diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml index 325600b..f63536f 100644 --- a/ansible/group_vars/all.yml +++ b/ansible/group_vars/all.yml @@ -1,4 +1,6 @@ --- +bootstrap__firewall_nftables: true + # Root password bootstrap__root_pass: '{{lookup("bitwarden", "root-pass")}}' # Consul diff --git a/ansible/group_vars/boot.yml b/ansible/group_vars/boot.yml index aed053f..d88339f 100644 --- a/ansible/group_vars/boot.yml +++ b/ansible/group_vars/boot.yml @@ -85,16 +85,15 @@ certbot_certs_map: - '{{ nim_waku_websocket_domain }}' - '{{ nim_waku_websocket_domain | replace("status."+stage, "shards.staging") }}' # Legacy Fleet Name -# Open LibP2P Ports -open_ports_default_comment: '{{ nim_waku_cont_name }}' -open_ports_default_chain: 'SERVICES' -open_ports_default_protocol: 'tcp' +# Open Nim-Waku Ports open_ports_list: - - { port: '80', comment: 'Nginx and Certbot' } - - { port: '{{ nim_waku_p2p_tcp_port }}' } - - { port: '{{ nim_waku_disc_v5_port }}', protocol: 'udp' } - - { port: '{{ nim_waku_metrics_port }}', chain: 'VPN', ipset: 'metrics.hq' } - - { port: '{{ nim_waku_websock_port }}' } + nginx: + - { comment: 'Nginx and Certbot', port: '80' } + nim-waku: + - { comment: 'Nim-Waku LibP2P', port: '{{ nim_waku_p2p_tcp_port }}' } + - { comment: 'Nim-Waku Discovery v5', port: '{{ nim_waku_disc_v5_port }}', protocol: 'udp' } + - { comment: 'Nim-Waku Metrics', port: '{{ nim_waku_metrics_port }}', ipset: 'metrics.hq', iifname: 'wg0' } + - { comment: 'Nim-Waku WebSocket', port: '{{ nim_waku_websock_port }}' } # Public Config file access nginx_sites: diff --git a/ansible/group_vars/store-db.yml b/ansible/group_vars/store-db.yml index dcd8579..9f9c455 100644 --- a/ansible/group_vars/store-db.yml +++ b/ansible/group_vars/store-db.yml @@ -66,8 +66,6 @@ postgres_ha_consul_failures_before_warning: 5 postgres_ha_consul_failures_before_critical: 10 # Open PostgreSQL Port -open_ports_default_comment: '{{ postgres_ha_service_name }}' -open_ports_default_chain: 'SERVICES' -open_ports_default_protocol: 'tcp' open_ports_list: - - { port: '{{ postgres_ha_cont_port }}', ipset: '{{ env }}.{{ stage }}' } + postgres: + - { comment: 'PostgreSQL', port: '{{ postgres_ha_cont_port }}', ipset: '{{ env }}.{{ stage }}', iifname: 'wg0' } diff --git a/ansible/group_vars/store.yml b/ansible/group_vars/store.yml index 2ac7261..77892e1 100644 --- a/ansible/group_vars/store.yml +++ b/ansible/group_vars/store.yml @@ -92,16 +92,15 @@ certbot_certs_map: - '{{ nim_waku_websocket_domain }}' - '{{ nim_waku_websocket_domain | replace("status."+stage, "shards.staging") }}' # Legacy Fleet Name -# Open LibP2P Ports -open_ports_default_comment: '{{ nim_waku_cont_name }}' -open_ports_default_chain: 'SERVICES' -open_ports_default_protocol: 'tcp' +# Open Nim-Waku Ports open_ports_list: - - { port: '80', comment: 'Nginx and Certbot' } - - { port: '{{ nim_waku_p2p_tcp_port }}' } - - { port: '{{ nim_waku_disc_v5_port }}', protocol: 'udp' } - - { port: '{{ nim_waku_metrics_port }}', chain: 'VPN', ipset: 'metrics.hq' } - - { port: '{{ nim_waku_websock_port }}' } + nginx: + - { comment: 'Nginx and Certbot', port: '80' } + nim-waku: + - { comment: 'Nim-Waku LibP2P', port: '{{ nim_waku_p2p_tcp_port }}' } + - { comment: 'Nim-Waku Discovery v5', port: '{{ nim_waku_disc_v5_port }}', protocol: 'udp' } + - { comment: 'Nim-Waku Metrics', port: '{{ nim_waku_metrics_port }}', ipset: 'metrics.hq', iifname: 'wg0' } + - { comment: 'Nim-Waku WebSocket', port: '{{ nim_waku_websock_port }}' } # Public Config file access nginx_sites: diff --git a/ansible/requirements.yml b/ansible/requirements.yml index 8643724..83179cb 100644 --- a/ansible/requirements.yml +++ b/ansible/requirements.yml @@ -22,8 +22,8 @@ - name: infra-role-certbot src: git@github.com:status-im/infra-role-certbot.git - version: dfd0bce4e5e2484f9be6f38ca34af92e5461ee8c + version: 41e768fe2e9212366c6a33aa8c2e30d0b2832e80 - name: infra-role-postgres-ha src: git@github.com:status-im/infra-role-postgres-ha.git - version: aa752f40623a7f92ce4a95c40cbbabf815452945 + version: fbc3376e790c526bb401edb1a6a1ffdc4a4d1ae1