saltbox
/
states
2
0
Fork 1
Code Issues Pull Requests Releases Wiki Activity
Browse Source

whoops

master
Sean Johnson 1 year ago
parent
005acd21c2
commit
edb2594eb0
20 changed files with 153 additions and 620 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 15
      ci/pipeline.yml
  2. 46
      fwrules/chains/concourse_worker.sls
  3. 76
      fwrules/chains/docker_ingress.sls
  4. 86
      fwrules/chains/elasticsearch_cluster_private.sls
  5. 23
      fwrules/chains/elasticsearch_exporter_private.sls
  6. 38
      fwrules/chains/http_public.sls
  7. 8
      fwrules/chains/init.sls
  8. 36
      fwrules/chains/management.sls
  9. 42
      fwrules/chains/matrix_public.sls
  10. 23
      fwrules/chains/node_exporter_private.sls
  11. 46
      fwrules/chains/salt_private.sls
  12. 41
      fwrules/chains/ssh_private.sls
  13. 9
      fwrules/chains/usc2_privnet.sls
  14. 37
      fwrules/chains/vault_private.sls
  15. 7
      fwrules/ipsets/init.sls
  16. 43
      fwrules/ipsets/management.sls
  17. 22
      fwrules/ipsets/minions.sls
  18. 22
      fwrules/ipsets/scrapers.sls
  19. 103
      fwrules/templates/chains.nft.j2
  20. 50
      fwrules/templates/sets.nft.j2

15
ci/pipeline.yml
Unescape View File

@ -67,21 +67,6 @@ jobs:
- set_pipeline: self
file: metadata/pipeline.yml
- name: "kitchen-integration-debian"
serial_groups: [kitchen]
public: true
plan:
- get: commons
- get: states
trigger: true
- task: "run-kitchen-integration-debian"
file: (( grab meta.tasks.kitchen ))
privileged: true
params:
PLATFORM: debian
input_mapping:
formula: states
- name: update-states
public: false
plan:

46
fwrules/chains/concourse_worker.sls
Unescape View File

@ -1,46 +0,0 @@
---
{% set chain = "concourse_worker" %}
{% set families = [
("ipv4", ["107.155.67.64/29"]),
("ipv6", ["2604:880:396::/48"]),
] %}
{% set ports = [
("ssh", 22, "tcp"),
("concourse-atc", 7777, "tcp"),
("concourse-baggageclaim", 7778, "tcp"),
] %}
{% for family, addresses in families %}
{{ chain }} {{ family }} chain:
iptables.chain_present:
- name: {{ chain }}
- family: {{ family }}
- require:
- pkg: iptables
{{ chain }} {{ family }} input:
iptables.append:
- table: filter
- family: {{ family }}
- chain: CHAINS
- jump: {{ chain }}
- require:
- iptables: {{ chain }} {{ family }} chain
{% for protocol, port, transport in ports %}
{{ family }} {{ protocol }} {{ port }}:
iptables.append:
- table: filter
- family: {{ family }}
- chain: {{ chain }}
- source: {{ addresses | join(",") }}
- protocol: {{ transport }}
- match: {{ transport }}
- dport: {{ port }}
- jump: ACCEPT
- require:
- iptables: {{ chain }} {{ family }} input
{% endfor %}
{% endfor %}

76
fwrules/chains/docker_ingress.sls
Unescape View File

@ -1,76 +0,0 @@
---
include:
- fwrules.ipsets.management
- fwrules.ipsets.minions
{% set chain_name = "INGRESS" %}
{# [ (service, port, transport, sources), ... ] #}
{% set ports = [
("factorio-game", 34197, "udp", {"ipv4": ["0.0.0.0/0"], "ipv6": ["::/0"]}),
("factorio-rcon", 27017, "tcp", {"ipv4": ["set:management"], "ipv6": ["set:management"]}),
("mqtt-tcp", 1883, "tcp", {"ipv4": ["set:management"], "ipv6": ["set:management"]}),
("mqtt-ws", 1884, "tcp", {"ipv4": ["set:management"], "ipv6": ["set:management"]}),
("mqtts-tcp", 4883, "tcp", {"ipv4": ["0.0.0.0/0"], "ipv6": ["::/0"]}),
("mqtts-ws", 4884, "tcp", {"ipv4": ["0.0.0.0/0"], "ipv6": ["::/0"]}),
("icecast-direct", 9090, "tcp", {"ipv4": ["set:management"], "ipv6": ["set:management"]}),
("unifi-http", 8080, "tcp", {"ipv4": ["0.0.0.0/0"], "ipv6": ["::/0"]}),
("unifi-https", 8443, "tcp", {"ipv4": ["set:management"], "ipv6": ["set:management"]}),
("unifi-portal-http", 8880, "tcp", {"ipv4": ["set:management"], "ipv6": ["set:management"]}),
("unifi-portal-https", 8843, "tcp", {"ipv4": ["set:management"], "ipv6": ["set:management"]}),
("unifi-speed", 6789, "tcp", {"ipv4": ["set:management"], "ipv6": ["set:management"]}),
("unifi-stun", 3478, "udp", {"ipv4": ["set:management"], "ipv6": ["set:management"]}),
] %}
{% for family in ["ipv4", "ipv6"] %}
{{ chain_name }} {{ family }}:
iptables.chain_present:
- name: {{ chain_name }}
- family: {{ family }}
{% for service, port, transport, sources in ports %}
{% set addresses, ipsets = salt["minion_net.split_ips_ipsets"](sources.get(family, [])) %}
{% for ipset in ipsets %}
{% set set_name = "{}-{}".format(ipset, family) %}
{{ chain_name }} {{ family }} {{ transport }} {{ service }} {{ ipset }}:
iptables.append:
- table: filter
- family: {{ family }}
- chain: {{ chain_name }}
- protocol: {{ transport }}
- match: {{ ["set", transport] | tojson }}
- set: {{ set_name }} src
- dport: {{ port }}
- jump: ACCEPT
- require:
- iptables: {{ chain_name }} {{ family }}
{% endfor %}
{% if addresses %}
{{ chain_name }} {{ family }} {{ transport }} {{ service }} addresses:
iptables.append:
- table: filter
- family: {{ family }}
- chain: {{ chain_name }}
- protocol: {{ transport }}
- match: {{ transport }}
- source: {{ addresses | join(",") }}
- dport: {{ port }}
- jump: ACCEPT
- require:
- iptables: {{ chain_name }} {{ family }}
{% endif %}
{% endfor %}
{% endfor %}
{% for family in ["ipv4", "ipv6"] %}
CHAINS entry {{ chain_name }} {{ family }}:
iptables.append:
- table: filter
- family: {{ family }}
- chain: CHAINS
- jump: {{ chain_name }}
- require:
- iptables: {{ chain_name }} {{ family }}
{% endfor %}

86
fwrules/chains/elasticsearch_cluster_private.sls
Unescape View File

@ -1,86 +0,0 @@
---
include:
- fwrules.ipsets.minions
elasticsearch_private ipv4 chain:
iptables.chain_present:
- name: elasticsearch_private
- family: ipv4
elasticsearch_private ipv4 input:
iptables.append:
- table: filter
- family: ipv4
- chain: CHAINS
- jump: elasticsearch_private
- require:
- iptables: elasticsearch_private ipv4 chain
elasticsearch_private ipv6 chain:
iptables.chain_present:
- name: elasticsearch_private
- family: ipv6
elasticsearch_private ipv6 input:
iptables.append:
- table: filter
- family: ipv6
- chain: CHAINS
- jump: elasticsearch_private
- require:
- iptables: elasticsearch_private ipv6 chain
es-ingest ipv4:
iptables.append:
- table: filter
- family: ipv4
- chain: elasticsearch_private
- source: "10.1.0.0/24"
- protocol: tcp
- match: tcp
- dport: 9200
- jump: ACCEPT
- require:
- iptables: elasticsearch_private ipv4 chain
es-transport ipv4:
iptables.append:
- table: filter
- family: ipv4
- chain: elasticsearch_private
- source: "10.1.0.0/24"
- protocol: tcp
- match: tcp
- dport: 9300
- jump: ACCEPT
- require:
- iptables: elasticsearch_private ipv4 chain
es-ingest ipv4 ipset:
iptables.append:
- table: filter
- family: ipv4
- chain: elasticsearch_private
- match: [set, tcp]
- set: minions-ipv4 src
- protocol: tcp
- dport: 9200
- jump: ACCEPT
- require:
- iptables: elasticsearch_private ipv4 chain
- ipset: ipv4 minions
es-ingest ipv6 ipset:
iptables.append:
- table: filter
- family: ipv6
- chain: elasticsearch_private
- match: [set, tcp]
- set: minions-ipv6 src
- protocol: tcp
- dport: 9200
- jump: ACCEPT
- require:
- iptables: elasticsearch_private ipv6 chain
- ipset: ipv6 minions

