Make ip whitelist tasks more flexible
Now the list of whitelisted ip addresses can be updated simply by including the specific tasks in an external playbook without polluting our role list. This change takes effect for nginx, apache and fail2ban.
This commit is contained in:
parent
588efc941e
commit
3bcc357509
|
@ -10,14 +10,9 @@
|
|||
force: no
|
||||
tags:
|
||||
- apache
|
||||
|
||||
- name: add IP addresses to private IP whitelist
|
||||
lineinfile:
|
||||
dest: /etc/apache2/ipaddr_whitelist.conf
|
||||
line: "Require ip {{ item }}"
|
||||
state: present
|
||||
with_items: "{{ apache_ipaddr_whitelist_present }}"
|
||||
notify: reload apache
|
||||
|
||||
- name: Load IP whitelist task
|
||||
include: ip_whitelist.yml
|
||||
tags:
|
||||
- apache
|
||||
|
||||
|
|
|
@ -0,0 +1,10 @@
|
|||
---
|
||||
- name: add IP addresses to private IP whitelist
|
||||
lineinfile:
|
||||
dest: /etc/apache2/ipaddr_whitelist.conf
|
||||
line: "Require ip {{ item }}"
|
||||
state: present
|
||||
with_items: "{{ apache_ipaddr_whitelist_present }}"
|
||||
notify: reload apache
|
||||
tags:
|
||||
- apache
|
|
@ -0,0 +1,10 @@
|
|||
---
|
||||
- name: Update ignoreips lists
|
||||
ini_file:
|
||||
dest: /etc/fail2ban/jail.local
|
||||
section: "[DEFAULT]"
|
||||
option: "ignoreips"
|
||||
value: "{{ fail2ban_ignore_ips | join(' ') }}"
|
||||
notify: restart fail2ban
|
||||
tags:
|
||||
- fail2ban
|
|
@ -28,13 +28,8 @@
|
|||
tags:
|
||||
- fail2ban
|
||||
|
||||
- name: update ignoreips lists
|
||||
ini_file:
|
||||
dest: /etc/fail2ban/jail.local
|
||||
section: "[DEFAULT]"
|
||||
option: "ignoreips"
|
||||
value: "{{ fail2ban_ignore_ips | join(' ') }}"
|
||||
notify: restart fail2ban
|
||||
- name: Include ignoredips update task
|
||||
include: ip_whitelist.yml
|
||||
when: fail2ban_force_update_ignore_ips
|
||||
tags:
|
||||
- fail2ban
|
||||
|
|
|
@ -0,0 +1,10 @@
|
|||
---
|
||||
- name: add IP addresses to private IP whitelist
|
||||
lineinfile:
|
||||
dest: /etc/nginx/snippets/ipaddr_whitelist
|
||||
line: "allow {{ item }};"
|
||||
state: present
|
||||
with_items: "{{ nginx_ipaddr_whitelist_present }}"
|
||||
notify: reload nginx
|
||||
tags
|
||||
- nginx
|
|
@ -49,14 +49,9 @@
|
|||
notify: reload nginx
|
||||
tags:
|
||||
- nginx
|
||||
|
||||
- name: add IP addresses to private IP whitelist
|
||||
lineinfile:
|
||||
dest: /etc/nginx/snippets/ipaddr_whitelist
|
||||
line: "allow {{ item }};"
|
||||
state: present
|
||||
with_items: "{{ nginx_ipaddr_whitelist_present }}"
|
||||
notify: reload nginx
|
||||
|
||||
- name: Include IP address whitelist task
|
||||
include: ip_whitelist.yml
|
||||
tags:
|
||||
- nginx
|
||||
|
||||
|
|
Loading…
Reference in New Issue