firewall: move from iptables to firewalld (nftables)

author: Johannes Stoelp <johannes.stoelp@gmail.com> 2023-01-03 14:35:21 +0100
committer: Johannes Stoelp <johannes.stoelp@gmail.com> 2023-01-03 14:35:21 +0100
commit: fc5551b90f4317ccdf2d8c6b6a331647d676e138 (patch)
tree: f7e7ca66df93062658580c8b2e1e243175c9d7e1 /roles/git/tasks/main.yml
parent: 80636776f6e811f4f1f5e4fe552661cd00ef23ca (diff)
download: ansible-memzero-fc5551b90f4317ccdf2d8c6b6a331647d676e138.tar.gz
ansible-memzero-fc5551b90f4317ccdf2d8c6b6a331647d676e138.zip
1 files changed, 6 insertions, 8 deletions
diff --git a/roles/git/tasks/main.yml b/roles/git/tasks/main.yml
index 131b971..2c69953 100644
--- a/roles/git/tasks/main.yml
+++ b/roles/git/tasks/main.yml
@@ -23,7 +23,7 @@
     image: gitolite-cgit
     network: "{{ NETWORK }}"
     ports:
-      - "2222:22"
+      - "8022:22"
     env:
       SSH_KEY: "{{ lookup('file', lookup('env', 'HOME') + '/.ssh/memzero.pub') }}"
     volumes:
@@ -33,13 +33,11 @@
   notify: Restart nginx
 
 - name: Open port for gitolite ssh port
-  ansible.builtin.iptables:
-    chain: INPUT
-    protocol: tcp
-    match: tcp
-    destination_port: 2222
-    jump: ACCEPT
-    comment: Accept gitolite SSH connections.
+  ansible.posix.firewalld:
+    port: 8022/tcp
+    permanent: yes
+    immediate: yes
+    state: enabled
   become: true
 
 - name: Build zola runner image
author	Johannes Stoelp <johannes.stoelp@gmail.com>	2023-01-03 14:35:21 +0100
committer	Johannes Stoelp <johannes.stoelp@gmail.com>	2023-01-03 14:35:21 +0100
commit	fc5551b90f4317ccdf2d8c6b6a331647d676e138 (patch)
tree	f7e7ca66df93062658580c8b2e1e243175c9d7e1 /roles/git/tasks/main.yml
parent	80636776f6e811f4f1f5e4fe552661cd00ef23ca (diff)
download	ansible-memzero-fc5551b90f4317ccdf2d8c6b6a331647d676e138.tar.gz ansible-memzero-fc5551b90f4317ccdf2d8c6b6a331647d676e138.zip