23
fwrules/chains/elasticsearch_exporter_private.sls
Unescape View File

@ -1,23 +0,0 @@
---
include:
- fwrules.ipsets.scrapers
{% set ipset = "scrapers" %}
{% for family in ["ipv4", "ipv6"] %}
{% set setname = ipset ~ "-" ~ family %}
es-exporter {{ ipset }} {{ family }} accept:
iptables.append:
- table: filter
- family: {{ family }}
- chain: EXPORTERS
- protocol: tcp
- set: {{ setname }} src
- match: [set, tcp]
- dport: 9114
- jump: ACCEPT
- require:
- iptables: {{ family }} EXPORTERS chain
- ipset: {{ family }} {{ ipset }}
{% endfor %}

38
fwrules/chains/http_public.sls
Unescape View File

@ -1,38 +0,0 @@
---
{% set chain = "http_public" %}
{% set families = [
("ipv4", ["0.0.0.0/0"]),
("ipv6", ["::/0"]),
] %}
{% set ports = [
("http", 80, "tcp"),
("https", 443, "tcp"),
] %}
{% for family, addresses in families %}
{{ chain }} {{ family }} chain:
iptables.chain_present:
- name: {{ chain }}
- family: {{ family }}
{{ chain }} {{ family }} input:
iptables.append:
- table: filter
- family: {{ family }}
- chain: CHAINS
- jump: {{ chain }}
{% for protocol, port, transport in ports %}
{{ chain }} {{ family }} {{ protocol }} {{ transport }}:
iptables.append:
- table: filter
- family: {{ family }}
- chain: {{ chain }}
- source: {{ addresses | join(",") }}
- protocol: {{ transport }}
- match: {{ transport }}
- dport: {{ port }}
- jump: ACCEPT
{% endfor %}
{% endfor %}

8
fwrules/chains/init.sls
Unescape View File

@ -1,8 +0,0 @@
---
{% from "fwrules/map.jinja" import firewall with context -%}
include:
{% for chain in firewall.get("chains", []) %}
- {{ "fwrules.chains." ~ chain }}
{% endfor %}

36
fwrules/chains/management.sls
Unescape View File

@ -1,36 +0,0 @@
---
include:
- fwrules.ipsets.management
{% set ipset = "management" %}
{% set chain = "management" %}
{% for family in ["ipv4", "ipv6"] %}
{{ family }} {{ chain }} chain:
iptables.chain_present:
- name: {{ chain }}
- family: {{ family }}
{{ family }} {{ chain }} CHAINS entry:
iptables.append:
- table: filter
- family: {{ family }}
- chain: CHAINS
- jump: {{ chain }}
- require:
- iptables: {{ family }} {{ chain }} chain
{% set setname = ipset ~ "-" ~ family %}
{{ ipset }} {{ family }} accept:
iptables.append:
- table: filter
- family: {{ family }}
- chain: {{ chain }}
- set: {{ setname }} src
- match: set
- jump: ACCEPT
- require:
- ipset: {{ family }} {{ ipset }}
- iptables: {{ family }} {{ chain }} chain
{% endfor %}

42
fwrules/chains/matrix_public.sls
Unescape View File

@ -1,42 +0,0 @@
---
{% set chain = "matrix" %}
{% set families = [
("ipv4", ["0.0.0.0/0"]),
("ipv6", ["::/0"]),
] %}
{% set ports = [
("matrix-server", 8448, "tcp"),
("coturn-tls", 5349, "tcp"),
("coturn-tls", 5349, "udp"),
("coturn-alt", 5349, "tcp"),
("coturn-alt", 5349, "udp"),
("coturn-relay", "49152:65535", "udp"),
] %}
{% for family, addresses in families %}
{{ chain }} {{ family }} chain:
iptables.chain_present:
- name: {{ chain }}
- family: {{ family }}
{{ chain }} {{ family }} input:
iptables.append:
- table: filter
- family: {{ family }}
- chain: CHAINS
- jump: {{ chain }}
{% for protocol, port, transport in ports %}
{{ chain }} {{ family }} {{ protocol }} {{ transport }}:
iptables.append:
- table: filter
- family: {{ family }}
- chain: {{ chain }}
- source: {{ addresses | join(",") }}
- protocol: {{ transport }}
- match: {{ transport }}
- dport: {{ port }}
- jump: ACCEPT
{% endfor %}
{% endfor %}

