diff options
| author | Christian Pointner <equinox@spreadspace.org> | 2020-02-29 03:29:26 +0100 |
|---|---|---|
| committer | Christian Pointner <equinox@spreadspace.org> | 2020-02-29 03:29:26 +0100 |
| commit | a895214d8fe4b515fbef15a7f919c5177543ac56 (patch) | |
| tree | 41a93a5a55c1065468510af6b47b8108fc898803 /roles/elevate/media | |
| parent | revert last commit (diff) | |
wireguard gateway works now (it is quite ugly though)
Diffstat (limited to 'roles/elevate/media')
| -rw-r--r-- | roles/elevate/media/templates/firewall/elevate-festival.sh.j2 | 5 | ||||
| -rw-r--r-- | roles/elevate/media/templates/netplan/elevate-festival.yaml.j2 | 10 |
2 files changed, 5 insertions, 10 deletions
diff --git a/roles/elevate/media/templates/firewall/elevate-festival.sh.j2 b/roles/elevate/media/templates/firewall/elevate-festival.sh.j2 index 987117c8..fea33cc2 100644 --- a/roles/elevate/media/templates/firewall/elevate-festival.sh.j2 +++ b/roles/elevate/media/templates/firewall/elevate-festival.sh.j2 @@ -19,8 +19,8 @@ LAN_IF="{{ network.primary.interface }}" LAN_IPADDR="{{ network.primary.ip }}" LAN_NETMASK="{{ network.primary.mask }}" -EXT_IF="{{ network.primary.interface }}.{{ network_zones.ccinet.vlan }}" -EXT_IPADDR="{{ network_zones.ccinet.prefix | ipaddr(network_zones.ccinet.offsets[inventory_hostname]) | ipaddr('address') }}" +EXT_IF="wg-gwhetzner" +EXT_IPADDR="192.168.254.2" EXT_SERVICES_TCP="80 443 22000" EXT_SERVICES_UDP="" @@ -34,6 +34,7 @@ ipv4_up() { $FILTER -A INPUT -i lo -j ACCEPT $FILTER -A INPUT -i "$LAN_IF" -d "$LAN_IPADDR" -s "$LAN_IPADDR/$LAN_NETMASK" -j ACCEPT + $FILTER -A INPUT -i "$LAN_IF" -d "$LAN_IPADDR" -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT $FILTER -A INPUT -i "$EXT_IF" -d "$EXT_IPADDR" -p icmp -j ACCEPT for port in $EXT_SERVICES_TCP; do diff --git a/roles/elevate/media/templates/netplan/elevate-festival.yaml.j2 b/roles/elevate/media/templates/netplan/elevate-festival.yaml.j2 index 3c2bbb78..3bd97cb6 100644 --- a/roles/elevate/media/templates/netplan/elevate-festival.yaml.j2 +++ b/roles/elevate/media/templates/netplan/elevate-festival.yaml.j2 @@ -4,14 +4,8 @@ network: ethernets: {{ network.primary.interface }}: addresses: [ {{ (network.primary.ip + '/' + network.primary.mask) | ipaddr('address/prefix') }} ] - accept-ra: false - vlans: - {{ network.primary.interface }}.{{ network_zones.ccinet.vlan }}: - id: {{ network_zones.ccinet.vlan }} - link: {{ network.primary.interface }} - addresses: [ {{ network_zones.ccinet.prefix | ipaddr(network_zones.ccinet.offsets[inventory_hostname]) | ipaddr('address/prefix') }} ] - gateway4: {{ network_zones.ccinet.gateway }} + gateway4: {{ network.primary.gateway }} accept-ra: false nameservers: search: [ {{ network.domain }} ] - addresses: {{ network_zones.ccinet.dns | to_json }} + addresses: {{ network.nameservers | to_json }} |