projects/arvandor
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ad isolation

Browse Source
This commit is contained in:
Damien Coles 2026-02-10 10:31:31 -05:00
parent 6127347b07
commit 91eae53605
2 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@ -158,6 +158,7 @@ VMs only accept traffic from the Proxmox host (for Ansible) and the Nebula overl
|-------|---------| |-------|---------|
| `admin` | Full access (your devices) | | `admin` | Full access (your devices) |
| `infrastructure` | Core services | | `infrastructure` | Core services |
| `ad` | Windows AD domain machines |
| `projects` | Application workloads | | `projects` | Application workloads |
| `games` | Isolated game servers | | `games` | Isolated game servers |

5
ansible/templates/nebula-config.yml.j2
View File

@ -61,6 +61,11 @@ firewall:
proto: any proto: any
group: projects group: projects
# AD domain machines can reach infrastructure (DNS forwarding, etc.)
- port: any
proto: any
group: ad
# Allow ICMP from anyone (ping) # Allow ICMP from anyone (ping)
- port: any - port: any
proto: icmp proto: icmp