23
fwrules/chains/node_exporter_private.sls
Unescape View File

@ -1,23 +0,0 @@
---
include:
- fwrules.ipsets.scrapers
{% set ipset = "scrapers" %}
{% for family in ["ipv4", "ipv6"] %}
{% set setname = ipset ~ "-" ~ family %}
node_exporter {{ ipset }} {{ family }} accept:
iptables.append:
- table: filter
- family: {{ family }}
- chain: EXPORTERS
- protocol: tcp
- set: {{ setname }} src
- match: [set, tcp]
- dport: 9100
- jump: ACCEPT
- require:
- ipset: {{ family }} {{ ipset }}
- iptables: {{ family }} EXPORTERS chain
{% endfor %}

46
fwrules/chains/salt_private.sls
Unescape View File

@ -1,46 +0,0 @@
---
include:
- fwrules.ipsets.minions
{% set ipset = "minions" %}
{% set chain = "salt_comm" %}
{% set ports = [
("grainsrv", 443, "tcp"),
("salt-publish", 4505, "tcp"),
("salt-return", 4506, "tcp"),
("salt-api", 8000, "tcp"),
] %}
{% for family in ["ipv4", "ipv6"] %}
{{ family }} {{ chain }} chain:
iptables.chain_present:
- name: {{ chain }}
- family: {{ family }}
{{ family }} {{ chain }} CHAINS input:
iptables.append:
- table: filter
- family: {{ family }}
- chain: CHAINS
- jump: {{ chain }}
- require:
- iptables: {{ family }} {{ chain }} chain
{% set setname = ipset ~ "-" ~ family %}
{% for protocol, port, transport in ports %}
salt {{ ipset }} {{ family }} {{ protocol }} {{ transport }}:
iptables.append:
- table: filter
- family: {{ family }}
- chain: {{ chain }}
- protocol: {{ transport }}
- match: {{ ["set", transport] | tojson }}
- set: {{ setname }} src
- dport: {{ port }}
- jump: ACCEPT
- require:
- ipset: {{ family }} {{ ipset }}
- iptables: {{ family }} {{ chain }} chain
{% endfor %}
{% endfor %}

41
fwrules/chains/ssh_private.sls
Unescape View File

@ -1,41 +0,0 @@
---
include:
- fwrules.ipsets.minions
{% set ipset = "minions" %}
{% set chain = "critical_services" %}
{% set ports = [
("ssh", 22, "tcp"),
] %}
{% for family in ["ipv4", "ipv6"] %}
{{ family }} {{ chain }} chain:
iptables.chain_present:
- name: {{ chain }}
- family: {{ family }}
{{ family }} {{ chain }} CHAINS input:
iptables.append:
- table: filter
- family: {{ family }}
- chain: CHAINS
- jump: {{ chain }}
{% set setname = ipset ~ "-" ~ family %}
{% for protocol, port, transport in ports %}
{{ protocol }} {{ ipset }} {{ family }} {{ transport }}:
iptables.append:
- table: filter
- family: {{ family }}
- chain: {{ chain }}
- protocol: {{ transport }}
- match: {{ ["set", transport] | tojson }}
- set: {{ setname }} src
- dport: {{ port }}
- jump: ACCEPT
- require:
- ipset: {{ family }} {{ ipset }}
- iptables: {{ family }} {{ chain }} CHAINS input
{% endfor %}
{% endfor %}

9
fwrules/chains/usc2_privnet.sls
Unescape View File

@ -1,9 +0,0 @@
---
usc2 privnet allow ipv4:
iptables.append:
- table: filter
- family: ipv4
- chain: USER
- source: "10.200.0.0/24"
- jump: ACCEPT

37
fwrules/chains/vault_private.sls
Unescape View File

@ -1,37 +0,0 @@
---
include:
- fwrules.ipsets.minions
{% set ipset = "minions" %}
{% set chain = "vault" %}
{% for family in ["ipv4", "ipv6"] %}
{{ family }} {{ chain }} chain:
iptables.chain_present:
- name: {{ chain }}
- family: {{ family }}
{{ family }} {{ chain }} CHAINS input:
iptables.append:
- table: filter
- family: {{ family }}
- chain: CHAINS
- jump: {{ chain }}
- require:
- iptables: {{ family }} {{ chain }} chain
{% set setname = ipset ~ "-" ~ family %}
vault {{ ipset }} {{ family }} accept:
iptables.append:
- table: filter
- family: {{ family }}
- chain: {{ chain }}
- protocol: tcp
- set: {{ setname }} src
- match: [set, tcp]
- dport: 8200
- jump: ACCEPT
- require:
- ipset: {{ family }} {{ ipset }}
- iptables: {{ family }} {{ chain }} chain
{% endfor %}

7
fwrules/ipsets/init.sls
Unescape View File

@ -1,7 +0,0 @@
---
include:
- base.packages
- fwrules.ipsets.management
- fwrules.ipsets.minions
- fwrules.ipsets.scrapers

43
fwrules/ipsets/management.sls
Unescape View File

@ -1,43 +0,0 @@
#!pydsl
import itertools
import socket
from copy import copy
from salt.utils import network
pillar = __salt__["pillar.get"]
public_addresses = __salt__.minion_net.public_addresses
names = pillar("firewall:management:resolve_names", [])
resolved_v4, resolved_v6 = __salt__.minion_net.flatten_hostnames(names)
families = [
("ipv4", itertools.chain(
pillar("firewall:management:ipv4", []),
public_addresses("app:builder", target_type="glob", addr_type="ipv4"),
public_addresses("app:saltbox", target_type="glob", addr_type="ipv4"),
resolved_v4,
)),
("ipv6", itertools.chain(
pillar("firewall:management:ipv6", []),
public_addresses("app:builder", target_type="glob", addr_type="ipv6"),
public_addresses("app:saltbox", target_type="glob", addr_type="ipv6"),
resolved_v6,
)),
]
ipset = "management"
for family, addresses in families:
setname = "{}-{}".format(ipset, family)
state("{} {}".format(family, ipset)).ipset.set_present(
name=setname,
set_type="hash:net",
family=family,
).require(pkg="ipset")
if addresses:
state("{} {} addresses".format(family, ipset)).ipset.present(
set_name=setname,
entry=list(addresses),
family=family
).require(ipset="{} {}".format(family, ipset))

22
fwrules/ipsets/minions.sls
Unescape View File

@ -1,22 +0,0 @@
#!pydsl
families = [
("ipv4", __salt__.minion_net.public_addresses("*", target_type="glob", addr_type="ipv4")),
("ipv6", __salt__.minion_net.public_addresses("*", target_type="glob", addr_type="ipv6")),
]
ipset = "minions"
for family, addresses in families:
setname = "{}-{}".format(ipset, family)
state("{} {}".format(family, ipset)).ipset.set_present(
name=setname,
set_type="hash:net",
family=family,
).require(pkg="ipset")
if addresses:
state("{} {} addresses".format(family, ipset)).ipset.present(
set_name=setname,
entry=addresses,
family=family
).require(ipset="{} {}".format(family, ipset))

22
fwrules/ipsets/scrapers.sls
Unescape View File

@ -1,22 +0,0 @@
#!pydsl
families = [
("ipv4", __salt__.minion_net.public_addresses("app:metrics", target_type="grain", addr_type="ipv4")),
("ipv6", __salt__.minion_net.public_addresses("app:metrics", target_type="grain", addr_type="ipv6")),
]
ipset = "scrapers"
for family, addresses in families:
setname = "{}-{}".format(ipset, family)
state("{} {}".format(family, ipset)).ipset.set_present(
name=setname,
set_type="hash:net",
family=family,
).require(pkg="ipset")
if addresses:
state("{} {} addresses".format(family, ipset)).ipset.present(
set_name=setname,
entry=addresses,
family=family
).require(ipset="{} {}".format(family, ipset))

