sheppy/athq-vm-management
1
0
Fork 0
mirror of https://github.com/FAUSheppy/athq-vm-management synced 2025-12-06 05:41:35 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Compare commits

base: sheppy:adac0ed6a89d2171b0f786d85206493cda4b39d4
Branches Tags
sheppy:master
...
compare: sheppy:e5313bcf4ecf02eefa15d4516cf8af6d9af08997
Branches Tags
sheppy:master

3 Commits
adac0ed6a8 ... e5313bcf4e

Author SHA1 Message Date
Sheppy
e5313bcf4e add: current iptables 2024-11-23 18:31:27 +00:00
Sheppy
79f36ac23e fix: update host exlusion list 2024-11-23 18:30:48 +00:00
Sheppy
da24ff9b1e fix: double config in extra content 2024-11-23 17:04:40 +00:00
4 changed files with 36 additions and 5 deletions
Expand all files Collapse all files

17
helper_scripts/snapshot-backups.py
View File

@@ -85,14 +85,21 @@ if __name__ == "__main__":
# shut down VM # # shut down VM #
print("Next:", vm.name()) print("Next:", vm.name())
vm_skip_list = ["harbor-registry", "backup", "irc-new", #"kube1", vm_skip_list = ["harbor-registry", "backup", #"irc-new", #"kube1",
"kube2", "mail", "monitoring", "paperless", "kube2",
"prometheus", "signal", "steam-master", "zabbix", "kube1",
"git", "kathi", "usermanagement", "vpn", "ths", "nextcloud-athq"] #"mail",
"monitoring",
#"paperless",
"prometheus", "signal",
"steam-master", "zabbix",
"git",
#"kathi", "usermanagement", "vpn", "ths", "nextcloud-athq"
]
if vm.name() in vm_skip_list: if vm.name() in vm_skip_list:
continue continue
vm_white_list = ["kube1"] vm_white_list = []
if vm_white_list: if vm_white_list:
if not vm.name() in vm_white_list: if not vm.name() in vm_white_list:
continue continue

18
iptables/rules.v4 Normal file
View File

@@ -0,0 +1,18 @@
*filter
-A INPUT -p tcp -m tcp --dport 10050 -j DROP
-A FORWARD -d 159.69.136.222 -p tcp -m multiport --dports 26000:27000 -j ACCEPT
-A FORWARD -d 159.69.136.222 -p udp -m multiport --dports 26000:27000 -j ACCEPT
-A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
-A OUTPUT ! -s 159.69.136.222 -o eno1 -j REJECT --reject-with icmp-host-prohibited
-A INPUT -i eno1 -p tcp -m multiport --dports 5044,9200:9210,9300:9310 -j REJECT --reject-with icmp-host-prohibited
COMMIT
*nat
-A PREROUTING -i eno1 -p tcp -m multiport --dports 26000:27000 -j DNAT --to-destination 192.168.122.102
-A PREROUTING -i eno1 -p udp -m multiport --dports 26000:27000 -j DNAT --to-destination 192.168.122.102
-A POSTROUTING ! -o eno1 -p tcp -m multiport --dports 26000:27000 -d 192.168.122.102 -j SNAT --to-source 192.168.122.1
-A POSTROUTING ! -o eno1 -p tcp -m multiport --dports 26000:27000 -d 192.168.122.102 -j SNAT --to-source 192.168.122.1
COMMIT

4
iptables/rules.v6 Normal file
View File

@@ -0,0 +1,4 @@
*filter
-A INPUT -p tcp -m tcp --dport 10050 -j DROP
-A INPUT -i eno1 -p tcp -m multiport --dports 5044,9200:9210,9300:9310 -j REJECT
COMMIT

2
templates/nginx_stream_block.conf.j2
View File

@@ -4,8 +4,10 @@ server {
listen {{ portstring }} {% if udp %} udp {% endif %}{% if ssl %} ssl {% endif %}; listen {{ portstring }} {% if udp %} udp {% endif %}{% if ssl %} ssl {% endif %};
listen [::]:{{ portstring }} {% if udp %} udp {% endif %}{% if ssl %} ssl {% endif %}; listen [::]:{{ portstring }} {% if udp %} udp {% endif %}{% if ssl %} ssl {% endif %};
{% if not extra_content or not "proxy_timeout" in extra_content %}
proxy_timeout {{ proxy_timeout }}; proxy_timeout {{ proxy_timeout }};
proxy_responses 1; proxy_responses 1;
{% endif %}
{% if targetportoverwrite %} {% if targetportoverwrite %}
proxy_pass {{ targetip }}:{{ targetportoverwrite }}; proxy_pass {{ targetip }}:{{ targetportoverwrite }};