diff options
| -rw-r--r-- | inventory/group_vars/ups/vars.yml | 44 |
1 files changed, 13 insertions, 31 deletions
diff --git a/inventory/group_vars/ups/vars.yml b/inventory/group_vars/ups/vars.yml index 26556942..2e75f882 100644 --- a/inventory/group_vars/ups/vars.yml +++ b/inventory/group_vars/ups/vars.yml @@ -36,6 +36,18 @@ openwrt_packages_add: openwrt_mixin: + /etc/sysctl.conf: + content: | + # Defaults are configured in /etc/sysctl.d/* and can be customized in this file + # + # disable IP forwarding, we don't need it since we are + # only an monitoring the connected UPS + net.ipv4.conf.default.forwarding=0 + net.ipv4.conf.all.forwarding=0 + net.ipv4.ip_forward=0 + net.ipv6.conf.default.forwarding=0 + net.ipv6.conf.all.forwarding=0 + /etc/dropbear/authorized_keys: content: "{{ ssh_keys_root | join('\n') }}\n" @@ -53,36 +65,6 @@ openwrt_mixin: sleep 5 upscmd -u admin -p secret "$UPS" load.on - /etc/rc.d/S22network-fw: - link: "../init.d/network-fw" - - /etc/rc.d/K92network-fw: - link: "../init.d/network-fw" - - /etc/init.d/network-fw: - mode: "0755" - content: | - #!/bin/sh /etc/rc.common - - START=22 - STOP=91 - - start() { - iptables -A INPUT -p tcp --dport 3493 -s 127.0.0.0/8 -j ACCEPT - {% for src in ups_query_sources %} - iptables -A INPUT -p tcp --dport 3493 -s {{ src }} -j ACCEPT - {% endfor %} - iptables -A INPUT -p tcp --dport 3493 -j DROP - } - - stop() { - iptables -D INPUT -p tcp --dport 3493 -j DROP - {% for src in ups_query_sources %} - iptables -D INPUT -p tcp --dport 3493 -s {{ src }} -j ACCEPT - {% endfor %} - iptables -D INPUT -p tcp --dport 3493 -s 127.0.0.0/8 -j ACCEPT - } - openwrt_uci: system: @@ -96,7 +78,7 @@ openwrt_uci: - name: timeserver 'ntp' options: - enabled: '1' + enabled: '0' enable_server: '0' server: - '0.lede.pool.ntp.org' |