103
fwrules/templates/chains.nft.j2
Unescape View File

@ -0,0 +1,103 @@
chain concourse-worker {
define ports = {
22, # ssh
7777, # concourse-atc
7778, # concourse-baggageclaim
}
ip saddr { 107.155.67.65/29 } tcp dport $ports accept
ip6 saddr { 2604:880:396::/48 } tcp dport $ports accept
}
chain docker-usc2-ingress {
# factorio game
udp dport 34197 accept
# factorio rcon
ip saddr $management4 tcp dport 27017 accept
ip6 saddr $management6 tcp dport 27017 accept
# icecast direct
ip saddr $management4 tcp port 9090 accept
ip6 saddr $management6 tcp port 9090 accept
# unifi
define unifi_ports_tcp = {
8443, # unifi-https
8880, # unifi-portal-http
8843, # unifi-portal-https
6789, # unifi-speed
}
define unifi_ports_udp = {
3478, # unifi-stun
}
# unifi http
tcp dport 8080 accept
ip saddr $management4 tcp port $unifi_ports_tcp accept
ip saddr $management4 udp port $unifi_ports_udp accept
ip6 saddr $management6 tcp port $unifi_ports_tcp accept
ip6 saddr $management6 udp port $unifi_ports_udp accept
}
chain elasticsearch-cluster {
ip saddr 10.1.0.0/24 tcp dport { 9200, 9300 } accept
# external node ingress
ip saddr $minions4 tcp dport 9200 accept
ip6 saddr $minions6 tcp dport 9200 accept
# elasticsearch exporter
ip saddr $scrapers4 tcp dport 9114 accept
ip6 saddr $scrapers6 tcp dport 9114 accept
}
chain http-public {
tcp dport { 80, 443 } accept
}
chain matrix-public {
define ports_tcp = {
8448, # matrix-server
3478, # coturn-plain
5349, # coturn-tls
}
define ports_udp = {
3478, # coturn-plain
5349, # coturn-tls
49152-65535, # coturn-relay
}
tcp dport $ports_tcp accept
udp dport $ports_udp accept
}
chain node-exporter-private {
ip saddr $scrapers4 tcp dport 9100 accept
ip6 saddr $scrapers6 tcp dport 9100 accept
}
chain salt-private {
define ports_tcp = {
443, # grainsrv
4505, # salt-publish
4506, # salt-return
8000, # salt-api
}
ip saddr $minions4 tcp dport $ports_tcp accept
ip6 saddr $minions6 tcp dport $ports_tcp accept
}
chain critical-services {
define ports_tcp = {
22, # ssh
}
ip saddr $minions4 tcp dport $ports_tcp accept
ip6 saddr $minions6 tcp dport $ports_tcp accept
}
chain usc2-privnet {
ip saddr 10.200.0.0/24 accept
}
chain vault-private {
define ports_tcp = {
8200, # vault
}
ip saddr $minions4 tcp dport $ports_tcp accept
ip6 saddr $minions6 tcp dport $ports_tcp accept
}

50
fwrules/templates/sets.nft.j2
Unescape View File

@ -0,0 +1,50 @@
#!/usr/sbin/nft -f
{% set public_addresses = salt["minion_net.public_addresses"] %}
{% set priv4 = (
public_addresses("app:builder", target_type="grain", addr_type="ipv4") ~
public_addresses("app:saltbox", target_type="grain", addr_type="ipv4")
) %}
{% set priv6 = (
public_addresses("app:builder", target_type="grain", addr_type="ipv6") ~
public_addresses("app:saltbox", target_type="grain", addr_type="ipv6")
) %}
define management4 = {
adephagia.synology.me,
107.155.67.64/29,
{% for addr in priv4 %}
{{ addr }},
{% endfor %}
}
define management6 = {
2604:880:396::/48,
{% for addr in priv6 %}
{{ addr }},
{% endfor %}
}
define scrapers4 = {
{% for addr in public_addresses("app:metrics", target_type="grain", addr_type="ipv4") %}
{{ addr }},
{% endfor %}
}
define scrapers6 = {
{% for addr in public_addresses("app:metrics", target_type="grain", addr_type="ipv6") %}
{{ addr }},
{% endfor %}
}
define minions4 = {
{% for addr in public_addresses("*", target_type="glob", addr_type="ipv4") %}
{{ addr }},
{% endfor %}
}
define minions6 = {
{% for addr in public_addresses("*", target_type="glob", addr_type="ipv6") %}
{{ addr }},
{% endfor %}
}
Write Preview
Loading…
Cancel
Save