bastian/deploy_home
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ca1a12ba603fc0711d58cc77469d09fe7c3be0c8
deploy_home/ansible/roles/podman/tasks/firewall.yml
Bastian de Byl c96aeafb3f feat: add git.skudak.com Gitea instance and skudak domain migrations 
Gitea Skudak (git.skudak.com):
- New Gitea instance with PostgreSQL in podman pod under git user
- SSH access via Gitea's built-in SSH server on port 2222
- Registration restricted to @skudak.com emails with email confirmation
- SMTP configured for email delivery

Domain migrations:
- wiki.skudakrennsport.com → wiki.skudak.com (302 redirect)
- cloud.skudakrennsport.com + cloud.skudak.com (dual-domain serving)
- BookStack APP_URL updated to wiki.skudak.com
- Nextcloud trusted_domains updated for cloud.skudak.com

Infrastructure:
- SELinux context for git user container storage (container_file_t)
- Firewall rule for port 2222/tcp (Gitea Skudak SSH)
- Caddy reverse proxy for git.skudak.com

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-15 22:27:02 -05:00

78 lines
1.4 KiB
YAML
Raw Blame History

---
- name: set required podman firewall rules
become: true
ansible.posix.firewalld:
port: "{{ item }}"
permanent: true
immediate: true
state: enabled
loop:
- "{{ syslog_udp_default }}/udp"
- "{{ syslog_udp_error }}/udp"
- "{{ syslog_udp_unifi }}/udp"
# web server (Caddy)
- 80/tcp
- 443/tcp
# Gitea Skudak SSH
- 2222/tcp
# pihole (unused?)
- 53/tcp
- 53/udp
# nosql/redis
- 6379/tcp
# ???
- 6875/tcp
# Satisfactory
- 7777/tcp
- 7777/udp
- 15000/udp
- 15000/tcp
- 15777/udp
- 15777/tcp
# Factorio
- 27015/tcp
- 34197/udp
# Zomboid
- 16261/udp
- 16262/udp
# crafty
- 8443/tcp
# minecraft
- 25565/tcp
- 25565/udp
notify: restart firewalld
tags: firewall
- name: unset non-required podman firewall rules
become: true
ansible.posix.firewalld:
port: "{{ item }}"
permanent: true
immediate: true
state: disabled
loop:
- 1153/tcp
- 1153/udp
- 2000/udp
- 2456/udp
- 2457/udp
- 9093/tcp
- 9092/tcp
- 9091/tcp
- 9091/udp
- 9092/udp
# cam2ip
- 56000/tcp
- 56000/udp
# Palworld
- 8211/udp
- 25575/udp
# bunkerweb waf test ports
- 1080/tcp
- 1443/tcp
- 7000/tcp
# gelf-proxy (removed - now using GELF HTTP via Caddy)
- 12201/udp
notify: restart firewalld
tags: firewall
Reference in New Issue View Git Blame Copy Permalink