1
0
Fork 0
mirror of https://code.forgejo.org/infrastructure/documentation synced 2024-11-28 13:21:11 +00:00

Merge pull request 'allow everything between cluster nodes' (#33) from earl-warren/documentation:wip-disaster into main

Reviewed-on: https://code.forgejo.org/infrastructure/documentation/pulls/33
This commit is contained in:
earl-warren 2024-10-19 12:05:34 +00:00
commit 4f90ea7af5

View file

@ -74,16 +74,34 @@ sudo ufw default allow incoming
sudo ufw default allow outgoing
sudo ufw default allow routed
ips="88.198.58.177 2a01:4f8:222:507::2" # host specific
interface=enp5s0
for host_ip in $ips ; do
sudo ufw allow to $host_ip port 22 proto tcp
sudo ufw deny to $host_ip
function internode() {
for from in $@ ; do
for to in $@ ; do
if test $from != $to ; then
sudo ufw allow in on $interface from $from to $to
fi
done
done
}
ipv4="65.108.204.171 88.198.58.177"
internode $ipv4
ipv6="2a01:4f9:1a:a082::2 2a01:4f8:222:507::2"
internode $ipv6
for host_ip in $ipv4 $ipv6 ; do
sudo ufw allow in on $interface to $host_ip port 22 proto tcp
sudo ufw deny in on $interface log-all to $host_ip
done
for public_ip in 188.40.16.47 2a01:4f8:fff2:48::2 ; do
sudo ufw allow to $public_ip port 22,80,443,2000:3000 proto tcp
sudo ufw deny to $public_ip
failover="188.40.16.47 2a01:4f8:fff2:48::2"
for public_ip in $failover ; do
sudo ufw allow in on $interface to $public_ip port 22,80,443,2000:3000 proto tcp
sudo ufw deny in on $interface log-all to $public_ip
done
```