Set up gitea port forwarding
This commit is contained in:
parent
d844925ee0
commit
f4d20636d4
@ -27,8 +27,6 @@ vpn_wg0_endpoint_address:
|
|||||||
|
|
||||||
vpn_remote_br0_subnet:
|
vpn_remote_br0_subnet:
|
||||||
|
|
||||||
vpn_reverse_proxy_address:
|
|
||||||
|
|
||||||
# Service variables
|
# Service variables
|
||||||
host_services: [
|
host_services: [
|
||||||
service_name_1,
|
service_name_1,
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
table ip br0_ipv4 {
|
table ip br0_ipv4 {
|
||||||
chain prerouting {
|
chain prerouting {
|
||||||
type nat hook prerouting priority -100;
|
type nat hook prerouting priority -100;
|
||||||
iif {{ ethx }} tcp dport { 80, 443 } dnat to {{ vpn_reverse_proxy_address }};
|
iif {{ ethx }} tcp dport { 80, 443 } dnat to {{ services['rproxy'].address }};
|
||||||
}
|
}
|
||||||
|
|
||||||
chain postrouting {
|
chain postrouting {
|
||||||
|
@ -21,7 +21,7 @@ table inet filter {
|
|||||||
ct state invalid drop;
|
ct state invalid drop;
|
||||||
|
|
||||||
# Accept HTTP, HTTPS, SSH.
|
# Accept HTTP, HTTPS, SSH.
|
||||||
tcp dport { 80, 443, {{ ansible_port }} } ct state new accept;
|
tcp dport { 80, 443, {{ ansible_port }}, {{ services['git'].ssh_port }} } ct state new accept;
|
||||||
|
|
||||||
# Count and drop any other traffic.
|
# Count and drop any other traffic.
|
||||||
counter drop;
|
counter drop;
|
||||||
|
@ -3,7 +3,8 @@
|
|||||||
table ip br0_ipv4 {
|
table ip br0_ipv4 {
|
||||||
chain prerouting {
|
chain prerouting {
|
||||||
type nat hook prerouting priority -100;
|
type nat hook prerouting priority -100;
|
||||||
iif {{ ethx }} tcp dport { 80, 443 } dnat to {{ vpn_reverse_proxy_address }};
|
iif {{ ethx }} tcp dport { 80, 443 } dnat to {{ services['lrproxy'].address }};
|
||||||
|
iif {{ ethx }} tcp dport {{ services['git'].ssh_port }} dnat to {{ services['git'].address }};
|
||||||
}
|
}
|
||||||
|
|
||||||
chain input {
|
chain input {
|
||||||
|
@ -34,6 +34,8 @@ ExecStart=/usr/bin/podman run \
|
|||||||
-e GITEA__database__PASSWD="{{ services[service_name].database_passwd }}" \
|
-e GITEA__database__PASSWD="{{ services[service_name].database_passwd }}" \
|
||||||
-e GITEA__server__DOMAIN="{{ services[service_name].domain }}" \
|
-e GITEA__server__DOMAIN="{{ services[service_name].domain }}" \
|
||||||
-e GITEA__server__ROOT_URL="https://%(DOMAIN)s/" \
|
-e GITEA__server__ROOT_URL="https://%(DOMAIN)s/" \
|
||||||
|
-e GITEA__server__SSH_PORT="{{ services[service_name].ssh_port }}" \
|
||||||
|
-e GITEA__server__SSH_LISTEN_PORT="{{ services[service_name].ssh_port }}" \
|
||||||
-e GITEA__mailer__ENABLED="true" \
|
-e GITEA__mailer__ENABLED="true" \
|
||||||
-e GITEA__mailer__FROM="Gitea <git@{{ services[service_name].domain }}>" \
|
-e GITEA__mailer__FROM="Gitea <git@{{ services[service_name].domain }}>" \
|
||||||
-e GITEA__mailer__MAILER_TYPE="smtp" \
|
-e GITEA__mailer__MAILER_TYPE="smtp" \
|
||||||
|
@ -29,9 +29,17 @@
|
|||||||
nftables_conf is changed and
|
nftables_conf is changed and
|
||||||
nftables_start is not changed
|
nftables_start is not changed
|
||||||
|
|
||||||
- name: Reload nft scripts for interfaces
|
- block:
|
||||||
command: "{{ item }}"
|
- name: List all post-up nft scripts for interfaces
|
||||||
with_fileglob:
|
find:
|
||||||
- "/usr/local/sbin/post-up-*.nft"
|
paths: /usr/local/sbin
|
||||||
|
patterns: "post-up-*.nft"
|
||||||
|
register: nft_post_up_scripts
|
||||||
|
|
||||||
|
- name: Reload nft scripts for interfaces
|
||||||
|
command: "{{ item.path }}"
|
||||||
|
with_items:
|
||||||
|
- "{{ nft_post_up_scripts.files }}"
|
||||||
|
|
||||||
when:
|
when:
|
||||||
nftables_restart is changed
|
nftables_restart is changed
|
||||||
|
@ -25,8 +25,17 @@
|
|||||||
fi'
|
fi'
|
||||||
register: br_intf
|
register: br_intf
|
||||||
|
|
||||||
- name: Restart bridge interface
|
- block:
|
||||||
|
- name: Restart bridge interface
|
||||||
shell: if ip link show dev br0 ; then ifdown br0 && ifup br0 ; else ifup br0 ; fi
|
shell: if ip link show dev br0 ; then ifdown br0 && ifup br0 ; else ifup br0 ; fi
|
||||||
|
|
||||||
|
- name: Reconnect all services
|
||||||
|
systemd:
|
||||||
|
name: connect-pod-service@{{ item }}.service
|
||||||
|
state: started
|
||||||
|
with_items:
|
||||||
|
- "{{ host_services }}"
|
||||||
|
|
||||||
when:
|
when:
|
||||||
br_intf_post_up_inet is changed or
|
br_intf_post_up_inet is changed or
|
||||||
br_intf_post_up_ipv4 is changed or
|
br_intf_post_up_ipv4 is changed or
|
||||||
|
Loading…
Reference in New Issue
Block a user