fix: needed to add repos with helm

Merge branch 'main' of https://gitea.lyc-lecastel.fr/gadmin/gsb2023
modification
2023-04-03 11:08:53 +02:00 · 2023-04-03 11:05:13 +02:00 · 2023-04-03 11:04:13 +02:00 · 2023-04-03 11:00:19 +02:00 · 2023-04-03 10:47:41 +02:00 · 2023-03-30 11:21:59 +02:00
4 changed files with 5 additions and 60 deletions
--- a/r-vp2.yml
+++ b/r-vp2.yml
@ -18,7 +18,7 @@
 #   - firewall-vpn-l
   - wireguard-l
 #   - x509-l
-   - fw-ferm
+   - post
   - ssh-cli
   - syslog-cli
-   - post
+   - fw-ferm
--- a/roles/fw-ferm/files/ferm-vp1.conf
+++ b/roles/fw-ferm/files/ferm-vp1.conf
@ -1,47 +0,0 @@
-# -*- shell-script -*-
-
-@def $DEV_VPN= wg0;
-
-table filter {
-    chain INPUT {
-        policy DROP;
-
-        # connection tracking
-        mod state state INVALID DROP;
-        mod state state (ESTABLISHED RELATED) ACCEPT;
-
-        # allow local connections
-        interface lo ACCEPT;
-        interface $DEV_VPN{
-        # respond to ping
-        proto icmp icmp-type echo-request ACCEPT;
-        # disallow ssh
-        saddr proto tcp dport ssh DROP;
-        }
-    }#FIN INPUT
-
-    # outgoing connections are not limited
-    chain OUTPUT {
-        policy ACCEPT;
-        interface $DEV_VPN{
-        # allow ssh
-        daddr proto tcp dport ssh ACCEPT;
-        # respond to ping
-        proto icmp icmp-type echo-request ACCEPT;
-        }
-     }#FIN OUTPUT
-
-    chain FORWARD {
-        policy ACCEPT;
-
-        # connection tracking
-        mod state state INVALID DROP;
-        mod state state (ESTABLISHED RELATED) ACCEPT;
-
-        # connections from the internal net to the internet or to other
-        # internal nets are allowed
-        interface $DEV_VPN ACCEPT;
-
-        # the rest is dropped by the above policy
-    }#FIN FO
-}
--- a/roles/fw-ferm/files/ferm.conf.r-vp1
+++ b/roles/fw-ferm/files/ferm.conf.r-vp1
@ -50,15 +50,7 @@ table filter {

    chain FORWARD {
        policy ACCEPT;
-
-        interface $DEV_VPN{
-            # respond to ping
-            proto icmp icmp-type echo-request ACCEPT;
-            # disallow ssh
-            saddr($DEV_VPN) proto tcp dport ssh DROP;
-            # allow ssh
-            daddr($DEV_VPN) proto tcp dport ssh ACCEPT;
-
+        proto icmp icmp-type echo-request ACCEPT;
        }
        # connection tracking
        mod state state INVALID DROP;
--- a/roles/peertube/tasks/main.yml
+++ b/roles/peertube/tasks/main.yml
@ -20,11 +20,11 @@
  - name: copie de values.yaml...
    copy:
      src: /root/tools/ansible/gsb2023/roles/peertube/files/values.yaml
-      dest: /root/tools/peertube/Peertube-helm/helm/
+      dest: /root/tools/peertube/helm/
      mode: '0644'

  - name: installation de helm...
    shell: curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash

  - name: installation de peertube...
-    shell: helm build /root/tools/peertube/Peertube-helm/helm && helm install --create-namesapce -n peertube peertube-gsb
+    shell: helm repo add https://charts.bitnami.com/bitnami && helm repo add https://bokysan.github.io/docker-postfix && helm dependency build /root/tools/peertube/helm/ && helm install --create-namesapce -n peertube peertube-gsb /root/tools/peertube/helm
Author	SHA1	Message	Date
Elam Monnot	b36505bf78	fix: needed to add repos with helm	2023-04-03 11:08:53 +02:00
Johan Largy	2546430f94	Merge branch 'main' of https://gitea.lyc-lecastel.fr/gadmin/gsb2023	2023-04-03 11:05:13 +02:00
Johan Largy	0624f3da72	modification	2023-04-03 11:04:13 +02:00
Elam Monnot	40c8aeccd9	fix: changed paths in peertube role	2023-04-03 11:00:19 +02:00
Elam Monnot	5c21400e29	fix: wrong cp path in role	2023-04-03 10:47:41 +02:00
Elam Monnot	33a9c5e8f6	fix: try to solve an issue	2023-03-30 11:21:59 +02:00
Elam Monnot	6f25e4caa4	fix: wrong shell command	2023-03-30 11:14:41 +02:00