diff options
author | Jan Dittberner <jandd@cacert.org> | 2020-05-15 16:53:35 +0200 |
---|---|---|
committer | Jan Dittberner <jandd@cacert.org> | 2020-05-15 16:53:35 +0200 |
commit | ee94310d6b26955d5b448ccfc8e6ac7314a712b0 (patch) | |
tree | 1a61596e216cc76687b8c575f4eb1616c53100c9 /hieradata | |
parent | ea21eb590e523371052db4575efab6ae6a0baf9a (diff) | |
download | cacert-puppet-ee94310d6b26955d5b448ccfc8e6ac7314a712b0.tar.gz cacert-puppet-ee94310d6b26955d5b448ccfc8e6ac7314a712b0.tar.xz cacert-puppet-ee94310d6b26955d5b448ccfc8e6ac7314a712b0.zip |
Add ACL to allow nginx packages for wiki
- add ACL debnginx for packages.nginx.org
- add ACL wiki for wiki source IP addresses
- add ACL to allow access from wiki to debnginx
- sort ACLs
Diffstat (limited to 'hieradata')
-rw-r--r-- | hieradata/nodes/proxyout.yaml | 16 |
1 files changed, 10 insertions, 6 deletions
diff --git a/hieradata/nodes/proxyout.yaml b/hieradata/nodes/proxyout.yaml index dbe0ca8..0d1a54f 100644 --- a/hieradata/nodes/proxyout.yaml +++ b/hieradata/nodes/proxyout.yaml @@ -5,13 +5,15 @@ profiles::base::admins: - jandd - law profiles::squid::acls: - - "blog src 172.16.2.13" - "blog src 10.0.0.13" - - "jenkins src 172.16.2.115" + - "blog src 172.16.2.13" - "jenkins src 10.0.0.115" + - "jenkins src 172.16.2.115" - "puppet src 172.16.2.10" - "test src 172.16.2.248" - "testmgr src 172.16.2.10" + - "wiki src 10.0.0.12" + - "wiki src 172.16.2.12" - "cacert dstdomain .cacert.org" - "debjenkins dstdomain archives.jenkins-ci.org" - "debjenkins dstdomain ftp-chi.osuosl.org" @@ -26,6 +28,7 @@ profiles::squid::acls: - "debjenkins dstdomain prodjenkinsreleases.blob.core.windows.net" - "debmariadb dstdomain mirror2.hs-esslingen.de" - "debmirror dstdomain .debian.org" + - "debnginx dstdomain packages.nginx.org" - "debpgsql dstdomain apt.postgresql.org" - "debpuppet dstdomain apt.puppet.com" - "debpuppet dstdomain apt.puppetlabs.com" @@ -36,18 +39,19 @@ profiles::squid::acls: - "rubygems dstdomain api.rubygems.org" - "wordpress dstdomain .wordpress.org" profiles::squid::http_access: - - "allow blog wordpress" - - "allow jenkins debjenkins" - - "allow jenkins github" - - "allow jenkins pypi" - "allow localnet cacert" - "allow localnet debmariadb" - "allow localnet debmirror" - "allow localnet debpuppet" + - "allow blog wordpress" + - "allow jenkins debjenkins" + - "allow jenkins github" + - "allow jenkins pypi" - "allow puppet puppetforge" - "allow puppet rubygems" - "allow test github" - "allow testmgr github" + - "allow wiki debnginx" profiles::icinga2_agent::pki_ticket: > ENC[PKCS7,MIIBmQYJKoZIhvcNAQcDoIIBijCCAYYCAQAxggEhMIIBHQIBADAFMAACAQEw DQYJKoZIhvcNAQEBBQAEggEAm5KSv0YCITiy1Ksq18qTDh9IrErDZXBC+Uk5 |