35 lines
958 B
YAML
35 lines
958 B
YAML
---
|
|
- name: Get IP of Ansible controller
|
|
ansible.builtin.set_fact:
|
|
_ssh_client_ip: "{{ ansible_env.SSH_CLIENT.split(' ')[0] }}"
|
|
|
|
- name: Allow access from whitelist to tcp port 50000
|
|
community.general.ufw:
|
|
rule: allow
|
|
port: "50000"
|
|
src: "{{ item }}"
|
|
loop: "{{ ip_whitelist + [_ssh_client_ip, '127.0.0.1', '::1'] }}"
|
|
|
|
- name: Allow access from nodes to tcp port 50000
|
|
community.general.ufw:
|
|
rule: allow
|
|
port: "50000"
|
|
src: "{{ hostvars[talos_node].ansible_host }}"
|
|
loop: "{{ groups['cluster_' + cluster_name_short] }}"
|
|
loop_control:
|
|
loop_var: talos_node
|
|
|
|
- name: Allow access from nodes to tcp port 50001
|
|
community.general.ufw:
|
|
rule: allow
|
|
port: "50001"
|
|
src: "{{ hostvars[talos_node].ansible_host }}"
|
|
loop: "{{ groups['cluster_' + cluster_name_short] }}"
|
|
loop_control:
|
|
loop_var: talos_node
|
|
|
|
- name: Allow public access to tcp port 6443
|
|
community.general.ufw:
|
|
rule: allow
|
|
port: "6443"
|