salt
/
ufw-formula
複製自 ExternalMirrors/ufw-formula
關注 2
收藏 0
複製 0
程式碼 版本發佈 8 活動
瀏覽代碼

Merge pull request #12 from myii/chore/standardise-structure 

feat(yamllint): include for this repo and apply rules throughout
tags/v0.5.0
Niels Abspoel 5 年之前
父節點
404735d584 38eb4dc325
當前提交
03c2c2b68e
沒有連結到貢獻者的電子郵件帳戶。
共有 5 個檔案被更改,包括 51 行新增21 行删除
分割檢視 顯示文件統計
  1. +9
    -4
      .travis.yml
  2. +16
    -0
      .yamllint
  3. +13
    -10
      pillar.example
  4. +3
    -0
      test/integration/default/inspec.yml
  5. +10
    -7
      test/salt/pillar/default.sls

+ 9
- 4
.travis.yml 查看文件

@@ -3,7 +3,7 @@
---
stages:
- test
- commitlint
- lint
- name: release
if: branch = master AND type != pull_request

@@ -45,16 +45,21 @@ script:

jobs:
include:
# Define the commitlint stage
- stage: commitlint
# Define the `lint` stage (runs `yamllint` and `commitlint`)
- stage: lint
language: node_js
node_js: lts/*
before_install: skip
script:
# Install and run `yamllint`
- pip install --user yamllint
# yamllint disable-line rule:line-length
- yamllint -s . .yamllint pillar.example test/salt/pillar/default.sls
# Install and run `commitlint`
- npm install @commitlint/config-conventional -D
- npm install @commitlint/travis-cli -D
- commitlint-travis
# Define the release stage that runs semantic-release
# Define the release stage that runs `semantic-release`
- stage: release
language: node_js
node_js: lts/*

+ 16
- 0
.yamllint 查看文件

@@ -0,0 +1,16 @@
# -*- coding: utf-8 -*-
# vim: ft=yaml
---
# Extend the `default` configuration provided by `yamllint`
extends: default

# Files to ignore completely
# 1. All YAML files under directory `node_modules/`, introduced during the Travis run
ignore: |
node_modules/

rules:
line-length:
# Increase from default of `80`
# Based on https://github.com/PyCQA/flake8-bugbear#opinionated-warnings (`B950`)
max: 88

+ 13
- 10
pillar.example 查看文件

@@ -1,15 +1,18 @@
# -*- coding: utf-8 -*-
# vim: ft=yaml
---
ufw:

enabled: True
enabled: true

settings:
loglevel: low
ipv6: True
ipv6: true
default_input_policy: 'DROP'
default_output_policy: 'ACCEPT'
default_forward_policy: 'DROP'
default_application_policy: 'SKIP'
manage_builtins: False
manage_builtins: false
ipt_sysctl: '/etc/ufw/sysctl.conf'
ipt_modules:
- nf_conntrack_ftp
@@ -61,12 +64,12 @@ ufw:
# Deny from a specific port, by number.
140:
protocol: tcp
deny: True
deny: true

# Deny everything from a specific ip address
'*':
protocol: tcp
deny: True
deny: true
from_addr: 10.0.0.1

# Deny everything from multiple ip addresses and avoid
@@ -74,14 +77,14 @@ ufw:
'*/multiple':
to_port: '*'
protocol: tcp
deny: True
deny: true
from_addr:
- 10.0.0.2
- 10.0.0.3

# Limit a specific port, by number.
170:
limit: True
limit: true
protocol: tcp
comment: Print service

@@ -98,16 +101,16 @@ ufw:
# Allow applications defined at /etc/ufw/applications.d/
applications:
OpenSSH:
enabled: True
enabled: true
comment: We are using fail2ban anyway

# Limit access to salt master
Saltmaster:
limit: True
limit: true

# Deny access to Postgresql
Postgresql:
deny: True
deny: true

# Allow all traffic in on the specified interface
interfaces:

+ 3
- 0
test/integration/default/inspec.yml 查看文件

@@ -1,3 +1,6 @@
# -*- coding: utf-8 -*-
# vim: ft=yaml
---
name: default
title: ufw formula
maintainer: SaltStack Formulas

+ 10
- 7
test/salt/pillar/default.sls 查看文件

@@ -1,32 +1,35 @@
# -*- coding: utf-8 -*-
# vim: ft=yaml
---
ufw:
enabled: True
enabled: true
settings:
loglevel: 'low'
applications:
MySQL:
comment: Allow MySQL
Postgresql:
limit: True
limit: true
comment: Limit Postgresql
SSH223:
deny: True
deny: true
comment: Deny Webscale SSH
'*':
deny: True
deny: true
from_addr: 10.0.0.0/8
services:
'*':
deny: True
deny: true
from_addr:
- 10.0.0.1
- 10.0.0.2
'22':
protocol: tcp
limit: True
limit: true
comment: Limit SSH
'80':
protocol: tcp
deny: True
deny: true
comment: Deny HTTP
'443':
protocol: tcp

Write Preview
Loading…
取消
儲存