diff --git a/salt/pillars/firewalld/init.sls b/salt/pillars/firewalld/init.sls new file mode 100644 index 0000000..4f21edb --- /dev/null +++ b/salt/pillars/firewalld/init.sls @@ -0,0 +1,10 @@ +include: + - firewalld.kde-connect + +firewalld: + zones: + public: + default: True + services: + ssh: + dhcpv6-client: diff --git a/salt/pillars/firewalld/kde-connect.sls b/salt/pillars/firewalld/kde-connect.sls new file mode 100644 index 0000000..34ecd7d --- /dev/null +++ b/salt/pillars/firewalld/kde-connect.sls @@ -0,0 +1,10 @@ +firewalld: + services: + kde-connect: + ports: + - 1714-1764/tcp + - 1714-1764/udp + zones: + public: + services: + kde-connect: diff --git a/salt/pillars/top.sls b/salt/pillars/top.sls index c398f99..58a6af8 100644 --- a/salt/pillars/top.sls +++ b/salt/pillars/top.sls @@ -5,6 +5,7 @@ base: - firefox - hosts - repos.google_chrome + - firewalld {% if grains['os'] == "SUSE" -%} - repos.packman {% endif %} diff --git a/salt/states/firewalld.sls b/salt/states/firewalld.sls new file mode 100644 index 0000000..8f90554 --- /dev/null +++ b/salt/states/firewalld.sls @@ -0,0 +1,23 @@ +{% if pillar['firewalld']['services'] is defined %} +{% for service, args in pillar['firewalld']['services'].items() %} +Adding {{ service }} firewalld service: + firewalld.service: + - name: {{ service }} + - ports: {{ args['ports'] }} +{% endfor %} +{% endif %} + +{% if pillar['firewalld']['zones'] is defined %} +{% for zone, args in pillar['firewalld']['zones'].items() %} +configure {{ zone }} firewalld zone: + firewalld.present: + - name: {{ zone }} + - default: {{ args['default'] if args['default'] is defined else False }} + {% if args['services'] is defined %} + - services: + {% for service, args in args['services'].items() -%} + - {{ service }} + {% endfor %} + {% endif %} +{% endfor %} +{% endif %} diff --git a/salt/states/top.sls b/salt/states/top.sls index b687400..55c20ff 100644 --- a/salt/states/top.sls +++ b/salt/states/top.sls @@ -6,3 +6,4 @@ base: - vim - firefox - sudo + - firewalld