diff --git a/group_vars/adm.yml b/group_vars/adm.yml index a49673c..e80e98c 100644 --- a/group_vars/adm.yml +++ b/group_vars/adm.yml @@ -5,4 +5,4 @@ datadisks: firewall_in: - {proto: tcp, port: 22, from: [172.20.20.0/22]} - {proto: tcp, port: 443, from: [172.20.20.0/22]} - - {proto: tcp, port: 4949, from: [172.20.20.0/22]} + - {proto: tcp, port: 9100, from: [172.20.20.0/22]} diff --git a/group_vars/backup.yml b/group_vars/backup.yml index ec4ea73..0b7f509 100644 --- a/group_vars/backup.yml +++ b/group_vars/backup.yml @@ -1,3 +1,4 @@ --- firewall_in: - {proto: tcp, port: 22, from: [172.20.20.0/22]} + - {proto: tcp, port: 9100, from: [172.20.20.0/22]} diff --git a/group_vars/collab.yml b/group_vars/collab.yml index a49673c..e80e98c 100644 --- a/group_vars/collab.yml +++ b/group_vars/collab.yml @@ -5,4 +5,4 @@ datadisks: firewall_in: - {proto: tcp, port: 22, from: [172.20.20.0/22]} - {proto: tcp, port: 443, from: [172.20.20.0/22]} - - {proto: tcp, port: 4949, from: [172.20.20.0/22]} + - {proto: tcp, port: 9100, from: [172.20.20.0/22]} diff --git a/group_vars/gitea.yml b/group_vars/gitea.yml index a49673c..e80e98c 100644 --- a/group_vars/gitea.yml +++ b/group_vars/gitea.yml @@ -5,4 +5,4 @@ datadisks: firewall_in: - {proto: tcp, port: 22, from: [172.20.20.0/22]} - {proto: tcp, port: 443, from: [172.20.20.0/22]} - - {proto: tcp, port: 4949, from: [172.20.20.0/22]} + - {proto: tcp, port: 9100, from: [172.20.20.0/22]} diff --git a/group_vars/gitearunner.yml b/group_vars/gitearunner.yml index c611eea..0b7f509 100644 --- a/group_vars/gitearunner.yml +++ b/group_vars/gitearunner.yml @@ -1,4 +1,4 @@ --- firewall_in: - {proto: tcp, port: 22, from: [172.20.20.0/22]} - - {proto: tcp, port: 4949, from: [172.20.20.0/22]} + - {proto: tcp, port: 9100, from: [172.20.20.0/22]} diff --git a/group_vars/homeassistant.yml b/group_vars/homeassistant.yml index 92e8f6a..d344ed1 100644 --- a/group_vars/homeassistant.yml +++ b/group_vars/homeassistant.yml @@ -4,4 +4,4 @@ datadisks: firewall_in: - {proto: tcp, port: 22, from: [172.20.20.0/22]} - {proto: tcp, port: 443, from: [172.20.20.0/22]} - - {proto: tcp, port: 4949, from: [172.20.20.0/22]} + - {proto: tcp, port: 9100, from: [172.20.20.0/22]} diff --git a/group_vars/influxdb.yml b/group_vars/influxdb.yml index fcdcc1b..be5bea6 100644 --- a/group_vars/influxdb.yml +++ b/group_vars/influxdb.yml @@ -5,4 +5,4 @@ datadisks: firewall_in: - {proto: tcp, port: 22, from: [172.20.20.0/22]} - {proto: tcp, port: 443, from: [172.20.20.0/22]} - - {proto: tcp, port: 4949, from: [172.20.20.0/22]} + - {proto: tcp, port: 9100, from: [172.20.20.0/22]} diff --git a/group_vars/ldap.yml b/group_vars/ldap.yml index 85b7b5c..1e3e573 100644 --- a/group_vars/ldap.yml +++ b/group_vars/ldap.yml @@ -4,4 +4,4 @@ saslauthd_mech: ldap firewall_in: - {proto: tcp, port: 22, from: [172.20.20.0/22]} - {proto: tcp, port: 636, from: [172.20.20.0/22]} - - {proto: tcp, port: 4949, from: [172.20.20.0/22]} + - {proto: tcp, port: 9100, from: [172.20.20.0/22]} diff --git a/group_vars/log.yml b/group_vars/log.yml index af1b495..00882e3 100644 --- a/group_vars/log.yml +++ b/group_vars/log.yml @@ -4,5 +4,5 @@ datadisks: firewall_in: - {proto: tcp, port: 22, from: [172.20.20.0/22]} - - {proto: tcp, port: 4949, from: [172.20.20.0/22]} + - {proto: tcp, port: 9100, from: [172.20.20.0/22]} - {proto: tcp, port: 6514} diff --git a/group_vars/mail.yml b/group_vars/mail.yml index de75efd..43e2603 100644 --- a/group_vars/mail.yml +++ b/group_vars/mail.yml @@ -10,4 +10,4 @@ firewall_in: - {proto: tcp, port: 465} - {proto: tcp, port: 587} - {proto: tcp, port: 993} - - {proto: tcp, port: 4949, from: [172.20.20.0/22]} + - {proto: tcp, port: 9100, from: [172.20.20.0/22]} diff --git a/group_vars/minecraft.yml b/group_vars/minecraft.yml index d87c715..a7ff2b1 100644 --- a/group_vars/minecraft.yml +++ b/group_vars/minecraft.yml @@ -4,6 +4,6 @@ datadisks: - {size: 100, type: nvme} firewall_in: - {proto: tcp, port: 22, from: [172.20.20.0/22]} - - {proto: tcp, port: 4949, from: [172.20.30.0/24]} + - {proto: tcp, port: 9100, from: [172.20.30.0/24]} - {proto: tcp, port: 25565, from: [172.20.30.0/24]} - {proto: udp, port: 25565, from: [172.20.30.0/24]} diff --git a/group_vars/mirror.yml b/group_vars/mirror.yml index 4ac63b1..9515b80 100644 --- a/group_vars/mirror.yml +++ b/group_vars/mirror.yml @@ -7,4 +7,4 @@ firewall_in: - {proto: tcp, port: 22, from: [172.20.20.0/22]} - {proto: tcp, port: 443, from: [172.20.20.0/22]} - {proto: tcp, port: 873, from: [172.20.20.0/22]} - - {proto: tcp, port: 4949, from: [172.20.20.0/22]} + - {proto: tcp, port: 9100, from: [172.20.20.0/22]} diff --git a/group_vars/mongodb.yml b/group_vars/mongodb.yml index e17dd45..656811d 100644 --- a/group_vars/mongodb.yml +++ b/group_vars/mongodb.yml @@ -4,3 +4,4 @@ datadisks: firewall_in: - {proto: tcp, port: 22, from: [172.20.20.0/22]} - {proto: tcp, port: 27017, from: [172.20.20.0/22]} + - {proto: tcp, port: 9100, from: [172.20.20.0/22]} diff --git a/group_vars/mqtt.yml b/group_vars/mqtt.yml index ec10fe7..e64ff98 100644 --- a/group_vars/mqtt.yml +++ b/group_vars/mqtt.yml @@ -3,5 +3,5 @@ firewall_in: - {proto: tcp, port: 22, from: [172.20.20.0/22]} - {proto: tcp, port: 443, from: [172.20.27.0/24]} - {proto: tcp, port: 1883, from: [172.20.27.0/24]} - - {proto: tcp, port: 4949, from: [172.20.20.0/22]} + - {proto: tcp, port: 9100, from: [172.20.20.0/22]} - {proto: tcp, port: 8883, from: [172.20.20.0/22, 172.20.27.0/24]} diff --git a/group_vars/nas.yml b/group_vars/nas.yml index 84be798..3cb95e1 100644 --- a/group_vars/nas.yml +++ b/group_vars/nas.yml @@ -9,4 +9,4 @@ firewall_in: - {proto: tcp, port: 22, from: [172.20.20.0/22]} - {proto: tcp, port: 2049, from: [172.20.20.0/22]} - {proto: tcp, port: 