ekacnet
il y a 2 ans
5 fichiers modifiés avec 53 ajouts et 0 suppressions
+ 10
- 0
pillar.example
Voir le fichier
| @@ -112,6 +112,16 @@ ufw: | |||
| Postgresql: | |||
| deny: true | |||
| RSPAMD-milter: | |||
| enabled: true | |||
| applications_files: | |||
| ufw-rspamd: | |||
| RSPAMD-milter: | |||
| title: Rspamd milter | |||
| description: Rspamd port for milter (mail filter) connection from STMP mail process | |||
| ports: 11332/tcp | |||
| # Allow all traffic in on the specified interface | |||
| interfaces: | |||
| eth1: | |||
+ 5
- 0
ufw/config/applications.sls
Voir le fichier
| @@ -27,6 +27,7 @@ include: | |||
| {%- set method = 'deny' if deny else ('limit' if limit else 'allow') %} | |||
| {%- set to_addr = app_details.get('to_addr', None) %} | |||
| {%- set comment = app_details.get('comment', None) %} | |||
| {%- set require = app_details.get('require', None) %} | |||
| {%- if from_addr is not none %} | |||
| ufw-app-{{ method }}-{{ app_name }}-{{ from_addr }}: | |||
| @@ -46,6 +47,10 @@ ufw-app-{{ method }}-{{ app_name }}: | |||
| {%- if comment is not none and salt['grains.get']('osfinger') != 'Debian-8' and salt['grains.get']('osfinger') != 'CentOS-6' %} | |||
| - comment: '"{{ comment }}"' | |||
| {%- endif %} | |||
| {%- if require %} | |||
| - require: | |||
| - file: ufw-file-app-{{ require }} | |||
| {%- endif %} | |||
| {%- if enabled %} | |||
| - listen_in: | |||
| - cmd: reload-ufw | |||
+ 15
- 0
ufw/config/file.sls
Voir le fichier
| @@ -40,6 +40,20 @@ ufw-sysctl-file-file-managed: | |||
| - context: | |||
| ufw_sysctl: {{ ufw.sysctl | json }} | |||
| {% if ufw.get('applications_files') %} | |||
| {% for filename, config in ufw.get('applications_files').items() %} | |||
| ufw-file-app-{{ filename }}: | |||
| file.managed: | |||
| - name: /etc/ufw/applications.d/{{ filename }} | |||
| - user: root | |||
| - group: root | |||
| - mode: 644 | |||
| - template: jinja | |||
| - source: salt://ufw/files/application.tmpl.jinja | |||
| - context: | |||
| config: {{ config | json }} | |||
| {% endfor %} | |||
| {% else %} | |||
| /etc/ufw/applications.d: | |||
| file.recurse: | |||
| - user: root | |||
| @@ -47,3 +61,4 @@ ufw-sysctl-file-file-managed: | |||
| - file_mode: 644 | |||
| - clean: False | |||
| - source: salt://ufw/files/applications.d | |||
| {% endif %} | |||
+ 9
- 0
ufw/files/application.tmpl.jinja
Voir le fichier
| @@ -0,0 +1,9 @@ | |||
| {%- for app_name, app_config in config.items() %} | |||
| {%- set app_title=app_config.get('title', app_name) %} | |||
| {%- set app_description=app_config.get('description', "") %} | |||
| {%- set app_ports=app_config.get('ports') %} | |||
| [{{ app_name }}] | |||
| title={{ app_title }} | |||
| description={{ app_description }} | |||
| ports={{ app_ports }} | |||
| {%- endfor %} | |||
+ 14
- 0
ufw/service/update.sls
Voir le fichier
| @@ -0,0 +1,14 @@ | |||
| # -*- coding: utf-8 -*- | |||
| # vim: ft=sls | |||
| {#- Get the `tplroot` from `tpldir` #} | |||
| {%- set tplroot = tpldir.split('/')[0] %} | |||
| {%- from tplroot ~ "/map.jinja" import ufw with context %} | |||
| {%- if ufw.get('enabled', False) %} | |||
| app-update-ufw: | |||
| cmd.wait: # noqa: 213 | |||
| - name: ufw app update all | |||
| {%- endif %} | |||
Chargement…