status-im
/
infra-waku
mirror of https://github.com/status-im/infra-waku.git
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

all: migrate iptables to nftables 

- set `bootstrap__firewall_nftables` var to true
- adjust `open_ports_list` to match the structure needed to run firewall role

changes applied to all hosts in  test and sandbox environment of infra-waku

related to : https://github.com/status-im/infra-misc/issues/301
This commit is contained in:
Siddarth Kumar 2024-09-03 15:43:41 +05:30
parent c5de7b8fcb
commit 9dab86bd56
3 changed files with 12 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ansible/group_vars/all.yml
View File

@ -1,6 +1,9 @@
--- ---
# Root password # Root password
bootstrap__root_pass: '{{lookup("bitwarden", "root-pass")}}' bootstrap__root_pass: '{{lookup("bitwarden", "root-pass")}}'
# Migrated to NFTables from IPTables.
# https://github.com/status-im/infra-misc/issues/301
bootstrap__firewall_nftables: true
# Consul # Consul
bootstrap__consul_encryption_key: '{{lookup("bitwarden", "consul/cluster", field="encryption-key")}}' bootstrap__consul_encryption_key: '{{lookup("bitwarden", "consul/cluster", field="encryption-key")}}'
bootstarp__consul_agent_acl_token: '{{lookup("bitwarden", "consul/acl-tokens", field="agent-default")}}' bootstarp__consul_agent_acl_token: '{{lookup("bitwarden", "consul/acl-tokens", field="agent-default")}}'

5
ansible/group_vars/node-db.yml
View File

@ -19,7 +19,6 @@ postgres_ha_backup: false
# Open PostgreSQL Port # Open PostgreSQL Port
open_ports_default_comment: '{{ postgres_ha_service_name }}' open_ports_default_comment: '{{ postgres_ha_service_name }}'
open_ports_default_chain: 'SERVICES'
open_ports_default_protocol: 'tcp'
open_ports_list: open_ports_list:
- { port: '{{ postgres_ha_cont_port }}', ipset: '{{ env }}.{{ stage }}' } postgres:
- { port: '{{ postgres_ha_cont_port }}', ipset: '{{ env }}.{{ stage }}', iifname: 'wg0' }

15
ansible/group_vars/node.yml
View File

@ -88,15 +88,14 @@ conn_limit_limit: 20
conn_limit_dport: '{{ nim_waku_websock_port }}' conn_limit_dport: '{{ nim_waku_websock_port }}'
# Open LibP2P Ports # Open LibP2P Ports
open_ports_default_comment: '{{ nim_waku_cont_name }}'
open_ports_default_chain: 'SERVICES'
open_ports_default_protocol: 'tcp'
open_ports_list: open_ports_list:
- { port: '80', comment: 'Nginx and Certbot' } nginx:
- { port: '{{ nim_waku_p2p_tcp_port }}' } - { port: '80', comment: 'Nginx and Certbot' }
- { port: '{{ nim_waku_disc_v5_port }}', protocol: 'udp' } nim-waku:
- { port: '{{ nim_waku_websock_port }}' } - { port: '{{ nim_waku_p2p_tcp_port }}', comment: 'libp2p' }
- { port: '{{ nim_waku_metrics_port }}', chain: 'VPN', ipset: 'metrics.hq' } - { port: '{{ nim_waku_disc_v5_port }}', comment: 'discovery v5', protocol: 'udp' }
- { port: '{{ nim_waku_websock_port }}', comment: 'websocket' }
- { port: '{{ nim_waku_metrics_port }}', comment: 'metrics', ipset: 'metrics.hq', iifname: 'wg0' }
# Public Config file access # Public Config file access
nginx_sites: nginx_sites: