From 143419bb5aafd7a671b3c532d7fad9c050e45741 Mon Sep 17 00:00:00 2001
From: jaseg <code@jaseg.net>
Date: Thu, 4 Apr 2019 20:08:46 +0900
Subject: Fix up clippy networking

---
 gerboweb/deploy/playbook.yml | 24 +++++++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

(limited to 'gerboweb/deploy/playbook.yml')

diff --git a/gerboweb/deploy/playbook.yml b/gerboweb/deploy/playbook.yml
index 60fe499..1c694d5 100644
--- a/gerboweb/deploy/playbook.yml
+++ b/gerboweb/deploy/playbook.yml
@@ -12,7 +12,7 @@
 
     - name: Install host requisites
       dnf:
-          name: nginx,uwsgi,python3-flask,python3-flask-wtf,uwsgi-plugin-python3,certbot,python3-certbot-nginx,libselinux-python,git
+          name: nginx,uwsgi,python3-flask,python3-flask-wtf,uwsgi-plugin-python3,certbot,python3-certbot-nginx,libselinux-python,git,iptables-services
           state: latest
 
     - name: Disable password-based root login
@@ -28,6 +28,28 @@
           state: restarted
       when: disable_root_pw_ssh is changed
 
+    - name: Create iptables firewall config dir
+      file:
+        path: /etc/iptables
+        state: directory
+        owner: root
+        group: root
+        mode: 0775
+
+    - name: Configure iptables firewall service
+      copy:
+        src: iptables.rules
+        dest: /etc/iptables/iptables.rules
+        owner: root
+        group: root
+        mode: 0664
+
+    - name: Enable iptables firewall service
+      systemd:
+        name: iptables
+        enabled: yes
+        state: started
+
     - name: Create containers
       include_tasks: setup_containers.yml
       vars:
-- 
cgit