joakimp/opencode-devbox
Public Access
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Skip ufw on OpenStack in cloud-init, matching setup-host.sh behavior

Browse Source
This commit is contained in:
Joakim Persson
2026-04-19 13:22:07 +02:00
parent d091b6b50f
commit fa3bb12d44
1 changed files with 11 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
deploy/cloud-init.yml
+11 -6
View File
@@ -62,12 +62,17 @@ runcmd:
- apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin - apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
- usermod -aG docker devbox - usermod -aG docker devbox
# Firewall — allow SSH, mosh, and optionally HTTPS if running web-accessible services # Firewall — skip on OpenStack (use security groups instead)
- ufw default deny incoming - |
- ufw default allow outgoing if curl -s --connect-timeout 2 http://169.254.169.254/openstack/ >/dev/null 2>&1; then
- ufw allow ssh echo "OpenStack detected — skipping ufw (use security groups instead)"
- ufw allow 60000:61000/udp else
- ufw --force enable ufw default deny incoming
ufw default allow outgoing
ufw allow ssh
ufw allow 60000:61000/udp
ufw --force enable
fi
# Disable IPv6 preference for Docker (avoids intermittent Docker Hub connectivity issues) # Disable IPv6 preference for Docker (avoids intermittent Docker Hub connectivity issues)
- echo 'precedence ::ffff:0:0/96 100' >> /etc/gai.conf - echo 'precedence ::ffff:0:0/96 100' >> /etc/gai.conf