|
- <%
- distrib, infos = ENV.fetch('DISTRIB', 'debian:stretch/9').split(':')
- codename, version = infos.split('/')
- %>
- ---
- driver:
- name: docker
- use_sudo: false
- privileged: true
-
- provisioner:
- name: salt_solo
- formula: ufw
-
- # Install Salt from official repositories
- salt_install: apt
- salt_version: latest
- salt_apt_repo: https://repo.saltstack.com/apt/<%= distrib %>/<%= version %>/amd64
- salt_apt_repo_key: https://repo.saltstack.com/apt/<%= distrib %>/<%= version %>/amd64/latest/SALTSTACK-GPG-KEY.pub
-
- # Don't install Chef
- require_chef: false
-
- # Configure Salt
- state_top:
- base:
- '*':
- - ufw
-
- pillars:
- top.sls:
- base:
- '*':
- - ufw
- ufw.sls:
- ufw:
- enabled: True
- settings:
- loglevel: 'low'
- applications:
- MySQL:
- comment: Allow MySQL
- Postgresql:
- limit: True
- comment: Limit Postgresql
- SSH223:
- deny: True
- comment: Deny Webscale SSH
- '*':
- deny: True
- from_addr: 10.0.0.0/8
- services:
- '*':
- deny: True
- from_addr:
- - 10.0.0.1
- - 10.0.0.2
- '22':
- protocol: tcp
- limit: True
- comment: Limit SSH
- '80':
- protocol: tcp
- deny: True
- comment: Deny HTTP
- '443':
- protocol: tcp
- comment: Allow HTTPS
-
- platforms:
- - name: <%= distrib %>-<%= codename %>
- driver_config:
- image: "<%= distrib %>:<%= codename %>"
- platform: <%= distrib %>
- provision_command:
- - apt-get update && apt-get install -y locales
- - echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen
- - locale-gen en_US.UTF-8
- run_command: /lib/systemd/systemd
-
- verifier:
- name: inspec
- reporter: progress
-
- suites:
- - name: ufw
|
