]> git.friedersdorff.com Git - max/saltfiles.git/blobdiff - states/glocker/init.sls
projects / max / saltfiles.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Install glocker
[max/saltfiles.git] / states / glocker / init.sls
diff --git a/states/glocker/init.sls b/states/glocker/init.sls
new file mode 100644 (file)
index 0000000..a507491
--- /dev/null
+++ b/states/glocker/init.sls
@@ -0,0 +1,50 @@
+glocker chain:
+  iptables.chain_present:
+    - name: glocker
+    - table: filter
+
+accept glocker-except:
+  iptables.insert:
+    - table: filter
+    - chain: glocker
+    - jump: ACCEPT
+    - match-set: glocker-except dst
+    - position: 1
+
+allow uid 40000-50000:
+  iptables.insert:
+    - table: filter
+    - chain: glocker
+    - jump: ACCEPT
+    - match: owner
+    - uid-owner: 40000-50000
+    - position: 2
+
+reject glocker:
+  iptables.insert:
+    - table: filter
+    - chain: glocker
+    - jump: REJECT
+    - reject-with: icmp-port-unreachable
+    - match-set: glocker dst
+    - position: 3
+
+jump to glocker:
+  iptables.insert:
+    - table: filter
+    - chain: OUTPUT
+    - jump: glocker
+    - position: 1
+
+glocker cron job:
+  file.managed:
+    - name: /etc/cron.hourly/glocker
+    - source: salt://glocker/files/cronjob
+    - user: root
+    - group: root
+    - mode: 750
+
+ensure allowed_hosts file exists:
+  file.touch:
+    - name: /etc/glocker/allowed_hosts
+    - makedirs: True
Unnamed repository; edit this file 'description' to name the repository.