Suppression complète de n0box2
This commit is contained in:
VC
@@ -10,11 +10,3 @@ borg create --exclude-caches {% for f in borg_backup_excluded_path %}-e {{ f }}
|
||||
## récupération de l'espace
|
||||
borg prune -d 7 -w 4 -m 3 backup@{{ hostvars[groups['borg_server'][0]]['ansible_fqdn'] }}:home
|
||||
|
||||
{% if inventory_hostname == 'n0box2.mateu.be' %}
|
||||
## la sauvegarde mais chez Holaf
|
||||
borg create -s ssh://mortal@holaf.duckdns.org:22222/home/mortal/repos/n0box2.mateu.be/home::{now:%Y-%m-%d} /etc /home /srv
|
||||
|
||||
## la sauvegarde mais chez Holaf
|
||||
borg prune -d 7 -w 4 -m 3 ssh://mortal@holaf.duckdns.org:22222/home/mortal/repos/n0box2.mateu.be/home
|
||||
|
||||
{% endif %}
|
||||
|
||||
@@ -81,77 +81,6 @@ config rule
|
||||
option target 'ACCEPT'
|
||||
option family 'ipv6'
|
||||
|
||||
## Traffic for n0box2 server
|
||||
#config rule
|
||||
# option name 'n0box2-TS-com+com2'
|
||||
# option src 'wan'
|
||||
# option proto 'tcp'
|
||||
# option dest 'lan'
|
||||
# option dest_ip '{{ hostvars['n0box2.mateu.be']['ansible_default_ipv6']['address'] }}'
|
||||
# option dest_port '10011 30033'
|
||||
# option target 'ACCEPT'
|
||||
# option family 'ipv6'
|
||||
|
||||
#config rule
|
||||
# option name 'n0box2-TS-signal'
|
||||
# option src 'wan'
|
||||
# option proto 'udp'
|
||||
# option dest 'lan'
|
||||
# option dest_ip '{{ hostvars['n0box2.mateu.be']['ansible_default_ipv6']['address'] }}'
|
||||
# option dest_port '9987'
|
||||
# option target 'ACCEPT'
|
||||
# option family 'ipv6'
|
||||
|
||||
#config rule
|
||||
# option name 'n0box2-mumble'
|
||||
# option src 'wan'
|
||||
# option proto 'tcpudp'
|
||||
# option dest 'lan'
|
||||
# option dest_ip '{{ hostvars['n0box2.mateu.be']['ansible_default_ipv6']['address'] }}'
|
||||
# option dest_port '64738'
|
||||
# option target 'ACCEPT'
|
||||
# option family 'ipv6'
|
||||
|
||||
#config redirect
|
||||
# option name 'n0box2-TS-com'
|
||||
# option src 'wan'
|
||||
# option src_dport '10011'
|
||||
# option proto 'tcp'
|
||||
# option dest 'lan'
|
||||
# option dest_ip '{{ hostvars['n0box2.mateu.be']['ansible_default_ipv4']['address'] }}'
|
||||
# option dest_port '10011'
|
||||
# option target 'DNAT'
|
||||
|
||||
#config redirect
|
||||
# option name 'n0box2-TS-com2'
|
||||
# option src 'wan'
|
||||
# option src_dport '30033'
|
||||
# option proto 'tcp'
|
||||
# option dest 'lan'
|
||||
# option dest_ip '{{ hostvars['n0box2.mateu.be']['ansible_default_ipv4']['address'] }}'
|
||||
# option dest_port '30033'
|
||||
# option target 'DNAT'
|
||||
|
||||
#config redirect
|
||||
# option name 'n0box2-TS-signal'
|
||||
# option src 'wan'
|
||||
# option src_dport '9987'
|
||||
# option proto 'udp'
|
||||
# option dest 'lan'
|
||||
# option dest_ip '{{ hostvars['n0box2.mateu.be']['ansible_default_ipv4']['address'] }}'
|
||||
# option dest_port '9987'
|
||||
# option target 'DNAT'
|
||||
|
||||
#config redirect
|
||||
# option name 'n0box2-mumble'
|
||||
# option src 'wan'
|
||||
# option src_dport '64738'
|
||||
# option proto 'tcpudp'
|
||||
# option dest 'lan'
|
||||
# option dest_ip '{{ hostvars['n0box2.mateu.be']['ansible_default_ipv4']['address'] }}'
|
||||
# option dest_port '64738'
|
||||
# option target 'DNAT'
|
||||
|
||||
### DMZ Rules
|
||||
## General Rules
|
||||
# ICMP
|
||||
@@ -228,28 +157,6 @@ config rule
|
||||
option target 'ACCEPT'
|
||||
option family 'ipv6'
|
||||
|
||||
# a supprimer le prochain coup
|
||||
# Allow traffic to n0box2
|
||||
config rule
|
||||
option name 'Allow-OUTPUT-to-n0box2'
|
||||
option src 'dmz'
|
||||
option proto 'tcpudp'
|
||||
option dest 'lan'
|
||||
option dest_ip '{{ hostvars['n0box2.mateu.be']['ansible_default_ipv4']['address'] }}'
|
||||
option dest_port '25 26 80 443 465 587 143 993'
|
||||
option target 'ACCEPT'
|
||||
option family 'ipv4'
|
||||
|
||||
config rule
|
||||
option name 'Allow-OUTPUT-to-n0box2'
|
||||
option src 'dmz'
|
||||
option proto 'tcpudp'
|
||||
option dest 'lan'
|
||||
option dest_ip '{{ hostvars['n0box2.mateu.be']['ansible_default_ipv6']['address'] }}'
|
||||
option dest_port '25 26 80 443 465 587 143 993'
|
||||
option target 'ACCEPT'
|
||||
option family 'ipv6'
|
||||
|
||||
## Specific rules
|
||||
# Allow IPv4 Web traffic IN
|
||||
config redirect
|
||||
|
||||
@@ -49,7 +49,6 @@ frontend http
|
||||
|
||||
{% endfor %}
|
||||
{% endfor %}
|
||||
use_backend http_default
|
||||
|
||||
frontend https
|
||||
mode tcp
|
||||
@@ -62,10 +61,9 @@ frontend https
|
||||
## {{ hostname }} configuration
|
||||
acl host_{{ hostname }} req.ssl_sni -i {{ hostname }}
|
||||
use_backend https_{{ server }} if host_{{ hostname }}
|
||||
|
||||
{% endfor %}
|
||||
{% endfor %}
|
||||
use_backend https_default
|
||||
|
||||
|
||||
{% for server in groups['webservers'] %}
|
||||
## {{ server }} configuration
|
||||
@@ -79,14 +77,6 @@ backend https_{{ server }}
|
||||
|
||||
{% endfor %}
|
||||
|
||||
backend http_default
|
||||
mode http
|
||||
server host_n0box2 {{ lookup('dig', 'n0box2.mateu.be.', 'qtype=AAAA') }}:80
|
||||
|
||||
backend https_default
|
||||
mode tcp
|
||||
server host_n0box2 {{ lookup('dig', 'n0box2.mateu.be.', 'qtype=AAAA') }}:443
|
||||
|
||||
## Stats
|
||||
listen stats
|
||||
bind *:8080
|
||||
|
||||
Reference in New Issue
Block a user