Enable firewall on deployments (#1186)

ordinals · Jan 10, 2023 · f7195cd · f7195cd
1 parent 92fe2a9
commit f7195cd
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 0 deletions.
diff --git a/deploy/setup b/deploy/setup
@@ -25,8 +25,35 @@ apt-get install --yes \
   libsqlite3-dev\
   libssl-dev \
   pkg-config \
+  ufw \
   vim
 
+ufw default allow outgoing
+ufw default deny incoming
+
+ufw allow 8080
+ufw allow http
+ufw allow https
+ufw allow ssh
+
+case $CHAIN in
+  main)
+    ufw allow 8333
+    ;;
+  signet)
+    ufw allow 38333
+    ;;
+  test)
+    ufw allow 18333
+    ;;
+  *)
+    echo "Unknown chain: $CHAIN"
+    exit 1
+    ;;
+esac
+
+ufw --force enable
+
 if ! which bitcoind; then
   wget -O bitcoin.tar.gz 'https://bitcoincore.org/bin/bitcoin-core-23.0/bitcoin-23.0-x86_64-linux-gnu.tar.gz'
   tar -xzvf bitcoin.tar.gz -C /usr/local/bin --strip-components=2 "bitcoin-23.0/bin/bitcoin-cli" "bitcoin-23.0/bin/bitcoind"
@@ -65,6 +92,9 @@ case $CHAIN in
   signet)
     COOKIE_FILE_DIR=/var/lib/bitcoind/signet
     ;;
+  test)
+    COOKIE_FILE_DIR=/var/lib/bitcoind/testnet3
+    ;;
   *)
     echo "Unknown chain: $CHAIN"
     exit 1

diff --git a/justfile b/justfile
@@ -28,6 +28,8 @@ deploy-mainnet: (deploy "master" "main" "ordinals.com")
 
 deploy-signet branch="master": (deploy branch "signet" "signet.ordinals.com")
 
+deploy-testnet branch="master": (deploy branch "test" "testnet.ordinals.com")
+
 log unit="ord" domain="ordinals.com":
   ssh root@{{domain}} 'journalctl -fu {{unit}}'