X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/d67b78773673b939831588836bee081d1360fd3c..50aea11082eaa90bd37593b9c987d38a082f4e1b:/cookbooks/networking/attributes/default.rb diff --git a/cookbooks/networking/attributes/default.rb b/cookbooks/networking/attributes/default.rb index d2ec5957d..9832ce8f3 100644 --- a/cookbooks/networking/attributes/default.rb +++ b/cookbooks/networking/attributes/default.rb @@ -1,20 +1,17 @@ -wireguard_id = %x(systemd-id128 machine-id -a 3f36688c233848dfa84e4b176195622e) - default[:networking][:firewall][:enabled] = true -default[:networking][:firewall][:inet] = [] -default[:networking][:firewall][:inet6] = [] -default[:networking][:firewall][:http_rate_limit] = "-" -default[:networking][:firewall][:http_connection_limit] = "-" -default[:networking][:firewall][:log] = true -default[:networking][:firewall][:mark] = true -default[:networking][:firewall][:raw] = true -default[:networking][:firewall][:mangle] = true +default[:networking][:firewall][:sets] = [] +default[:networking][:firewall][:helpers] = [] +default[:networking][:firewall][:incoming] = [] +default[:networking][:firewall][:outgoing] = [] +default[:networking][:firewall][:http_rate_limit] = nil +default[:networking][:firewall][:http_connection_limit] = nil +default[:networking][:firewall][:allowlist] = [] +default[:networking][:roles] = {} default[:networking][:interfaces] = {} -default[:networking][:nameservers] = [] +default[:networking][:nameservers] = %w[8.8.8.8 8.8.4.4 2001:4860:4860::8888 2001:4860:4860::8844] default[:networking][:search] = [] default[:networking][:dnssec] = "allow-downgrade" default[:networking][:hostname] = node.name -default[:networking][:wireguard][:enabled] = false -default[:networking][:wireguard][:address] = "fd43:e709:ea6d:1:#{wireguard_id[0,4]}:#{wireguard_id[4,4]}:#{wireguard_id[8,4]}:#{wireguard_id[12,4]}" -default[:networking][:wireguard][:keepalive] = false +default[:networking][:wireguard][:enabled] = true +default[:networking][:wireguard][:keepalive] = 180 default[:networking][:wireguard][:peers] = []