interconnect servers through the ekumen
This commit is contained in:
parent
2eef8b1a49
commit
fee595921c
8 changed files with 17 additions and 2 deletions
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -1 +1,2 @@
|
|||
vault.key
|
||||
ekumen/
|
||||
|
|
|
@ -5,3 +5,4 @@
|
|||
tasks:
|
||||
- include_tasks: "tasks/encrypt.yml"
|
||||
- include_tasks: "tasks/docker.yml"
|
||||
- include_tasks: "tasks/ekumen.yml"
|
||||
|
|
|
@ -20,8 +20,11 @@
|
|||
src: "templates/etc/fstab.j2"
|
||||
dest: "/mnt/etc/fstab"
|
||||
mode: "0755"
|
||||
- name: "Load BTRFS module on boot"
|
||||
shell: "grep -q btrfs /mnt/etc/modules || echo btrfs >> /mnt/etc/modules"
|
||||
- name: "Load modules on boot"
|
||||
template:
|
||||
src: "templates/etc/modules.j2"
|
||||
dest: "/mnt/etc/modules"
|
||||
mode: "0640"
|
||||
- name: "And which features to include into initramfs."
|
||||
template:
|
||||
src: "templates/etc/mkinitfs/mkinitfs.conf.j2"
|
||||
|
|
|
@ -58,6 +58,7 @@
|
|||
loop:
|
||||
- /etc/conf.d/iptables
|
||||
- /etc/conf.d/ip6tables
|
||||
- /etc/conf.d/tinc.networks
|
||||
- /etc/iptables/rules6-save
|
||||
- /etc/iptables/rules-save
|
||||
- /etc/ipset.d/blocklist4
|
||||
|
|
1
templates/etc/conf.d/tinc.networks.j2
Normal file
1
templates/etc/conf.d/tinc.networks.j2
Normal file
|
@ -0,0 +1 @@
|
|||
NETWORK: ekumen
|
|
@ -8,4 +8,6 @@
|
|||
-A INPUT -p icmp -m icmp --icmp-type 8 -m conntrack --ctstate NEW -j ACCEPT
|
||||
-A INPUT -i lo -j ACCEPT
|
||||
-A INPUT -p tcp --dport 22 -j ACCEPT
|
||||
-A INPUT -p udp --dport 65000 -j ACCEPT
|
||||
-A INPUT -p tcp --dport 65000 -j ACCEPT
|
||||
COMMIT
|
||||
|
|
|
@ -10,5 +10,7 @@
|
|||
-A INPUT -i lo -j ACCEPT
|
||||
{% if ip6 is defined %}
|
||||
-A INPUT -p tcp --dport 22 -j ACCEPT
|
||||
-A INPUT -p udp --dport 65000 -j ACCEPT
|
||||
-A INPUT -p tcp --dport 65000 -j ACCEPT
|
||||
{% endif %}
|
||||
COMMIT
|
||||
|
|
4
templates/etc/modules.j2
Normal file
4
templates/etc/modules.j2
Normal file
|
@ -0,0 +1,4 @@
|
|||
af_packet
|
||||
ipv6
|
||||
btrfs
|
||||
tun
|
Loading…
Reference in a new issue