kosmos/chef
8
3
Fork 0
Code Issues 34 Pull Requests 3 Projects 2 Activity

Store Gitea data (avatars, attachments, etc.) in Garage/S3

Browse Source 
Also adds a new garage gateway role, which only allows RPC (inter-node)
traffic to Garage.
This commit is contained in:
Râu Cao
2022-11-26 13:05:07 +01:00
parent 9a89af0fe3
commit e0fb84e56c
12 changed files with 138 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
site-cookbooks/kosmos_garage/recipes/firewall.rb → site-cookbooks/kosmos_garage/recipes/firewall_apis.rb
View File

@@ -7,13 +7,6 @@ firewall_rule 'garage_s3_api' do
port node['garage']['s3_api_port']
end
firewall_rule 'garage_rpc' do
command :allow
protocol :tcp
source "10.1.1.0/24"
port node['garage']['rpc_port']
end
firewall_rule 'garage_s3_web' do
command :allow
protocol :tcp
@@ -28,9 +21,14 @@ firewall_rule 'garage_admin' do
port node['garage']['admin_port']
end
firewall_rule 'garage_k2v_api' do
command :allow
protocol :tcp
source "10.1.1.0/24"
port node['garage']['k2v_api_port']
end
# K2V is currently disabled by default in release
# builds, but may be interesting for RS usage:
#
# https://garagehq.deuxfleurs.fr/documentation/reference-manual/k2v/
#
# firewall_rule 'garage_k2v_api' do
# command :allow
# protocol :tcp
# source "10.1.1.0/24"
# port node['garage']['k2v_api_port']
# end

8
site-cookbooks/kosmos_garage/recipes/firewall_rpc.rb Normal file
View File

@@ -0,0 +1,8 @@
include_recipe 'firewall'
firewall_rule 'garage_rpc' do
command :allow
protocol :tcp
source "10.1.1.0/24"
port node['garage']['rpc_port']
end