feat: allow to reach GitLab server with IPv6

3cf8c076 · Théo - Le Filament · c0979593 · 3cf8c076 · 3cf8c076
--- a/templates/ip6tables.conf.j2
+++ b/templates/ip6tables.conf.j2
@@ -40,6 +40,13 @@
 -A OUTPUT -p ipv6-icmp -j ACCEPT
 # SSH
 -A OUTPUT -p tcp -m tcp --dport 2222 -j ACCEPT
+{% for host in groups.gitlab | default([]) %}
+{% if hostvars[host].host_ipv6 is defined %}
+# GitLab {{ host }}
+-A OUTPUT -d {{ hostvars[host].host_ipv6 }} -p tcp -m tcp --dport 22 -j ACCEPT
+-A OUTPUT -d {{ hostvars[host].host_ipv6 }} -p tcp -m tcp --dport 5050 -j ACCEPT
+{% endif %}
+{% endfor %}
 # WEB
 -A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT
 -A OUTPUT -p tcp -m tcp --dport 443 -j ACCEPT

--- a/templates/iptables.conf.j2
+++ b/templates/iptables.conf.j2
@@ -76,9 +76,12 @@
 -A OUTPUT -p tcp -m tcp --dport 22 -j ACCEPT
 {% endif %}
 -A OUTPUT -p tcp -m tcp --dport {{ default_sshd_port }} -j ACCEPT
-{% for host in groups.gitlab | default([]) | union(groups.docker_gitlab | default([])) %}
+{% for host in groups.gitlab | default([]) %}
-A OUTPUT -d {{ hostvars[host].ansible_host }} -p tcp -m tcp --dport 22 -j ACCEPT
+{% if hostvars[host].host_ipv4 is defined %}
-A OUTPUT -d {{ hostvars[host].ansible_host }} -p tcp -m tcp --dport 5050 -j ACCEPT
+# GitLab {{ host }}
+-A OUTPUT -d {{ hostvars[host].host_ipv4 }} -p tcp -m tcp --dport 22 -j ACCEPT
+-A OUTPUT -d {{ hostvars[host].host_ipv4 }} -p tcp -m tcp --dport 5050 -j ACCEPT
+{% endif %}
 {% endfor %}
 # WEB
 -A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT