dns: Add tor + firewall: Allow ntp + SSH

2025-09-25 20:55:08 +02:00 · 2025-09-25 20:55:08 +02:00 · b4a67dd645
commit b4a67dd645
parent b184ce96dc
2 changed files with 19 additions and 1 deletions
--- a/group_vars/infra/firewall.yml
+++ b/group_vars/infra/firewall.yml
@ -135,6 +135,10 @@ firewall__zones:
    addrs:
      - 2a09:6840:206::1:7
      - 10.206.1.7
+  tor.pub:
+    addrs:
+      - 45.66.111.215
+      - 2a09:6840:215::1:215

 firewall__input:
  - iif:
@ -297,7 +301,9 @@ firewall__forward:
        dport: 53
    verdict: accept
  # Allow NTP from infra to ntp-{1,2} 
-  - src: infra
+  - src: 
+      - infra
+      - pub
    dst: ntp.int
    protocols:
      udp:
@ -360,6 +366,14 @@ firewall__forward:
          - 80
          - 443
    verdict: accept
+  # Tor: SSH
+  - dst: tor.pub
+    protocols:
+      tcp:
+        dport: 
+          - 22
+          - 4444
+    verdict: accept

 firewall__nat:
  - src: 10.0.0.0/8
--- a/host_vars/ns-master.int.infra.auro.re/knotd.yml
+++ b/host_vars/ns-master.int.infra.auro.re/knotd.yml
@ -351,6 +351,10 @@ knotd__hosts:
      - 92.222.211.194
    tor.pub:
      - 45.66.111.215
+      - 2a09:6840:215::1:215
+    jitsi.pub:
+      - 45.66.111.216
+      - 2a09:6840:215::1:216

 knotd__zones:
  auro.re: