summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJan Dittberner <jandd@cacert.org>2020-05-15 16:53:35 +0200
committerJan Dittberner <jandd@cacert.org>2020-05-15 16:53:35 +0200
commitee94310d6b26955d5b448ccfc8e6ac7314a712b0 (patch)
tree1a61596e216cc76687b8c575f4eb1616c53100c9
parentea21eb590e523371052db4575efab6ae6a0baf9a (diff)
downloadcacert-puppet-ee94310d6b26955d5b448ccfc8e6ac7314a712b0.tar.gz
cacert-puppet-ee94310d6b26955d5b448ccfc8e6ac7314a712b0.tar.xz
cacert-puppet-ee94310d6b26955d5b448ccfc8e6ac7314a712b0.zip
Add ACL to allow nginx packages for wiki
- add ACL debnginx for packages.nginx.org - add ACL wiki for wiki source IP addresses - add ACL to allow access from wiki to debnginx - sort ACLs
-rw-r--r--hieradata/nodes/proxyout.yaml16
1 files changed, 10 insertions, 6 deletions
diff --git a/hieradata/nodes/proxyout.yaml b/hieradata/nodes/proxyout.yaml
index dbe0ca8..0d1a54f 100644
--- a/hieradata/nodes/proxyout.yaml
+++ b/hieradata/nodes/proxyout.yaml
@@ -5,13 +5,15 @@ profiles::base::admins:
- jandd
- law
profiles::squid::acls:
- - "blog src 172.16.2.13"
- "blog src 10.0.0.13"
- - "jenkins src 172.16.2.115"
+ - "blog src 172.16.2.13"
- "jenkins src 10.0.0.115"
+ - "jenkins src 172.16.2.115"
- "puppet src 172.16.2.10"
- "test src 172.16.2.248"
- "testmgr src 172.16.2.10"
+ - "wiki src 10.0.0.12"
+ - "wiki src 172.16.2.12"
- "cacert dstdomain .cacert.org"
- "debjenkins dstdomain archives.jenkins-ci.org"
- "debjenkins dstdomain ftp-chi.osuosl.org"
@@ -26,6 +28,7 @@ profiles::squid::acls:
- "debjenkins dstdomain prodjenkinsreleases.blob.core.windows.net"
- "debmariadb dstdomain mirror2.hs-esslingen.de"
- "debmirror dstdomain .debian.org"
+ - "debnginx dstdomain packages.nginx.org"
- "debpgsql dstdomain apt.postgresql.org"
- "debpuppet dstdomain apt.puppet.com"
- "debpuppet dstdomain apt.puppetlabs.com"
@@ -36,18 +39,19 @@ profiles::squid::acls:
- "rubygems dstdomain api.rubygems.org"
- "wordpress dstdomain .wordpress.org"
profiles::squid::http_access:
- - "allow blog wordpress"
- - "allow jenkins debjenkins"
- - "allow jenkins github"
- - "allow jenkins pypi"
- "allow localnet cacert"
- "allow localnet debmariadb"
- "allow localnet debmirror"
- "allow localnet debpuppet"
+ - "allow blog wordpress"
+ - "allow jenkins debjenkins"
+ - "allow jenkins github"
+ - "allow jenkins pypi"
- "allow puppet puppetforge"
- "allow puppet rubygems"
- "allow test github"
- "allow testmgr github"
+ - "allow wiki debnginx"
profiles::icinga2_agent::pki_ticket: >
ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEw
DQYJKoZIhvcNAQEBBQAEggEAm5KSv0YCITiy1Ksq18qTDh9IrErDZXBC+Uk5