: 10 + ch-web-legacy: 80 + ch-mail-legacy: 144 + mgmt: vlan: 42 @@ -90,6 +95,6 @@ network_services: addr: "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets.__svc_web__) | ipaddr('address') }}" imap: ports: - - 143 + #- 143 - 993 addr: "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets.__svc_imap__) | ipaddr('address') }}" diff --git a/inventory/host_vars/ch-imap-proxy.yml b/inventory/host_vars/ch-imap-proxy.yml index fb76d202..69acde86 100644 --- a/inventory/host_vars/ch-imap-proxy.yml +++ b/inventory/host_vars/ch-imap-proxy.yml @@ -33,4 +33,4 @@ network: - *_network_primary_ -# acmetool_directory_server: "{{ acmetool_directory_server_le_live_v2 }}" +acmetool_directory_server: "{{ acmetool_directory_server_le_live_v2 }}" diff --git a/inventory/host_vars/ch-router.yml b/inventory/host_vars/ch-router.yml index 22864a59..a63f29fc 100644 --- a/inventory/host_vars/ch-router.yml +++ b/inventory/host_vars/ch-router.yml @@ -150,20 +150,19 @@ openwrt_mixin: iptables -A INPUT -i "$MAGENTA_IF" -d "$MAGENTA_IPADDR" -p udp --dport 1194 -j ACCEPT iptables -A INPUT -i "$MAGENTA_IF" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT + {# TODO: generate this based on network_services #} iptables -t nat -A PREROUTING -i "$MAGENTA_IF" -d "$MAGENTA_IPADDR" -p tcp --dport 2342 -j DNAT --to "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-jump']) | ipaddr('address') }}" iptables -A FORWARD -i "$MAGENTA_IF" -o "$SVC_IF" -d "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-jump']) | ipaddr('address') }}" -p tcp --dport 2342 -j ACCEPT iptables -t nat -A PREROUTING -i "$MAGENTA_IF" -d "$MAGENTA_IPADDR" -p tcp --dport 53 -j DNAT --to "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-nic']) | ipaddr('address') }}" iptables -A FORWARD -i "$MAGENTA_IF" -o "$SVC_IF" -d "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-nic']) | ipaddr('address') }}" -p tcp --dport 53 -j ACCEPT - iptables -t nat -A PREROUTING -i "$MAGENTA_IF" -d "$MAGENTA_IPADDR" -p tcp --dport 80 -j DNAT --to "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-web']) | ipaddr('address') }}" - iptables -t nat -A PREROUTING -i "$MAGENTA_IF" -d "$MAGENTA_IPADDR" -p tcp --dport 443 -j DNAT --to "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-web']) | ipaddr('address') }}" + iptables -t nat -A PREROUTING -i "$MAGENTA_IF" -d "$MAGENTA_IPADDR" -p tcp --dport 80 -j DNAT --to "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-web-legacy']) | ipaddr('address') }}" + iptables -t nat -A PREROUTING -i "$MAGENTA_IF" -d "$MAGENTA_IPADDR" -p tcp --dport 443 -j DNAT --to "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-web-legacy']) | ipaddr('address') }}" iptables -A FORWARD -i "$MAGENTA_IF" -o "$SVC_IF" -d "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-web']) | ipaddr('address') }}" -p tcp --dport 80 -j ACCEPT iptables -A FORWARD -i "$MAGENTA_IF" -o "$SVC_IF" -d "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-web']) | ipaddr('address') }}" -p tcp --dport 443 -j ACCEPT - iptables -t nat -A PREROUTING -i "$MAGENTA_IF" -d "$MAGENTA_IPADDR" -p tcp --dport 143 -j DNAT --to "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-mail']) | ipaddr('address') }}:144" - iptables -t nat -A PREROUTING -i "$MAGENTA_IF" -d "$MAGENTA_IPADDR" -p tcp --dport 993 -j DNAT --to "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-mail']) | ipaddr('address') }}" - iptables -A FORWARD -i "$MAGENTA_IF" -o "$SVC_IF" -d "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-mail']) | ipaddr('address') }}" -p tcp --dport 144 -j ACCEPT + iptables -t nat -A PREROUTING -i "$MAGENTA_IF" -d "$MAGENTA_IPADDR" -p tcp --dport 993 -j DNAT --to "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-mail-legacy']) | ipaddr('address') }}" iptables -A FORWARD -i "$MAGENTA_IF" -o "$SVC_IF" -d "{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-mail']) | ipaddr('address') }}" -p tcp --dport 993 -j ACCEPT |