diff options
| author |  Johannes Christ <[email protected]> | 2024-05-01 10:19:43 +0200 |
|---|---|---|
| committer | jchristgit <[email protected]> | 2024-05-03 19:19:34 +0200 |
| commit | d803e0fa3c6e51139442508cf23c236967684069 (patch) | |
| tree | 43f48e9f785064e994e070b2c7974d1e66dd0de8 /ansible/group_vars | |
| parent | Remove old groups from Vagrant inventory (diff) | |
Set up database group for database hosts
Diffstat (limited to 'ansible/group_vars')
| -rw-r--r-- | ansible/group_vars/all/nftables.yml | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/ansible/group_vars/all/nftables.yml b/ansible/group_vars/all/nftables.yml index 0f1b8bb..eba3319 100644 --- a/ansible/group_vars/all/nftables.yml +++ b/ansible/group_vars/all/nftables.yml @@ -14,7 +14,7 @@ nftables_configuration: | } } - {% if inventory_hostname == 'lovelace' %} + {% if "databases" in group_names %} # Access control for database server set possible_lke_ipv4_addrs { type ipv4_addr @@ -60,7 +60,7 @@ nftables_configuration: | iifname {{ ansible_default_ipv6.interface }} udp dport {{ wireguard_port }} ct state new accept {% endif %} - {% if inventory_hostname == 'lovelace' %} + {% if "databases" in group_names %} # PostgreSQL connections iifname {{ ansible_default_ipv4.interface }} ip saddr @possible_lke_ipv4_addrs tcp dport postgresql ct state new accept {% if ansible_default_ipv6 is defined %} |