interconnect servers through the ekumen

This commit is contained in:
f 2022-06-19 02:59:17 -03:00
parent 2eef8b1a49
commit fee595921c
8 changed files with 17 additions and 2 deletions

1
.gitignore vendored
View file

@ -1 +1,2 @@
vault.key
ekumen/

View file

@ -5,3 +5,4 @@
tasks:
- include_tasks: "tasks/encrypt.yml"
- include_tasks: "tasks/docker.yml"
- include_tasks: "tasks/ekumen.yml"

View file

@ -20,8 +20,11 @@
src: "templates/etc/fstab.j2"
dest: "/mnt/etc/fstab"
mode: "0755"
- name: "Load BTRFS module on boot"
shell: "grep -q btrfs /mnt/etc/modules || echo btrfs >> /mnt/etc/modules"
- name: "Load modules on boot"
template:
src: "templates/etc/modules.j2"
dest: "/mnt/etc/modules"
mode: "0640"
- name: "And which features to include into initramfs."
template:
src: "templates/etc/mkinitfs/mkinitfs.conf.j2"

View file

@ -58,6 +58,7 @@
loop:
- /etc/conf.d/iptables
- /etc/conf.d/ip6tables
- /etc/conf.d/tinc.networks
- /etc/iptables/rules6-save
- /etc/iptables/rules-save
- /etc/ipset.d/blocklist4

View file

@ -0,0 +1 @@
NETWORK: ekumen

View file

@ -8,4 +8,6 @@
-A INPUT -p icmp -m icmp --icmp-type 8 -m conntrack --ctstate NEW -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp --dport 22 -j ACCEPT
-A INPUT -p udp --dport 65000 -j ACCEPT
-A INPUT -p tcp --dport 65000 -j ACCEPT
COMMIT

View file

@ -10,5 +10,7 @@
-A INPUT -i lo -j ACCEPT
{% if ip6 is defined %}
-A INPUT -p tcp --dport 22 -j ACCEPT
-A INPUT -p udp --dport 65000 -j ACCEPT
-A INPUT -p tcp --dport 65000 -j ACCEPT
{% endif %}
COMMIT

4
templates/etc/modules.j2 Normal file
View file

@ -0,0 +1,4 @@
af_packet
ipv6
btrfs
tun