commit 85d013bd4cfd60ebbab428d7097cf42a547cd5b1
parent b7ed73a4e7f5af81d406adcb7e0bc039a19709f3
Author: Paco Esteban <paco@e1e0.net>
Date: Tue, 21 Apr 2020 20:09:48 +0200
jitsi playbook: allow ssh only to my ip range
Diffstat:
1 file changed, 8 insertions(+), 6 deletions(-)
diff --git a/jitsi.yml b/jitsi.yml
@@ -60,10 +60,7 @@
path: /etc/ssh/sshd_config
regexp: '^PermitRootLogin'
line: PermitRootLogin prohibit-password
- - name: restart sshd
- service:
- name: sshd
- state: restarted
+ notify: restart sshd
- name: nginx should be there first
package:
name: nginx
@@ -73,12 +70,17 @@
package:
name: ufw
state: present
- - name: allow ssh
+ - name: allow ssh only for me
+ ufw:
+ rule: allow
+ port: '22'
+ proto: tcp
+ src: 2001:470:c980::/48
+ - name: allow nginx stuff
ufw:
rule: allow
name: "{{ item }}"
with_items:
- - OpenSSH
- "Nginx Full"
- name: allow udp ports
ufw:
