Add firewall rule to allow access to Redis on Zerotier network

2023-06-20 15:19:34 +02:00
parent 76a952dbac
commit b19fca6e7c
5 changed files with 33 additions and 1 deletions
--- a/site-cookbooks/kosmos_redis/metadata.rb
+++ b/site-cookbooks/kosmos_redis/metadata.rb
@@ -8,3 +8,4 @@ version          '0.2.0'

 depends 'redisio'
 depends 'backup'
+depends 'kosmos-base'
--- a/site-cookbooks/kosmos_redis/recipes/default.rb
+++ b/site-cookbooks/kosmos_redis/recipes/default.rb
@@ -7,6 +7,8 @@ include_recipe 'redisio::default'
 include_recipe 'redisio::enable'

 unless node.chef_environment == "development"
+  include_recipe "kosmos_redis::firewall"
+
  # Backup the databases to S3
  databases = node['redisio']['servers'].map do |server, _|
    "dump-#{server['port']}"
--- a/site-cookbooks/kosmos_redis/recipes/firewall.rb
+++ b/site-cookbooks/kosmos_redis/recipes/firewall.rb
@@ -0,0 +1,17 @@
+#
+# Cookbook Name:: kosmos_redis
+# Recipe:: firewall
+#
+
+include_recipe "kosmos-base::firewall"
+
+ports = node['redisio']['servers'].map do |server, _|
+  server['port']
+end
+
+firewall_rule "redis" do
+  port     ports
+  source   "10.1.1.0/24" # zerotier
+  protocol :tcp
+  command  :allow
+end