Define open ports in global variable file

This commit is contained in:
Sam A. 2023-07-22 15:47:41 +02:00
parent dd1d185b7e
commit 29edf2dba8
Signed by: samsapti
GPG key ID: CBBBE7371E81C4EA
2 changed files with 17 additions and 19 deletions

View file

@ -18,3 +18,17 @@ users:
ssh_keys: ssh_keys:
- sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIFWZGLov8wPBNxuvnaPK+8vv6wK5hHUVEFzXKsN9QeuBAAAADHNzaDpzYW1zYXB0aQ== ssh:samsapti - sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIFWZGLov8wPBNxuvnaPK+8vv6wK5hHUVEFzXKsN9QeuBAAAADHNzaDpzYW1zYXB0aQ== ssh:samsapti
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPd/4fQV7CL8/KVwbo/phiV5UdXFBIDlkZ+ps8C7FeRf cardno:14 336 332 - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPd/4fQV7CL8/KVwbo/phiV5UdXFBIDlkZ+ps8C7FeRf cardno:14 336 332
open_ports:
- { port: '22', proto: 'tcp', comment: 'SSH' }
- { port: '53', proto: 'tcp', comment: 'Pi-hole (not port-forwarded)' }
- { port: '53', proto: 'udp', comment: 'Pi-hole (not port-forwarded)' }
- { port: '80', proto: 'tcp', comment: 'HTTP' }
- { port: '81', proto: 'tcp', comment: 'Pi-hole (not port-forwarded)' }
- { port: '443', proto: 'tcp', comment: 'HTTPS' }
- { port: '4001', proto: 'tcp', comment: 'IPFS Kubo P2P' }
- { port: '4001', proto: 'udp', comment: 'IPFS Kubo P2P' }
- { port: '5001', proto: 'tcp', comment: 'IPFS Kubo RPC API (not port-forwarded)' }
- { port: '18080', proto: 'tcp', comment: 'monerod P2P' }
- { port: '18089', proto: 'tcp', comment: 'monerod RPC' }
- { port: '51820', proto: 'udp', comment: 'Wireguard' }

View file

@ -4,25 +4,9 @@
community.general.ufw: community.general.ufw:
rule: allow rule: allow
port: "{{ item.port }}" port: "{{ item.port }}"
proto: "{{ item.proto | default('tcp') }}" proto: "{{ item.proto }}"
loop: comment: "{{ item.comment }}"
- port: '22' # SSH loop: "{{ open_ports }}"
- port: '53' # Pi-hole (not port-forwarded)
proto: tcp
- port: '53' # Pi-hole (not port-forwarded)
proto: udp
- port: '80' # HTTP
- port: '81' # Pi-hole (not port-forwarded)
- port: '443' # HTTPS
- port: '4001' # IPFS Kubo P2P
proto: tcp
- port: '4001' # IPFS Kubo P2P
proto: udp
- port: '5001' # IPFS Kubo RPC API (not port-forwarded)
- port: '18080' # monerod P2P
- port: '18089' # monerod RPC
- port: '51820' # Wireguard
proto: udp
- name: Enable UFW - name: Enable UFW
community.general.ufw: community.general.ufw: