From 6a7cfa3ec7c48fdcd9f3d52f051e51adc8fc795e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A9mi=20-=20Le=20Filament?= <remi@le-filament.com>
Date: Thu, 10 Jun 2021 05:12:39 +0200
Subject: [PATCH] Add GitLab

---
 templates/iptables.conf.j2 | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/templates/iptables.conf.j2 b/templates/iptables.conf.j2
index 2f2e449..275617c 100644
--- a/templates/iptables.conf.j2
+++ b/templates/iptables.conf.j2
@@ -27,8 +27,13 @@
 {% endif %}
 # SSH
 -A INPUT -p tcp -m tcp --dport {{ default_sshd_port }} -j ACCEPT
+{% if inventory_hostname in groups.gitlab %}
+-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
+# REGISTRY
+-A INPUT -p tcp -m tcp --dport 5050 -j ACCEPT
+{% endif %}
 # WEB
-{% if inventory_hostname in groups.odoo_server or inventory_hostname in groups.owncloud_server %}
+{% if inventory_hostname in groups.odoo_server | union(groups.owncloud_server) | union(groups.gitlab) %}
 -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
 -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
 {% endif %}
@@ -67,6 +72,10 @@
 -A OUTPUT -p tcp -m tcp --dport 22 -j ACCEPT
 {% endif %}
 -A OUTPUT -p tcp -m tcp --dport {{ default_sshd_port }} -j ACCEPT
+{% for host in groups.gitlab | union(groups.docker_gitlab) %}
+-A OUTPUT -d {{ hostvars[host].ansible_host }} -p tcp -m tcp --dport 22 -j ACCEPT
+-A OUTPUT -d {{ hostvars[host].ansible_host }} -p tcp -m tcp --dport 5050 -j ACCEPT
+{% endfor %}
 # WEB
 -A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT
 -A OUTPUT -p tcp -m tcp --dport 443 -j ACCEPT
@@ -96,7 +105,7 @@
 # IMAP
 -A OUTPUT -p tcp -m tcp --dport 993 -j ACCEPT
 {% endif %}
-{% if inventory_hostname in groups.docker_nagios %}
+{% if inventory_hostname in groups.nagios %}
 # NRPE
 -A OUTPUT -p tcp -m tcp --dport 5666 -j ACCEPT
 {% endif %}
-- 
GitLab