diff options
author | Matthieu Saulnier <fantom@fedoraproject.org> | 2023-11-04 16:03:23 +0100 |
---|---|---|
committer | Matthieu Saulnier <fantom@fedoraproject.org> | 2023-11-04 16:03:23 +0100 |
commit | 0fd918121e95e07a4747f377e6cdc2edc5a4b881 (patch) | |
tree | 78b1f6613dfe0ca02a1f86b6f50a9f31f2e69ef2 | |
parent | d43b01ea1d67fbcfb29491db2207206ce4141c11 (diff) | |
download | playbooks-ansible-0fd918121e95e07a4747f377e6cdc2edc5a4b881.tar.gz playbooks-ansible-0fd918121e95e07a4747f377e6cdc2edc5a4b881.tar.xz playbooks-ansible-0fd918121e95e07a4747f377e6cdc2edc5a4b881.zip |
Allow zone transfer between DNS servers via IPv6 only and remove IPv4
listening for STUN/TURN servers
-rw-r--r-- | host_vars/ns5.casperlefantom.net/main.yml | 5 | ||||
-rw-r--r-- | roles/dnsserver/vars/main.yml | 2 | ||||
-rw-r--r-- | roles/imserver/templates/ejabberd.yml.j2 | 29 | ||||
-rw-r--r-- | roles/imserver/vars/main.yml | 1 |
4 files changed, 3 insertions, 34 deletions
diff --git a/host_vars/ns5.casperlefantom.net/main.yml b/host_vars/ns5.casperlefantom.net/main.yml index afa6ec1..e0ed1e3 100644 --- a/host_vars/ns5.casperlefantom.net/main.yml +++ b/host_vars/ns5.casperlefantom.net/main.yml @@ -7,13 +7,10 @@ mtadomain: - saulnier.im # dnsserver dnsslavelist: - - 82.65.125.114 - "2a01:e0a:473:35e0::fed0:a:1" - - 51.15.167.85 - "2001:bc8:3fec:d00:1eaf::" - - 51.15.177.140 - "2001:bc8:3fec:500:7ea::" - - 2a01:e0a:473:35e0::fed0:a:7 + - "2a01:e0a:473:35e0::fed0:a:7" # torrelay process: - { id: 12, orport: 443, dirport: 80 } diff --git a/roles/dnsserver/vars/main.yml b/roles/dnsserver/vars/main.yml index 60b9fdc..260fd9d 100644 --- a/roles/dnsserver/vars/main.yml +++ b/roles/dnsserver/vars/main.yml @@ -4,9 +4,7 @@ crtversion: "44" masterlist: - "2001:bc8:3fec:b00:b007::" - - 163.172.211.128 - "2a01:e0a:473:35e0::fed0:a:7" - - 82.65.125.114 whitelist: - localhost diff --git a/roles/imserver/templates/ejabberd.yml.j2 b/roles/imserver/templates/ejabberd.yml.j2 index 68197bb..b299c19 100644 --- a/roles/imserver/templates/ejabberd.yml.j2 +++ b/roles/imserver/templates/ejabberd.yml.j2 @@ -38,6 +38,7 @@ listen: ip: "::" module: ejabberd_s2s_in max_stanza_size: infinity +{% if ansible_default_ipv6.address is defined %} - port: 3478 ip: "::" @@ -46,16 +47,10 @@ listen: use_turn: true turn_min_port: 49152 turn_max_port: 53999 -{% if ansible_default_ipv4.network == localnet %} - turn_ipv4_address: 82.65.125.114 -{% else %} - turn_ipv4_address: {{ ansible_default_ipv4.address }} -{% endif %} -{% if ansible_default_ipv6.address is defined %} turn_ipv6_address: "{{ ansible_default_ipv6.address }}" -{% endif %} auth_type: user server_name: "SECRET" +{% endif %} - port: 5280 ip: "::1" @@ -256,16 +251,6 @@ modules: mod_stun_disco: secret: "{{ passwdstun }}" services: - - -{% if ansible_default_ipv4.network == localnet %} - host: 82.65.125.114 -{% else %} - host: {{ ansible_default_ipv4.address }} -{% endif %} - port: 3478 - type: stun - transport: udp - restricted: false {% if ansible_default_ipv6.address is defined %} - host: "{{ ansible_default_ipv6.address }}" @@ -274,16 +259,6 @@ modules: transport: udp restricted: false {% endif %} - - -{% if ansible_default_ipv4.network == localnet %} - host: 82.65.125.114 -{% else %} - host: {{ ansible_default_ipv4.address }} -{% endif %} - port: 3478 - type: turn - transport: udp - restricted: true {% if ansible_default_ipv6.address is defined %} - host: "{{ ansible_default_ipv6.address }}" diff --git a/roles/imserver/vars/main.yml b/roles/imserver/vars/main.yml index 0fe8c7a..84f6f2b 100644 --- a/roles/imserver/vars/main.yml +++ b/roles/imserver/vars/main.yml @@ -1,3 +1,2 @@ -localnet: 192.168.7.0 maindomain: casperlefantom.net crtversion: "44" |