boot,store,store-db: switch to nftables
https://github.com/status-im/infra-misc/issues/301
This commit is contained in:
parent
901a62f455
commit
f8c8dac98d
|
@ -1,4 +1,6 @@
|
|||
---
|
||||
bootstrap__firewall_nftables: true
|
||||
|
||||
# Root password
|
||||
bootstrap__root_pass: '{{lookup("bitwarden", "root-pass")}}'
|
||||
# Consul
|
||||
|
|
|
@ -85,16 +85,15 @@ certbot_certs_map:
|
|||
- '{{ nim_waku_websocket_domain }}'
|
||||
- '{{ nim_waku_websocket_domain | replace("status."+stage, "shards.staging") }}' # Legacy Fleet Name
|
||||
|
||||
# Open LibP2P Ports
|
||||
open_ports_default_comment: '{{ nim_waku_cont_name }}'
|
||||
open_ports_default_chain: 'SERVICES'
|
||||
open_ports_default_protocol: 'tcp'
|
||||
# Open Nim-Waku Ports
|
||||
open_ports_list:
|
||||
- { port: '80', comment: 'Nginx and Certbot' }
|
||||
- { port: '{{ nim_waku_p2p_tcp_port }}' }
|
||||
- { port: '{{ nim_waku_disc_v5_port }}', protocol: 'udp' }
|
||||
- { port: '{{ nim_waku_metrics_port }}', chain: 'VPN', ipset: 'metrics.hq' }
|
||||
- { port: '{{ nim_waku_websock_port }}' }
|
||||
nginx:
|
||||
- { comment: 'Nginx and Certbot', port: '80' }
|
||||
nim-waku:
|
||||
- { comment: 'Nim-Waku LibP2P', port: '{{ nim_waku_p2p_tcp_port }}' }
|
||||
- { comment: 'Nim-Waku Discovery v5', port: '{{ nim_waku_disc_v5_port }}', protocol: 'udp' }
|
||||
- { comment: 'Nim-Waku Metrics', port: '{{ nim_waku_metrics_port }}', ipset: 'metrics.hq', iifname: 'wg0' }
|
||||
- { comment: 'Nim-Waku WebSocket', port: '{{ nim_waku_websock_port }}' }
|
||||
|
||||
# Public Config file access
|
||||
nginx_sites:
|
||||
|
|
|
@ -66,8 +66,6 @@ postgres_ha_consul_failures_before_warning: 5
|
|||
postgres_ha_consul_failures_before_critical: 10
|
||||
|
||||
# Open PostgreSQL Port
|
||||
open_ports_default_comment: '{{ postgres_ha_service_name }}'
|
||||
open_ports_default_chain: 'SERVICES'
|
||||
open_ports_default_protocol: 'tcp'
|
||||
open_ports_list:
|
||||
- { port: '{{ postgres_ha_cont_port }}', ipset: '{{ env }}.{{ stage }}' }
|
||||
postgres:
|
||||
- { comment: 'PostgreSQL', port: '{{ postgres_ha_cont_port }}', ipset: '{{ env }}.{{ stage }}', iifname: 'wg0' }
|
||||
|
|
|
@ -92,16 +92,15 @@ certbot_certs_map:
|
|||
- '{{ nim_waku_websocket_domain }}'
|
||||
- '{{ nim_waku_websocket_domain | replace("status."+stage, "shards.staging") }}' # Legacy Fleet Name
|
||||
|
||||
# Open LibP2P Ports
|
||||
open_ports_default_comment: '{{ nim_waku_cont_name }}'
|
||||
open_ports_default_chain: 'SERVICES'
|
||||
open_ports_default_protocol: 'tcp'
|
||||
# Open Nim-Waku Ports
|
||||
open_ports_list:
|
||||
- { port: '80', comment: 'Nginx and Certbot' }
|
||||
- { port: '{{ nim_waku_p2p_tcp_port }}' }
|
||||
- { port: '{{ nim_waku_disc_v5_port }}', protocol: 'udp' }
|
||||
- { port: '{{ nim_waku_metrics_port }}', chain: 'VPN', ipset: 'metrics.hq' }
|
||||
- { port: '{{ nim_waku_websock_port }}' }
|
||||
nginx:
|
||||
- { comment: 'Nginx and Certbot', port: '80' }
|
||||
nim-waku:
|
||||
- { comment: 'Nim-Waku LibP2P', port: '{{ nim_waku_p2p_tcp_port }}' }
|
||||
- { comment: 'Nim-Waku Discovery v5', port: '{{ nim_waku_disc_v5_port }}', protocol: 'udp' }
|
||||
- { comment: 'Nim-Waku Metrics', port: '{{ nim_waku_metrics_port }}', ipset: 'metrics.hq', iifname: 'wg0' }
|
||||
- { comment: 'Nim-Waku WebSocket', port: '{{ nim_waku_websock_port }}' }
|
||||
|
||||
# Public Config file access
|
||||
nginx_sites:
|
||||
|
|
|
@ -22,8 +22,8 @@
|
|||
|
||||
- name: infra-role-certbot
|
||||
src: git@github.com:status-im/infra-role-certbot.git
|
||||
version: dfd0bce4e5e2484f9be6f38ca34af92e5461ee8c
|
||||
version: 41e768fe2e9212366c6a33aa8c2e30d0b2832e80
|
||||
|
||||
- name: infra-role-postgres-ha
|
||||
src: git@github.com:status-im/infra-role-postgres-ha.git
|
||||
version: aa752f40623a7f92ce4a95c40cbbabf815452945
|
||||
version: fbc3376e790c526bb401edb1a6a1ffdc4a4d1ae1
|
||||
|
|
Loading…
Reference in New Issue