Commit 3a8cc451 authored by Nick Busey's avatar Nick Busey

iptables fix

parent 52eeb6c8
Pipeline #49189809 passed with stages
in 41 seconds
......@@ -3,6 +3,10 @@
* Added Inventario - Home Inventory Management Software
* Added Mashio - Home Brewery Management Software
* Added Homedash - Home Server Dashboard Software
* Added Airsonic - Airsonic is a free, web-based media streamer, providing ubiquitous access to your music.
* Added Bookstack - Simple & Free Wiki Software
* Added Jellyfin - The Free Software Media System
* Added openLDAP - Open Source LDAP Server
* Fixed various bugs
# 0.4
......
......@@ -44,7 +44,7 @@ If you have the latest version of Vagrant and Virtual Box setup you can demo thi
## Available Software
* [Aironic](https://airsonic.github.io/) - Airsonic is a free, web-based media streamer, providing ubiquitous access to your music.
* [Airsonic](https://airsonic.github.io/) - Airsonic is a free, web-based media streamer, providing ubiquitous access to your music.
* [Bitwarden](https://bitwarden.com/) - Password and secrets manager via [bitwarden-rs](https://github.com/dani-garcia/bitwarden_rs)
* [BookStack](https://www.bookstackapp.com/) - Simple & Free Wiki Software
* [BulletNotes](https://gitlab.com/NickBusey/BulletNotes.git) - Note taking application
......
......@@ -9,6 +9,8 @@ enable_tor: False
https_only: false
volumes_root: /var/homelabos
enable_apple_health_influx: False
enable_airsonic: False
enable_bitwarden: False
......@@ -27,6 +29,7 @@ enable_inventario: False
enable_jackett: False
enable_jellyfin: False
enable_kibitzr: False
enable_mailserver: False
enable_mashio: False
enable_matomo: False
enable_miniflux: False
......@@ -72,6 +75,7 @@ enabled_services:
jackett: "{{ enable_jackett }}"
jellyfin: "{{ enable_jellyfin }}"
kibitzr: "{{ enable_kibitzr }}"
mailserver: "{{ enable_mailserver }}"
mashio: "{{ enable_mashio }}"
matomo: "{{ enable_matomo }}"
miniflux: "{{ enable_miniflux }}"
......@@ -157,6 +161,7 @@ services:
- inventario
- jackett
- jellyfin
- mailserver
- mashio
- matomo
- miniflux
......
......@@ -7,7 +7,6 @@ networks:
name: homelabos_traefik
services:
# Password Manager
airsonic_web:
image: airsonic/airsonic
restart: unless-stopped
......
......@@ -116,6 +116,7 @@ s3_backup_password: {{s3_backup_password}}
# Example: 0 4 * * *
# Backup every day at 4:00 AM
s3_backup_cron: {{s3_backup_cron}}
s3_path: {{s3_path}}
# Home Assitant API Key
homeassistant_api_key: {{homeassistant_api_key}}
......
......@@ -113,4 +113,29 @@
lineinfile: dest=/etc/hosts regexp='.*{{ item }}$' line="{{ hostvars[item].vpn_ip }} {{item}}" state=present
when: hostvars[item].vpn_ip is defined
with_items: "{{ play_hosts }}"
# TODO: Clean this up to actually use the Ansible iptables module
# https://docs.ansible.com/ansible/latest/modules/iptables_module.html
- name: Enabled IP forwarding
shell: echo "1" > /proc/sys/net/ipv4/ip_forward
- shell: iptables -t nat -A PREROUTING -p tcp --dport 2222 -j DNAT --to-destination 10.0.0.1:22
- shell: iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 10.0.0.1:80
- shell: iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination 10.0.0.1:443
- shell: iptables -t nat -A PREROUTING -p tcp --dport 25 -j DNAT --to-destination 10.0.0.1:25
- shell: iptables -t nat -A PREROUTING -p tcp --dport 143 -j DNAT --to-destination 10.0.0.1:143
- shell: iptables -t nat -A PREROUTING -p tcp --dport 587 -j DNAT --to-destination 10.0.0.1:587
- shell: iptables -t nat -A PREROUTING -p tcp --dport 998 -j DNAT --to-destination 10.0.0.1:998
- shell: iptables -t nat -A PREROUTING -p tcp --dport 4190 -j DNAT --to-destination 10.0.0.1:4190
- shell: iptables -t nat -A POSTROUTING -j MASQUERADE
- name: Deploy mailserver services.
include_role:
name: "{{ service_item }}"
when: "enabled_services[service_item]"
loop:
- mailserver
loop_control:
loop_var: service_item
...
......@@ -40,7 +40,7 @@ services:
- "traefik.tor.port=80"
nextcloud_db:
image: mariadb:10.2
image: mariadb:10.4
networks:
- traefik_network
restart: unless-stopped
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment