Enable localhost caching

Disable https ports for now
Remove unused rule
2025-04-26 10:03:49 +02:00 · 2025-04-26 09:45:39 +02:00 · 2025-04-26 09:45:25 +02:00 · 2025-04-26 09:40:48 +02:00
5 changed files with 12 additions and 9 deletions
--- a/ansible.cfg
+++ b/ansible.cfg
@ -1,5 +1,6 @@
 [defaults]
 ask_vault_pass = True
+inventory = inventory.yml

 [privilege_escalation]
 become_ask_pass = True
--- a/inventory.yml
+++ b/inventory.yml
@ -0,0 +1,4 @@
+bookworm:
+  hosts:
+    fudiggity:
+      ansible_connection: local
--- a/playbook.yml
+++ b/playbook.yml
@ -1,5 +1,5 @@
 - name: Provision debian server
-  hosts: localhost
+  hosts: bookworm
  pre_tasks:
    - name: Install shared packages
      become: true
--- a/templates/network/resolved.j2
+++ b/templates/network/resolved.j2
@ -28,10 +28,10 @@
 #DNSOverTLS=no
 #MulticastDNS=yes
 #LLMNR=yes
-#Cache=yes
-#CacheFromLocalhost=no
-#DNSStubListener=yes
+Cache=yes
+CacheFromLocalhost=yes
+DNSStubListener=yes
 DNSStubListenerExtra={{ vpn_listen_address }}
 DNSStubListenerExtra={{ vpn_media_listen_address }}
-#ReadEtcHosts=yes
+ReadEtcHosts=yes
 #ResolveUnicastSingleLabel=no
--- a/templates/nftables.j2
+++ b/templates/nftables.j2
@ -52,11 +52,9 @@ table ip filter {
  chain vpn_chain {
    meta l4proto { tcp, udp } th dport 53 ip saddr . ip daddr @vpn_set accept comment "DNS"

-    tcp dport { {{ http_port }}, {{ https_port }} } ip saddr . ip daddr @vpn_set accept comment "HTTP/HTTPS" # TODO: remove?
-
    tcp dport 80 ip saddr {{ vpn_subnet }} ip daddr {{ transmission_nginx_ip }} accept comment "Transmission Web"

-    tcp dport { 80, 443 } ip saddr {{ vpn_subnet }} ip daddr {{ syncthing_nginx_ip }} accept comment "Syncthing Web"
+    tcp dport 80 ip saddr {{ vpn_subnet }} ip daddr {{ syncthing_nginx_ip }} accept comment "Syncthing Web"
    tcp dport {{ syncthing_protocol_port }} ip saddr {{ vpn_subnet }} ip daddr {{ syncthing_app_ip }} accept comment "Syncthing protocol"

    tcp dport 80 ip saddr {{ vpn_subnet }} ip daddr {{ radicale_nginx_ip }} accept comment "Radicale"
@ -75,7 +73,7 @@ table ip filter {
  chain media_vpn_chain {
    meta l4proto { tcp, udp } th dport 53 ip saddr . ip daddr @vpn_media_set accept comment "DNS"

-    tcp dport { 80, 443 } ip saddr {{ vpn_media_subnet }} ip daddr {{ jellyfin_nginx_ip }} accept comment "Jellyfin"
+    tcp dport 80 ip saddr {{ vpn_media_subnet }} ip daddr {{ jellyfin_nginx_ip }} accept comment "Jellyfin"
  }

  # docker's user configurable forward hook chain
Author	SHA1	Message	Date
Sonny Bakker	483e94b8ae	Enable localhost caching	2025-04-26 10:03:49 +02:00
Sonny Bakker	cce4b5d327	Disable https ports for now	2025-04-26 09:45:39 +02:00
Sonny Bakker	cf72ca62ff	Remove unused rule	2025-04-26 09:45:25 +02:00
Sonny Bakker	15d282cfce	Use inventory file	2025-04-26 09:40:48 +02:00