[SKIP CI] add iptables tasks
This commit is contained in:
parent
90e20c350c
commit
2e6e141e88
@ -73,3 +73,10 @@ droneci_gitea_skip_verify: False
|
||||
# droneci_no_proxy: (see below)
|
||||
# - drone-server
|
||||
# - drone-agent
|
||||
|
||||
droneci_iptables_enabled: False
|
||||
droneci_open_ports:
|
||||
- name: allow_droneci_web
|
||||
rules: |
|
||||
-A INPUT -m state --state NEW -p tcp --dport {{ droneci_server_exposed_port }} -j ACCEPT
|
||||
state: present
|
||||
|
@ -26,5 +26,17 @@
|
||||
dest: "{{ droneci_service_directory }}/{{ droneci_license_key | basename }}"
|
||||
mode: 0600
|
||||
when: droneci_license_key is defined
|
||||
|
||||
- name: Open ports in iptables
|
||||
iptables_raw:
|
||||
name: "{{ item.name }}"
|
||||
rules: "{{ item.rules }}"
|
||||
state: "{{ item.state | default('present') }}"
|
||||
weight: "{{ item.weight | default(omit) }}"
|
||||
table: "{{ item.table | default(omit) }}"
|
||||
with_items: "{{ droneci_open_ports }}"
|
||||
loop_control:
|
||||
label: "{{ item.name }}"
|
||||
when: droneci_iptables_enabled | bool
|
||||
become: True
|
||||
become_user: root
|
||||
|
Loading…
Reference in New Issue
Block a user