Set up gitea port forwarding
This commit is contained in:
parent
d844925ee0
commit
f4d20636d4
@ -27,8 +27,6 @@ vpn_wg0_endpoint_address:
|
||||
|
||||
vpn_remote_br0_subnet:
|
||||
|
||||
vpn_reverse_proxy_address:
|
||||
|
||||
# Service variables
|
||||
host_services: [
|
||||
service_name_1,
|
||||
|
@ -3,7 +3,7 @@
|
||||
table ip br0_ipv4 {
|
||||
chain prerouting {
|
||||
type nat hook prerouting priority -100;
|
||||
iif {{ ethx }} tcp dport { 80, 443 } dnat to {{ vpn_reverse_proxy_address }};
|
||||
iif {{ ethx }} tcp dport { 80, 443 } dnat to {{ services['rproxy'].address }};
|
||||
}
|
||||
|
||||
chain postrouting {
|
||||
|
@ -21,7 +21,7 @@ table inet filter {
|
||||
ct state invalid drop;
|
||||
|
||||
# Accept HTTP, HTTPS, SSH.
|
||||
tcp dport { 80, 443, {{ ansible_port }} } ct state new accept;
|
||||
tcp dport { 80, 443, {{ ansible_port }}, {{ services['git'].ssh_port }} } ct state new accept;
|
||||
|
||||
# Count and drop any other traffic.
|
||||
counter drop;
|
||||
|
@ -3,7 +3,8 @@
|
||||
table ip br0_ipv4 {
|
||||
chain prerouting {
|
||||
type nat hook prerouting priority -100;
|
||||
iif {{ ethx }} tcp dport { 80, 443 } dnat to {{ vpn_reverse_proxy_address }};
|
||||
iif {{ ethx }} tcp dport { 80, 443 } dnat to {{ services['lrproxy'].address }};
|
||||
iif {{ ethx }} tcp dport {{ services['git'].ssh_port }} dnat to {{ services['git'].address }};
|
||||
}
|
||||
|
||||
chain input {
|
||||
|
@ -34,6 +34,8 @@ ExecStart=/usr/bin/podman run \
|
||||
-e GITEA__database__PASSWD="{{ services[service_name].database_passwd }}" \
|
||||
-e GITEA__server__DOMAIN="{{ services[service_name].domain }}" \
|
||||
-e GITEA__server__ROOT_URL="https://%(DOMAIN)s/" \
|
||||
-e GITEA__server__SSH_PORT="{{ services[service_name].ssh_port }}" \
|
||||
-e GITEA__server__SSH_LISTEN_PORT="{{ services[service_name].ssh_port }}" \
|
||||
-e GITEA__mailer__ENABLED="true" \
|
||||
-e GITEA__mailer__FROM="Gitea <git@{{ services[service_name].domain }}>" \
|
||||
-e GITEA__mailer__MAILER_TYPE="smtp" \
|
||||
|
@ -29,9 +29,17 @@
|
||||
nftables_conf is changed and
|
||||
nftables_start is not changed
|
||||
|
||||
- block:
|
||||
- name: List all post-up nft scripts for interfaces
|
||||
find:
|
||||
paths: /usr/local/sbin
|
||||
patterns: "post-up-*.nft"
|
||||
register: nft_post_up_scripts
|
||||
|
||||
- name: Reload nft scripts for interfaces
|
||||
command: "{{ item }}"
|
||||
with_fileglob:
|
||||
- "/usr/local/sbin/post-up-*.nft"
|
||||
command: "{{ item.path }}"
|
||||
with_items:
|
||||
- "{{ nft_post_up_scripts.files }}"
|
||||
|
||||
when:
|
||||
nftables_restart is changed
|
||||
|
@ -25,8 +25,17 @@
|
||||
fi'
|
||||
register: br_intf
|
||||
|
||||
- block:
|
||||
- name: Restart bridge interface
|
||||
shell: if ip link show dev br0 ; then ifdown br0 && ifup br0 ; else ifup br0 ; fi
|
||||
|
||||
- name: Reconnect all services
|
||||
systemd:
|
||||
name: connect-pod-service@{{ item }}.service
|
||||
state: started
|
||||
with_items:
|
||||
- "{{ host_services }}"
|
||||
|
||||
when:
|
||||
br_intf_post_up_inet is changed or
|
||||
br_intf_post_up_ipv4 is changed or
|
||||
|
Loading…
Reference in New Issue
Block a user