From 3ce5937589bef1baf1f19dc848ce0e4df6fcb677 Mon Sep 17 00:00:00 2001 From: Mira <86979912+mira-miracoli@users.noreply.github.com> Date: Tue, 3 Sep 2024 11:25:01 +0200 Subject: [PATCH 1/3] Update influxdb.yml --- influxdb.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/influxdb.yml b/influxdb.yml index 8986010ed..5c772c3f2 100644 --- a/influxdb.yml +++ b/influxdb.yml @@ -23,15 +23,17 @@ persistent: true loop: - httpd_can_network_connect - - name: Disable firewalld service + - name: Enable firewalld service ansible.builtin.service: name: firewalld - enabled: false - state: stopped + enabled: true + state: started collections: - devsec.hardening roles: ## Starting configuration of the operating system + - role: usegalaxy_eu.fw_glxeu_generic + become: true - role: usegalaxy_eu.handy.os_setup vars: enable_hostname: true From 05f0c3098fa59e8e44c2467117c809f1d4a51175 Mon Sep 17 00:00:00 2001 From: Mira <86979912+mira-miracoli@users.noreply.github.com> Date: Tue, 3 Sep 2024 12:28:02 +0200 Subject: [PATCH 2/3] allow d-s-n service (port 8086 for influx) --- group_vars/influxdb.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/group_vars/influxdb.yml b/group_vars/influxdb.yml index 708bd9c4f..39a211980 100644 --- a/group_vars/influxdb.yml +++ b/group_vars/influxdb.yml @@ -79,3 +79,13 @@ nginx_remove_default_vhost: true nginx_ssl_role: usegalaxy-eu.certbot nginx_conf_ssl_certificate: /etc/ssl/certs/fullchain.pem nginx_conf_ssl_certificate_key: /etc/ssl/user/privkey-nginx.pem + +firewall_public_services: + - http + - https + - d-s-n # name for port 8086 +firewall_internal_services: + - http + - https + - ssh + - d-s-n From 3267275e8e12f27fbc2bd63bacdb6dd7a15dd75e Mon Sep 17 00:00:00 2001 From: Mira <86979912+mira-miracoli@users.noreply.github.com> Date: Tue, 3 Sep 2024 12:29:28 +0200 Subject: [PATCH 3/3] done by the fw_glxeu_generic role --- influxdb.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/influxdb.yml b/influxdb.yml index 5c772c3f2..85a3e0bb9 100644 --- a/influxdb.yml +++ b/influxdb.yml @@ -23,11 +23,6 @@ persistent: true loop: - httpd_can_network_connect - - name: Enable firewalld service - ansible.builtin.service: - name: firewalld - enabled: true - state: started collections: - devsec.hardening roles: