<% distrib, infos = ENV.fetch('DISTRIB', 'debian:stretch/9').split(':') codename, version = infos.split('/') %> --- driver: name: docker use_sudo: false privileged: true provisioner: name: salt_solo formula: ufw # Install Salt from official repositories salt_install: apt salt_version: latest salt_apt_repo: https://repo.saltstack.com/apt/<%= distrib %>/<%= version %>/amd64 salt_apt_repo_key: https://repo.saltstack.com/apt/<%= distrib %>/<%= version %>/amd64/latest/SALTSTACK-GPG-KEY.pub # Don't install Chef require_chef: false # Configure Salt state_top: base: '*': - ufw pillars: top.sls: base: '*': - ufw ufw.sls: ufw: enabled: True settings: loglevel: 'low' applications: MySQL: comment: Allow MySQL Postgresql: limit: True comment: Limit Postgresql SSH223: deny: True comment: Deny Webscale SSH '*': deny: True from_addr: 10.0.0.0/8 services: '*': deny: True from_addr: - 10.0.0.1 - 10.0.0.2 '22': protocol: tcp limit: True comment: Limit SSH '80': protocol: tcp deny: True comment: Deny HTTP '443': protocol: tcp comment: Allow HTTPS platforms: - name: <%= distrib %>-<%= codename %> driver_config: image: "<%= distrib %>:<%= codename %>" platform: <%= distrib %> provision_command: - apt-get update && apt-get install -y locales - echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen - locale-gen en_US.UTF-8 run_command: /lib/systemd/systemd verifier: name: inspec reporter: progress suites: - name: ufw