From 2bcc1133c0a3512d387b2838fd29af7be6df40dc Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Tue, 4 Dec 2018 14:30:15 +0100 Subject: [PATCH] minifirewall: all variables are configurable By default, a Null value keeps the variable current value as-is. Set an Array (can be empty) to replace the value. --- CHANGELOG.md | 1 + minifirewall/defaults/main.yml | 11 ++++++ minifirewall/tasks/config.yml | 64 ++++++++++++++++++++++++++++++++++ 3 files changed, 76 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index a1b3595d..ae6cface 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,7 @@ The **patch** part changes incrementally at each release. ### Added * evolinux-base: deploy custom motd if template are present +* minifirewall: all variables are configurable (untouched by default) * minifirewall: main file is configurable * squid: minifirewall main file is configurable diff --git a/minifirewall/defaults/main.yml b/minifirewall/defaults/main.yml index 0c473272..3f173962 100644 --- a/minifirewall/defaults/main.yml +++ b/minifirewall/defaults/main.yml @@ -26,6 +26,17 @@ minifirewall_semipublic_ports_udp: [] minifirewall_private_ports_tcp: [5666] minifirewall_private_ports_udp: [] +# Keep a null value to leave the setting as is +# otherwise use an Array, eg. "minifirewall_ssh_ok: ['0.0.0.0/0']" +minifirewall_dns_servers: Null +minifirewall_http_sites: Null +minifirewall_https_sites: Null +minifirewall_ftp_sites: Null +minifirewall_ssh_ok: Null +minifirewall_smtp_ok: Null +minifirewall_smtp_secure_ok: Null +minifirewall_ntp_ok: Null + minifirewall_autostart: False minifirewall_restart_if_needed: True minifirewall_restart_force: False diff --git a/minifirewall/tasks/config.yml b/minifirewall/tasks/config.yml index 96d2120f..bd71cb48 100644 --- a/minifirewall/tasks/config.yml +++ b/minifirewall/tasks/config.yml @@ -106,6 +106,70 @@ SERVICESUDP3='{{ minifirewall_private_ports_udp | join(' ') }}' register: minifirewall_config_ports +- name: Configure DNSSERVEURS + lineinfile: + dest: "{{ minifirewall_main_file }}" + create: no + line: "DNSSERVEURS='{{ minifirewall_dns_servers | join(' ') }}'" + regexp: "DNSSERVEURS='.*'" + when: minifirewall_dns_servers is not none + +- name: Configure HTTPSITES + lineinfile: + dest: "{{ minifirewall_main_file }}" + create: no + line: "HTTPSITES='{{ minifirewall_http_sites | join(' ') }}'" + regexp: "HTTPSITES='.*'" + when: minifirewall_http_sites is not none + +- name: Configure HTTPSSITES + lineinfile: + dest: "{{ minifirewall_main_file }}" + create: no + line: "HTTPSSITES='{{ minifirewall_https_sites | join(' ') }}'" + regexp: "HTTPSSITES='.*'" + when: minifirewall_https_sites is not none + +- name: Configure FTPSITES + lineinfile: + dest: "{{ minifirewall_main_file }}" + create: no + line: "FTPSITES='{{ minifirewall_ftp_sites | join(' ') }}'" + regexp: "FTPSITES='.*'" + when: minifirewall_ftp_sites is not none + +- name: Configure SSHOK + lineinfile: + dest: "{{ minifirewall_main_file }}" + create: no + line: "SSHOK='{{ minifirewall_ssh_ok | join(' ') }}'" + regexp: "SSHOK='.*'" + when: minifirewall_ssh_ok is not none + +- name: Configure SMTPOK + lineinfile: + dest: "{{ minifirewall_main_file }}" + create: no + line: "SMTPOK='{{ minifirewall_smtp_ok | join(' ') }}'" + regexp: "SMTPOK='.*'" + when: minifirewall_smtp_ok is not none + +- name: Configure SMTPSECUREOK + lineinfile: + dest: "{{ minifirewall_main_file }}" + create: no + line: "SMTPSECUREOK='{{ minifirewall_smtp_secure_ok | join(' ') }}'" + regexp: "SMTPSECUREOK='.*'" + when: minifirewall_smtp_secure_ok is not none + +- name: Configure NTPOK + lineinfile: + dest: "{{ minifirewall_main_file }}" + create: no + line: "NTPOK='{{ minifirewall_ntp_ok | join(' ') }}'" + regexp: "NTPOK='.*'" + when: minifirewall_ntp_ok is not none + - name: evomaintenance lineinfile: dest: "{{ minifirewall_main_file }}"