diff options
| author | Georg Pfuetzenreuter | 2023-04-30 16:11:46 +0200 |
|---|---|---|
| committer | Georg Pfuetzenreuter | 2023-04-30 16:11:46 +0200 |
| commit | b7f34f8b9d41ec39051ac8534aa743a73db701b9 (patch) | |
| tree | 5cc9a630225f45241ab42504885d0b1d28c53e07 | |
| parent | f90197f791dbedced8867309b0bb7c57c596ff04 (diff) | |
| parent | b685f16c914b9fa05bda7c69ce9e157d04262d09 (diff) | |
| download | salt-b7f34f8b9d41ec39051ac8534aa743a73db701b9.tar.gz salt-b7f34f8b9d41ec39051ac8534aa743a73db701b9.tar.bz2 salt-b7f34f8b9d41ec39051ac8534aa743a73db701b9.zip | |
Merge pull request 'Add manage_firewall conditional' (#48) from firewall-optional into production
Reviewed-on: https://git.com.de/LibertaCasa/salt/pulls/48
| -rw-r--r-- | pillar/cluster/denc/web-proxy.sls | 1 | ||||
| -rw-r--r-- | pillar/id/dericom02_rigel_lysergic_dev.sls | 1 | ||||
| -rw-r--r-- | pillar/id/derimisc01_rigel_lysergic_dev.sls | 2 | ||||
| -rw-r--r-- | pillar/id/deriweb01_rigel_lysergic_dev.sls | 1 | ||||
| -rw-r--r-- | pillar/id/moni_lysergic_dev.sls | 2 | ||||
| -rw-r--r-- | pillar/id/themis_lysergic_dev.sls | 1 | ||||
| -rw-r--r-- | salt/common/suse.sls | 3 |
7 files changed, 11 insertions, 0 deletions
diff --git a/pillar/cluster/denc/web-proxy.sls b/pillar/cluster/denc/web-proxy.sls index 61fd653..0bdeec7 100644 --- a/pillar/cluster/denc/web-proxy.sls +++ b/pillar/cluster/denc/web-proxy.sls @@ -212,6 +212,7 @@ nginx: - error_log: /var/log/nginx/libsso_public.error.log - access_log: /var/log/nginx/libsso_public.access.log combined +manage_firewall: True firewalld: zones: public: diff --git a/pillar/id/dericom02_rigel_lysergic_dev.sls b/pillar/id/dericom02_rigel_lysergic_dev.sls index 4cc5145..2462239 100644 --- a/pillar/id/dericom02_rigel_lysergic_dev.sls +++ b/pillar/id/dericom02_rigel_lysergic_dev.sls @@ -267,6 +267,7 @@ profile: host: 'chillnet\.matterbridge\.dericom02\.rigel\.lysergic\.dev' root: {{ mediapath }}chill +manage_firewall: True firewalld: zones: web: diff --git a/pillar/id/derimisc01_rigel_lysergic_dev.sls b/pillar/id/derimisc01_rigel_lysergic_dev.sls index 1c6928d..98c2919 100644 --- a/pillar/id/derimisc01_rigel_lysergic_dev.sls +++ b/pillar/id/derimisc01_rigel_lysergic_dev.sls @@ -12,3 +12,5 @@ tor: hostname: cr36xbvmgjwnfw4sly4kuc6c3ozhesjre3y5pggq5xdkkmbrq6dz4fad.onion hs_ed25519_public_key: PT0gZWQyNTUxOXYxLXB1YmxpYzogdHlwZTAgPT0AAAAUd+uGrDJs0tuSXjiqC8LbsnJJMSbx15jQ7calMDGHhw== hs_ed25519_secret_key: ${'secret_tor:hidden_services:irc:key'} + +manage_firewall: True diff --git a/pillar/id/deriweb01_rigel_lysergic_dev.sls b/pillar/id/deriweb01_rigel_lysergic_dev.sls index a0ed675..1be2ab9 100644 --- a/pillar/id/deriweb01_rigel_lysergic_dev.sls +++ b/pillar/id/deriweb01_rigel_lysergic_dev.sls @@ -441,3 +441,4 @@ nginx: - sub_filter_types: application/xml - sub_filter: takahe.rigel.lysergic.dev:8000 exhausted.life +manage_firewall: True diff --git a/pillar/id/moni_lysergic_dev.sls b/pillar/id/moni_lysergic_dev.sls index 2ebf296..60c3e5c 100644 --- a/pillar/id/moni_lysergic_dev.sls +++ b/pillar/id/moni_lysergic_dev.sls @@ -108,3 +108,5 @@ prometheus: require_tls: false smarthost: 'zz0.email:465' send_resolved: yes + +manage_firewall: True diff --git a/pillar/id/themis_lysergic_dev.sls b/pillar/id/themis_lysergic_dev.sls index 67a7757..52186a6 100644 --- a/pillar/id/themis_lysergic_dev.sls +++ b/pillar/id/themis_lysergic_dev.sls @@ -142,6 +142,7 @@ profile: pwd: ${'secret_privatebin:model_options:pwd'} opt[12]: true +manage_firewall: True firewalld: zones: backend: diff --git a/salt/common/suse.sls b/salt/common/suse.sls index 764517e..01c7333 100644 --- a/salt/common/suse.sls +++ b/salt/common/suse.sls @@ -1,5 +1,8 @@ include: + {#- drop pillar check after all firewall configurations have been imported #} + {%- if salt['pillar.get']('manage_firewall'), False %} - firewalld + {%- endif %} - profile.seccheck - profile.zypp - profile.prometheus.node_exporter |