Define open ports in global variable file
This commit is contained in:
parent
dd1d185b7e
commit
29edf2dba8
|
@ -18,3 +18,17 @@ users:
|
||||||
ssh_keys:
|
ssh_keys:
|
||||||
- sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIFWZGLov8wPBNxuvnaPK+8vv6wK5hHUVEFzXKsN9QeuBAAAADHNzaDpzYW1zYXB0aQ== ssh:samsapti
|
- sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIFWZGLov8wPBNxuvnaPK+8vv6wK5hHUVEFzXKsN9QeuBAAAADHNzaDpzYW1zYXB0aQ== ssh:samsapti
|
||||||
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPd/4fQV7CL8/KVwbo/phiV5UdXFBIDlkZ+ps8C7FeRf cardno:14 336 332
|
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPd/4fQV7CL8/KVwbo/phiV5UdXFBIDlkZ+ps8C7FeRf cardno:14 336 332
|
||||||
|
|
||||||
|
open_ports:
|
||||||
|
- { port: '22', proto: 'tcp', comment: 'SSH' }
|
||||||
|
- { port: '53', proto: 'tcp', comment: 'Pi-hole (not port-forwarded)' }
|
||||||
|
- { port: '53', proto: 'udp', comment: 'Pi-hole (not port-forwarded)' }
|
||||||
|
- { port: '80', proto: 'tcp', comment: 'HTTP' }
|
||||||
|
- { port: '81', proto: 'tcp', comment: 'Pi-hole (not port-forwarded)' }
|
||||||
|
- { port: '443', proto: 'tcp', comment: 'HTTPS' }
|
||||||
|
- { port: '4001', proto: 'tcp', comment: 'IPFS Kubo P2P' }
|
||||||
|
- { port: '4001', proto: 'udp', comment: 'IPFS Kubo P2P' }
|
||||||
|
- { port: '5001', proto: 'tcp', comment: 'IPFS Kubo RPC API (not port-forwarded)' }
|
||||||
|
- { port: '18080', proto: 'tcp', comment: 'monerod P2P' }
|
||||||
|
- { port: '18089', proto: 'tcp', comment: 'monerod RPC' }
|
||||||
|
- { port: '51820', proto: 'udp', comment: 'Wireguard' }
|
||||||
|
|
|
@ -4,25 +4,9 @@
|
||||||
community.general.ufw:
|
community.general.ufw:
|
||||||
rule: allow
|
rule: allow
|
||||||
port: "{{ item.port }}"
|
port: "{{ item.port }}"
|
||||||
proto: "{{ item.proto | default('tcp') }}"
|
proto: "{{ item.proto }}"
|
||||||
loop:
|
comment: "{{ item.comment }}"
|
||||||
- port: '22' # SSH
|
loop: "{{ open_ports }}"
|
||||||
- port: '53' # Pi-hole (not port-forwarded)
|
|
||||||
proto: tcp
|
|
||||||
- port: '53' # Pi-hole (not port-forwarded)
|
|
||||||
proto: udp
|
|
||||||
- port: '80' # HTTP
|
|
||||||
- port: '81' # Pi-hole (not port-forwarded)
|
|
||||||
- port: '443' # HTTPS
|
|
||||||
- port: '4001' # IPFS Kubo P2P
|
|
||||||
proto: tcp
|
|
||||||
- port: '4001' # IPFS Kubo P2P
|
|
||||||
proto: udp
|
|
||||||
- port: '5001' # IPFS Kubo RPC API (not port-forwarded)
|
|
||||||
- port: '18080' # monerod P2P
|
|
||||||
- port: '18089' # monerod RPC
|
|
||||||
- port: '51820' # Wireguard
|
|
||||||
proto: udp
|
|
||||||
|
|
||||||
- name: Enable UFW
|
- name: Enable UFW
|
||||||
community.general.ufw:
|
community.general.ufw:
|
||||||
|
|
Reference in a new issue