diff --git a/README.md b/README.md
index 5304386b8b71752e4314366fbcb7ff21418d7edb..cce459a1931d03b3e4dc173df057d06478bb0395 100644
--- a/README.md
+++ b/README.md
@@ -20,7 +20,7 @@ with `ansible-playbook harbor/base.yaml`.
The playbook handles everything and auto start
harbor.
If you want to change the configuration
-refer to the `ansible/harbor/templates/home/user/harbor/harbor.yml` file
+refer to the `ansible/main/templates/home/user/harbor/harbor.yml` file
## LDAP
diff --git a/ansible/main/base.yaml b/ansible/main/base.yaml
index 770a55d6f8f8b46ab993ff74ec9d17a4df8df0fb..3c7203df701b0b2838c9f9cb7bca5ebeee07fd1f 100644
--- a/ansible/main/base.yaml
+++ b/ansible/main/base.yaml
@@ -2,7 +2,7 @@
- hosts: harbor
become: true
roles:
- - role: kszk-k8s.base
+ - role: kszk.base
tags: ["base"]
- role: kszk.iptables
tags: ["iptables"]
diff --git a/ansible/main/templates/etc/iptables/rules.v4.j2 b/ansible/main/templates/etc/iptables/rules.v4.j2
index 0567efa3473c1cbbc75166c57c2cfa1a36679bac..afa1ba108aaa3b4cbf266f5301765c15b3df1c6f 100644
--- a/ansible/main/templates/etc/iptables/rules.v4.j2
+++ b/ansible/main/templates/etc/iptables/rules.v4.j2
@@ -14,7 +14,7 @@
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp -j ACCEPT
--A INPUT -p tcp -m tcp --dport {{ ssh.port }} --src 152.66.0.0/8,192.168.0.0/16,10.0.0.0/8 -j ACCEPT
+-A INPUT -p tcp -m tcp --dport {{ base_ssh.port }} --src 152.66.0.0/8,192.168.0.0/16,10.0.0.0/8 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
# Accept from the Kubernetes cluster
diff --git a/ansible/main/templates/etc/iptables/rules.v6.j2 b/ansible/main/templates/etc/iptables/rules.v6.j2
index a9c2f3f743d8379ee45fcfce28a55c07357ddc65..2b938ff121e9a3126876fd2fdf3132aaa2857212 100644
--- a/ansible/main/templates/etc/iptables/rules.v6.j2
+++ b/ansible/main/templates/etc/iptables/rules.v6.j2
@@ -14,7 +14,7 @@
-A INPUT -i lo -j ACCEPT
-A INPUT -p ipv6-icmp -j ACCEPT
--A INPUT -p tcp -m tcp --dport {{ ssh.port }} --src 2001:738:2001::/48 -j ACCEPT
+-A INPUT -p tcp -m tcp --dport {{ base_ssh.port }} --src 2001:738:2001::/48 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
# TODO node exporter from Kubernetes ipv6
diff --git a/ansible/main/vars/harbor.yaml b/ansible/main/vars/harbor.yaml
index d38d45c2c2d3afcb7db23944742bb4b705c03baa..cd1b8910420fe6e406fb49029fb018c2ea19c3bd 100644
--- a/ansible/main/vars/harbor.yaml
+++ b/ansible/main/vars/harbor.yaml
@@ -1,20 +1,18 @@
# KSZK Base role
-motd_playbook_url: https://git.sch.bme.hu/kszk/sysadmin/kubernetes/harbor
+base_motd_playbook_url: https://git.sch.bme.hu/kszk/sysadmin/kubernetes/harbor
+base_hostname: harbor
+base_motd_text: "Harbor"
-hostname: harbor
-motd_text: "Harbor"
-
-user: harbor
-users:
+base_users:
- name: rlacko
sudo: yes
passwordless_sudo: yes
ssh_key: https://git.sch.bme.hu/rlacko.keys
- name: harbor
- sudo: yes
- passwordless_sudo: yes
+ sudo: no
+ passwordless_sudo: no
-ssh:
+base_ssh:
port: 10022
permitRootLogin: "no"
pubkeyAuthentication: "yes"
@@ -22,7 +20,7 @@ ssh:
allow:
users: "rlacko"
-netplan:
+base_netplan:
network:
version: 2
renderer: networkd
@@ -42,6 +40,7 @@ iptables_rules_v6_file: etc/iptables/rules.v6.j2
# Playbook vars
+user: harbor
harbor_hostname: harbor.sch.bme.hu
acme_email: laszlo.rafael@kszk.bme.hu
sites:
diff --git a/ansible/requirements.galaxy.yaml b/ansible/requirements.galaxy.yaml
index c4dda09a72666ff37c208d3c278cacdb90dc9706..f65c4128b5816be74f874a3446870164e49064b8 100644
--- a/ansible/requirements.galaxy.yaml
+++ b/ansible/requirements.galaxy.yaml
@@ -5,10 +5,10 @@ collections:
- ansible.posix
roles:
- - src: git@git.sch.bme.hu:kszk/sysadmin/kubernetes/base-ansible-role.git
+ - src: git@git.sch.bme.hu:kszk/ansible/roles/base.git
scm: git
version: master
- name: kszk-k8s.base
+ name: kszk.base
- src: git@git.sch.bme.hu:kszk/ansible/roles/iptables.git
scm: git
version: master