From fc5551b90f4317ccdf2d8c6b6a331647d676e138 Mon Sep 17 00:00:00 2001
From: Johannes Stoelp <johannes.stoelp@gmail.com>
Date: Tue, 3 Jan 2023 14:35:21 +0100
Subject: firewall: move from iptables to firewalld (nftables)

---
 roles/git/tasks/main.yml | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

(limited to 'roles/git/tasks')

diff --git a/roles/git/tasks/main.yml b/roles/git/tasks/main.yml
index 131b971..2c69953 100644
--- a/roles/git/tasks/main.yml
+++ b/roles/git/tasks/main.yml
@@ -23,7 +23,7 @@
     image: gitolite-cgit
     network: "{{ NETWORK }}"
     ports:
-      - "2222:22"
+      - "8022:22"
     env:
       SSH_KEY: "{{ lookup('file', lookup('env', 'HOME') + '/.ssh/memzero.pub') }}"
     volumes:
@@ -33,13 +33,11 @@
   notify: Restart nginx
 
 - name: Open port for gitolite ssh port
-  ansible.builtin.iptables:
-    chain: INPUT
-    protocol: tcp
-    match: tcp
-    destination_port: 2222
-    jump: ACCEPT
-    comment: Accept gitolite SSH connections.
+  ansible.posix.firewalld:
+    port: 8022/tcp
+    permanent: yes
+    immediate: yes
+    state: enabled
   become: true
 
 - name: Build zola runner image
-- 
cgit v1.2.3