From af81ce3df8ff6111e085f46bb6fa3d2c1cf89d2d Mon Sep 17 00:00:00 2001 From: bee Date: Mon, 25 May 2026 23:21:51 +0200 Subject: [PATCH] outsourcing --- playbooks/nginx/nginx.yml | 8 ++ playbooks/nginx/{html => www}/icon.ico | Bin playbooks/nginx/{html => www}/icon.png | Bin playbooks/nginx/{html => www}/index.html | 0 playbooks/ufw/ufw.yml | 98 +++++++++-------------- 5 files changed, 46 insertions(+), 60 deletions(-) rename playbooks/nginx/{html => www}/icon.ico (100%) rename playbooks/nginx/{html => www}/icon.png (100%) rename playbooks/nginx/{html => www}/index.html (100%) diff --git a/playbooks/nginx/nginx.yml b/playbooks/nginx/nginx.yml index 8e9ad2a..ad47521 100644 --- a/playbooks/nginx/nginx.yml +++ b/playbooks/nginx/nginx.yml @@ -28,6 +28,14 @@ group: root mode: '0644' + - name: Copy html content + ansible.builtin.copy: + src: www/ + dest: /var/www + owner: www-data + group: www-data + mode: '0644' + - name: Restart nginx ansible.builtin.service: name: nginx diff --git a/playbooks/nginx/html/icon.ico b/playbooks/nginx/www/icon.ico similarity index 100% rename from playbooks/nginx/html/icon.ico rename to playbooks/nginx/www/icon.ico diff --git a/playbooks/nginx/html/icon.png b/playbooks/nginx/www/icon.png similarity index 100% rename from playbooks/nginx/html/icon.png rename to playbooks/nginx/www/icon.png diff --git a/playbooks/nginx/html/index.html b/playbooks/nginx/www/index.html similarity index 100% rename from playbooks/nginx/html/index.html rename to playbooks/nginx/www/index.html diff --git a/playbooks/ufw/ufw.yml b/playbooks/ufw/ufw.yml index eb73c6f..1caf064 100644 --- a/playbooks/ufw/ufw.yml +++ b/playbooks/ufw/ufw.yml @@ -17,41 +17,25 @@ port: "22" proto: tcp - - name: UFW - Allow TCP in + - name: UFW - Allow backup SSH + community.general.ufw: + rule: allow + port: "4444" + proto: tcp + + - name: UFW - Allow tcp in community.general.ufw: rule: allow port: '{{ item }}' proto: tcp loop: - - "80" - "139" # samba - - "443" - "445" # samba - - "8448" # matrix federation + - "80" + - "443" + - "2222" - - name: UFW - Allow TCP forward - community.general.ufw: - rule: allow - port: '{{ item }}' - proto: tcp - route: true - loop: - - "25" # mail - - "465" # mail - - "587" # mail - - "993" # mail - - "2222" # gitbee ssh - - "8448" # matrix federation - - - name: UFW - Allow SMTP return - community.general.ufw: - rule: allow - route: true - interface_in: wg0 - proto: tcp - to_port: "25" - - - name: UFW - Allow UDP in + - name: UFW - Allow udp in community.general.ufw: rule: allow port: '{{ item }}' @@ -60,6 +44,33 @@ - "137" # samba - "138" # samba + - name: UFW - Allow wireguard ingress tcp + community.general.ufw: + rule: allow + interface_in: wg0 + proto: tcp + to_port: '{{ item }}' + loop: + - "80" + - "443" + - "4444" # backup ssh + - "8448" # matrix federation + + - name: UFW - Allow wireguard routing tcp + community.general.ufw: + rule: allow + interface_in: wg0 + route: true + proto: tcp + to_port: '{{ item }}' + loop: + - "25" # mail + - "465" # mail + - "587" # mail + - "993" # mail + - "2222" # gitbee ssh + - "8448" # matrix federation + - name: UFW - Limiting community.general.ufw: rule: limit @@ -85,11 +96,6 @@ proto: "udp" to_port: 53 - - name: UFW - Allow wireguard incoming - community.general.ufw: - rule: allow - interface_in: wg0 - - name: UFW - Allow wireguard outgoing community.general.ufw: rule: allow @@ -102,34 +108,6 @@ interface_out: wg0 route: true - - name: UFW - Allow wireguard to local network - community.general.ufw: - rule: allow - interface_in: wg0 - interface_out: eth0 - route: true - - - name: UFW - Allow wireguard to podman - community.general.ufw: - rule: allow - interface_in: wg0 - interface_out: podman+ - route: true - - - name: UFW - Allow podman to wireguard - community.general.ufw: - rule: allow - interface_in: podman+ - interface_out: wg0 - route: true - - - name: UFW - Allow local network to wireguard - community.general.ufw: - rule: allow - interface_in: eth0 - interface_out: wg0 - route: true - - name: UFW - Allow local network to podman community.general.ufw: rule: allow