interconnect servers through the ekumen
This commit is contained in:
f
parent
2eef8b1a49
commit
fee595921c
8 changed files with 17 additions and 2 deletions
1
.gitignore
vendored
1
.gitignore
vendored
|
|
@ -1 +1,2 @@
|
||||||
vault.key
|
vault.key
|
||||||
|
ekumen/
|
||||||
|
|
|
||||||
|
|
@ -5,3 +5,4 @@
|
||||||
tasks:
|
tasks:
|
||||||
- include_tasks: "tasks/encrypt.yml"
|
- include_tasks: "tasks/encrypt.yml"
|
||||||
- include_tasks: "tasks/docker.yml"
|
- include_tasks: "tasks/docker.yml"
|
||||||
|
- include_tasks: "tasks/ekumen.yml"
|
||||||
|
|
|
||||||
|
|
@ -20,8 +20,11 @@
|
||||||
src: "templates/etc/fstab.j2"
|
src: "templates/etc/fstab.j2"
|
||||||
dest: "/mnt/etc/fstab"
|
dest: "/mnt/etc/fstab"
|
||||||
mode: "0755"
|
mode: "0755"
|
||||||
- name: "Load BTRFS module on boot"
|
- name: "Load modules on boot"
|
||||||
shell: "grep -q btrfs /mnt/etc/modules || echo btrfs >> /mnt/etc/modules"
|
template:
|
||||||
|
src: "templates/etc/modules.j2"
|
||||||
|
dest: "/mnt/etc/modules"
|
||||||
|
mode: "0640"
|
||||||
- name: "And which features to include into initramfs."
|
- name: "And which features to include into initramfs."
|
||||||
template:
|
template:
|
||||||
src: "templates/etc/mkinitfs/mkinitfs.conf.j2"
|
src: "templates/etc/mkinitfs/mkinitfs.conf.j2"
|
||||||
|
|
|
||||||
|
|
@ -58,6 +58,7 @@
|
||||||
loop:
|
loop:
|
||||||
- /etc/conf.d/iptables
|
- /etc/conf.d/iptables
|
||||||
- /etc/conf.d/ip6tables
|
- /etc/conf.d/ip6tables
|
||||||
|
- /etc/conf.d/tinc.networks
|
||||||
- /etc/iptables/rules6-save
|
- /etc/iptables/rules6-save
|
||||||
- /etc/iptables/rules-save
|
- /etc/iptables/rules-save
|
||||||
- /etc/ipset.d/blocklist4
|
- /etc/ipset.d/blocklist4
|
||||||
|
|
|
||||||
1
templates/etc/conf.d/tinc.networks.j2
Normal file
1
templates/etc/conf.d/tinc.networks.j2
Normal file
|
|
@ -0,0 +1 @@
|
||||||
|
NETWORK: ekumen
|
||||||
|
|
@ -8,4 +8,6 @@
|
||||||
-A INPUT -p icmp -m icmp --icmp-type 8 -m conntrack --ctstate NEW -j ACCEPT
|
-A INPUT -p icmp -m icmp --icmp-type 8 -m conntrack --ctstate NEW -j ACCEPT
|
||||||
-A INPUT -i lo -j ACCEPT
|
-A INPUT -i lo -j ACCEPT
|
||||||
-A INPUT -p tcp --dport 22 -j ACCEPT
|
-A INPUT -p tcp --dport 22 -j ACCEPT
|
||||||
|
-A INPUT -p udp --dport 65000 -j ACCEPT
|
||||||
|
-A INPUT -p tcp --dport 65000 -j ACCEPT
|
||||||
COMMIT
|
COMMIT
|
||||||
|
|
|
||||||
|
|
@ -10,5 +10,7 @@
|
||||||
-A INPUT -i lo -j ACCEPT
|
-A INPUT -i lo -j ACCEPT
|
||||||
{% if ip6 is defined %}
|
{% if ip6 is defined %}
|
||||||
-A INPUT -p tcp --dport 22 -j ACCEPT
|
-A INPUT -p tcp --dport 22 -j ACCEPT
|
||||||
|
-A INPUT -p udp --dport 65000 -j ACCEPT
|
||||||
|
-A INPUT -p tcp --dport 65000 -j ACCEPT
|
||||||
{% endif %}
|
{% endif %}
|
||||||
COMMIT
|
COMMIT
|
||||||
|
|
|
||||||
4
templates/etc/modules.j2
Normal file
4
templates/etc/modules.j2
Normal file
|
|
@ -0,0 +1,4 @@
|
||||||
|
af_packet
|
||||||
|
ipv6
|
||||||
|
btrfs
|
||||||
|
tun
|
||||||
Loading…
Reference in a new issue