Add firewall settings for `Vault`.

2024-07-15 21:39:00 +09:00 · 2024-07-15 21:39:00 +09:00 · a955001416
parent e21fa08291
commit a955001416
1 changed files with 15 additions and 0 deletions
--- a/cookbooks/vault/setup.rb
+++ b/cookbooks/vault/setup.rb
@ -38,3 +38,18 @@ remote_file '/etc/logrotate.d/vault' do
  group 'root'
  mode '644'
 end
 %w(8200 8201).each do |port|
  execute "ufw allow #{port}" do
    user 'root'
    not_if "LANG=c ufw status | grep #{port}"
    notifies :run, 'execute[ufw reload-or-enable]'
  end
 end
 service 'vault' do
  action [:enable, :start]
 end