2049, from: [172.20.30.0/24]} - - {proto: tcp, port: 4949, from: [172.20.20.0/22]} + - {proto: tcp, port: 9100, from: [172.20.20.0/22]} diff --git a/group_vars/nms.yml b/group_vars/nms.yml index cbf2fdb..3ebd807 100644 --- a/group_vars/nms.yml +++ b/group_vars/nms.yml @@ -19,7 +19,7 @@ firewall_in: - {proto: udp, port: 123, from: [172.20.25.0/24]} - {proto: tcp, port: 443, from: [172.20.25.0/24]} - {proto: udp, port: 514, from: [172.20.25.0/24]} - - {proto: tcp, port: 4949, from: [172.20.20.0/22]} + - {proto: tcp, port: 9100, from: [172.20.20.0/22]} firewall_raw: - "-A INPUT -i eth1 -d 224.0.0.0/8 -j ACCEPT" - "-A INPUT -i eth1 -p vrrp -j ACCEPT" diff --git a/group_vars/ocinode.yml b/group_vars/ocinode.yml index 9945015..d87fa04 100644 --- a/group_vars/ocinode.yml +++ b/group_vars/ocinode.yml @@ -5,3 +5,4 @@ mem_size: 4192 firewall_in: - {proto: tcp, port: 22, from: [172.20.20.0/22]} - {proto: tcp, port: 443, from: [172.20.20.0/22]} + - {proto: tcp, port: 9100, from: [172.20.20.0/22]} diff --git a/group_vars/print.yml b/group_vars/print.yml index 7029178..2dbeb2c 100644 --- a/group_vars/print.yml +++ b/group_vars/print.yml @@ -14,7 +14,7 @@ firewall_in: - {proto: tcp, port: 53, from: [172.20.24.0/24]} - {proto: udp, port: 53, from: [172.20.24.0/24]} - {proto: tcp, port: 631, from: [172.20.20.0/22]} - - {proto: tcp, port: 4949, from: [172.20.20.0/22]} + - {proto: tcp, port: 9100, from: [172.20.20.0/22]} firewall_raw: - "-A INPUT -i eth1 -d 224.0.0.0/8 -j ACCEPT" - "-A INPUT -i eth1 -p vrrp -j ACCEPT" diff --git a/group_vars/proxy.yml b/group_vars/proxy.yml index 3966f13..ec6b4a8 100644 --- a/group_vars/proxy.yml +++ b/group_vars/proxy.yml @@ -48,4 +48,4 @@ firewall_in: - {proto: tcp, port: 22, from: [172.20.20.0/22]} - {proto: tcp, port: 80} - {proto: tcp, port: 443} - - {proto: tcp, port: 4949, from: [172.20.20.0/22]} + - {proto: tcp, port: 9100, from: [172.20.20.0/22]} diff --git a/group_vars/relay.yml b/group_vars/relay.yml index b48a3a2..f65b541 100644 --- a/group_vars/relay.yml +++ b/group_vars/relay.yml @@ -41,3 +41,4 @@ firewall_in: - {proto: tcp, port: 443} - {proto: tcp, port: 636} - {proto: tcp, port: 6514} + - {proto: tcp, port: 9100} diff --git a/group_vars/shell.yml b/group_vars/shell.yml index cefac15..2af3bb2 100644 --- a/group_vars/shell.yml +++ b/group_vars/shell.yml @@ -9,4 +9,4 @@ firewall_in: - {proto: tcp, port: 22} - {proto: tcp, port: 80} - {proto: tcp, port: 443} - - {proto: tcp, port: 4949, from: [81.175.130.44/32]} + - {proto: tcp, port: 9100, from: [81.175.130.44/32]} diff --git a/group_vars/sqldb.yml b/group_vars/sqldb.yml index df3c506..f2d2337 100644 --- a/group_vars/sqldb.yml +++ b/group_vars/sqldb.yml @@ -4,3 +4,4 @@ datadisks: firewall_in: - {proto: tcp, port: 22, from: [172.20.20.0/22]} - {proto: tcp, port: 3306, from: [172.20.20.0/22]} + - {proto: tcp, port: 9100, from: [172.20.20.0/22]} diff --git a/group_vars/static.yml b/group_vars/static.yml index 24c3e3a..a6636ac 100644 --- a/group_vars/static.yml +++ b/group_vars/static.yml @@ -2,4 +2,4 @@ firewall_in: - {proto: tcp, port: 22, from: [172.20.20.0/22]} - {proto: tcp, port: 443, from: [172.20.20.0/22]} - - {proto: tcp, port: 4949, from: [172.20.20.0/22]} + - {proto: tcp, port: 9100, from: [172.20.20.0/22]} diff --git a/group_vars/vmhost.yml b/group_vars/vmhost.yml index c611eea..0b7f509 100644 --- a/group_vars/vmhost.yml +++ b/group_vars/vmhost.yml @@ -1,4 +1,4 @@ --- firewall_in: - {proto: tcp, port: 22, from: [172.20.20.0/22]} - - {proto: tcp, port: 4949, from: [172.20.20.0/22]} + - {proto: tcp, port: 9100, from: [172.20.20.0/22]} diff --git a/group_vars/zm.yml b/group_vars/zm.yml index 4da1f4f..03177dc 100644 --- a/group_vars/zm.yml +++ b/group_vars/zm.yml @@ -17,7 +17,7 @@ dhcpd_template: dhcpd.conf.cam.j2 firewall_in: - {proto: tcp, port: 22, from: [172.20.20.0/22]} - {proto: tcp, port: 443, from: [172.20.20.0/22]} - - {proto: tcp, port: 4949, from: [172.20.20.0/22]} + - {proto: tcp, port: 9100, from: [172.20.20.0/22]} firewall_raw: - "-A INPUT -i eth1 -d 224.0.0.0/8 -j ACCEPT" - "-A INPUT -i eth1 -p vrrp -j ACCEPT" diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml index 5281333..7bec34b 100644 --- a/roles/base/tasks/main.yml +++ b/roles/base/tasks/main.yml @@ -48,6 +48,7 @@ - pki - psacct - sshd + - node_exporter loop_control: loop_var: role diff --git a/roles/pf/files/pf.conf.gw_fsol b/roles/pf/files/pf.conf.gw_fsol index c6bfb1b..48215c0 100644 --- a/roles/pf/files/pf.conf.gw_fsol +++ b/roles/pf/files/pf.conf.gw_fsol @@ -30,9 +30,9 @@ pass quick inet6 proto icmp6 antispoof for lo0 antispoof for vio0 -# admin connection and munin (internal) +# admin connection and node_exporter (internal) pass in quick on $int_if proto tcp from $int_net to self port ssh keep state (no-sync) -pass in quick on $int_if proto tcp from $int_net to self port 4949 keep state (no-sync) +pass in quick on $int_if proto tcp from $int_net to self port 9100 keep state (no-sync) # internal network block in quick from any to self diff --git a/roles/pf/files/pf.conf.gw_home b/roles/pf/files/pf.conf.gw_home index a71029d..9dd3095 100644 --- a/roles/pf/files/pf.conf.gw_home +++ b/roles/pf/files/pf.conf.gw_home @@ -45,8 +45,8 @@ pass in quick on $ext_if proto tcp from 37.35.86.64/29 to self port ssh pass in quick on $ext_if proto tcp from 37.16.96.144/28 to self port ssh pass in quick on $ext_if proto tcp from 81.175.155.142/32 to self port ssh -# munin from internal network -pass in quick on $int_if proto tcp from $int_net to self port 4949 +# node_exporter from internal network +pass in quick on $int_if proto tcp from $int_net to self port 9100 # allow dns queries from internal net pass in quick on $int_if proto { tcp, udp } from $int_net to self port domain