forked from evolix/ansible-roles
Make ip whitelist tasks more flexible
Now the list of whitelisted ip addresses can be updated simply by including the specific tasks in an external playbook without polluting our role list. This change takes effect for nginx, apache and fail2ban.
This commit is contained in:
parent
3d76454984
commit
b776fc3da2
|
@ -11,13 +11,8 @@
|
|||
tags:
|
||||
- apache
|
||||
|
||||
- name: add IP addresses to private IP whitelist
|
||||
lineinfile:
|
||||
dest: /etc/apache2/ipaddr_whitelist.conf
|
||||
line: "Require ip {{ item }}"
|
||||
state: present
|
||||
with_items: "{{ apache_ipaddr_whitelist_present }}"
|
||||
notify: reload apache
|
||||
- name: Load IP whitelist task
|
||||
include: ip_whitelist.yml
|
||||
tags:
|
||||
- apache
|
||||
|
||||
|
|
10
apache/tasks/ip_whitelist.yml
Normal file
10
apache/tasks/ip_whitelist.yml
Normal file
|
@ -0,0 +1,10 @@
|
|||
---
|
||||
- name: add IP addresses to private IP whitelist
|
||||
lineinfile:
|
||||
dest: /etc/apache2/ipaddr_whitelist.conf
|
||||
line: "Require ip {{ item }}"
|
||||
state: present
|
||||
with_items: "{{ apache_ipaddr_whitelist_present }}"
|
||||
notify: reload apache
|
||||
tags:
|
||||
- apache
|
10
fail2ban/tasks/ip_whitelist.yml
Normal file
10
fail2ban/tasks/ip_whitelist.yml
Normal file
|
@ -0,0 +1,10 @@
|
|||
---
|
||||
- name: Update ignoreips lists
|
||||
ini_file:
|
||||
dest: /etc/fail2ban/jail.local
|
||||
section: "[DEFAULT]"
|
||||
option: "ignoreips"
|
||||
value: "{{ fail2ban_ignore_ips | join(' ') }}"
|
||||
notify: restart fail2ban
|
||||
tags:
|
||||
- fail2ban
|
|
@ -28,13 +28,8 @@
|
|||
tags:
|
||||
- fail2ban
|
||||
|
||||
- name: update ignoreips lists
|
||||
ini_file:
|
||||
dest: /etc/fail2ban/jail.local
|
||||
section: "[DEFAULT]"
|
||||
option: "ignoreips"
|
||||
value: "{{ fail2ban_ignore_ips | join(' ') }}"
|
||||
notify: restart fail2ban
|
||||
- name: Include ignoredips update task
|
||||
include: ip_whitelist.yml
|
||||
when: fail2ban_force_update_ignore_ips
|
||||
tags:
|
||||
- fail2ban
|
||||
|
|
10
nginx/tasks/ip_whitelist.yml
Normal file
10
nginx/tasks/ip_whitelist.yml
Normal file
|
@ -0,0 +1,10 @@
|
|||
---
|
||||
- name: add IP addresses to private IP whitelist
|
||||
lineinfile:
|
||||
dest: /etc/nginx/snippets/ipaddr_whitelist
|
||||
line: "allow {{ item }};"
|
||||
state: present
|
||||
with_items: "{{ nginx_ipaddr_whitelist_present }}"
|
||||
notify: reload nginx
|
||||
tags
|
||||
- nginx
|
|
@ -51,13 +51,8 @@
|
|||
- nginx
|
||||
- ips
|
||||
|
||||
- name: add IP addresses to private IP whitelist
|
||||
lineinfile:
|
||||
dest: /etc/nginx/snippets/ipaddr_whitelist
|
||||
line: "allow {{ item }};"
|
||||
state: present
|
||||
with_items: "{{ nginx_ipaddr_whitelist_present }}"
|
||||
notify: reload nginx
|
||||
- name: Include IP address whitelist task
|
||||
include: ip_whitelist.yml
|
||||
tags:
|
||||
- nginx
|
||||
- ips
|
||||
|
|
Loading…
Reference in a new issue