ansible-roles/apache/tasks/ip_whitelist.yml

---

- name: Is ipaddr_whitelist.conf present?
  stat:
    path: /etc/apache2/ipaddr_whitelist.conf
  register: _ipaddr_whitelist_conf

- name: Add IP addresses to private IP whitelist
  lineinfile:
    dest: /etc/apache2/ipaddr_whitelist.conf
    line: "Require ip {{ item }}"
    state: present
  loop: "{{ apache_ipaddr_whitelist_present }}"
  notify: reload apache
  tags:
    - apache
    - ips
  when: _ipaddr_whitelist_conf.stat.exists or not ansible_check_mode

- name: Remove IP addresses from private IP whitelist
  lineinfile:
    dest: /etc/apache2/ipaddr_whitelist.conf
    line: "Require ip {{ item }}"
    state: absent
  loop: "{{ apache_ipaddr_whitelist_absent }}"
  notify: reload apache
  tags:
    - apache
    - ips
Make ip whitelist tasks more flexible Now the list of whitelisted ip addresses can be updated simply by including the specific tasks in an external playbook without polluting our role list. This change takes effect for nginx, apache and fail2ban. 2018-10-29 21:53:46 +01:00			`---`
apache/nginx: IP adresses can also be removed 2018-11-02 18:15:17 +01:00
Allow more --check runs Use “when: not ansible_check_mode” or “when <file>.stat.exists or not ansible_check_mode” in order to provide a meaningful diff if possible. This is an improvement from the previously reverted commit 1728eaee68118ac67477ae01c5c09486aa36b2f2. 2022-12-21 17:06:11 +01:00			`- name: Is ipaddr_whitelist.conf present?`
			`stat:`
			`path: /etc/apache2/ipaddr_whitelist.conf`
			`register: _ipaddr_whitelist_conf`

			`- name: Add IP addresses to private IP whitelist`
Make ip whitelist tasks more flexible Now the list of whitelisted ip addresses can be updated simply by including the specific tasks in an external playbook without polluting our role list. This change takes effect for nginx, apache and fail2ban. 2018-10-29 21:53:46 +01:00			`lineinfile:`
			`dest: /etc/apache2/ipaddr_whitelist.conf`
			`line: "Require ip {{ item }}"`
			`state: present`
Use 'loop' syntax instead of 'with_items' 2021-05-04 14:18:40 +02:00			`loop: "{{ apache_ipaddr_whitelist_present }}"`
Make ip whitelist tasks more flexible Now the list of whitelisted ip addresses can be updated simply by including the specific tasks in an external playbook without polluting our role list. This change takes effect for nginx, apache and fail2ban. 2018-10-29 21:53:46 +01:00			`notify: reload apache`
			`tags:`
apache/nginx: IP adresses can also be removed 2018-11-02 18:15:17 +01:00			`- apache`
			`- ips`
Allow more --check runs Use “when: not ansible_check_mode” or “when <file>.stat.exists or not ansible_check_mode” in order to provide a meaningful diff if possible. This is an improvement from the previously reverted commit 1728eaee68118ac67477ae01c5c09486aa36b2f2. 2022-12-21 17:06:11 +01:00			`when: _ipaddr_whitelist_conf.stat.exists or not ansible_check_mode`
apache/nginx: IP adresses can also be removed 2018-11-02 18:15:17 +01:00
Allow more --check runs Use “when: not ansible_check_mode” or “when <file>.stat.exists or not ansible_check_mode” in order to provide a meaningful diff if possible. This is an improvement from the previously reverted commit 1728eaee68118ac67477ae01c5c09486aa36b2f2. 2022-12-21 17:06:11 +01:00			`- name: Remove IP addresses from private IP whitelist`
apache/nginx: IP adresses can also be removed 2018-11-02 18:15:17 +01:00			`lineinfile:`
			`dest: /etc/apache2/ipaddr_whitelist.conf`
			`line: "Require ip {{ item }}"`
			`state: absent`
Use 'loop' syntax instead of 'with_items' 2021-05-04 14:18:40 +02:00			`loop: "{{ apache_ipaddr_whitelist_absent }}"`
apache/nginx: IP adresses can also be removed 2018-11-02 18:15:17 +01:00			`notify: reload apache`
			`tags:`
			`- apache`
			`- ips`