Make ip whitelist tasks more flexible
Now the list of whitelisted ip addresses can be updated simply by including the specific tasks in an external playbook without polluting our role list. This change takes effect for nginx, apache and fail2ban.
This commit is contained in:
Patrick Marchand
parent
588efc941e
commit
3bcc357509
|
|
@ -10,14 +10,9 @@
|
||||||
force: no
|
force: no
|
||||||
tags:
|
tags:
|
||||||
- apache
|
- apache
|
||||||
|
|
||||||
- name: add IP addresses to private IP whitelist
|
- name: Load IP whitelist task
|
||||||
lineinfile:
|
include: ip_whitelist.yml
|
||||||
dest: /etc/apache2/ipaddr_whitelist.conf
|
|
||||||
line: "Require ip {{ item }}"
|
|
||||||
state: present
|
|
||||||
with_items: "{{ apache_ipaddr_whitelist_present }}"
|
|
||||||
notify: reload apache
|
|
||||||
tags:
|
tags:
|
||||||
- apache
|
- apache
|
||||||
|
|
||||||
|
|
|
||||||
10
apache/tasks/ip_whitelist.yml
Normal file
10
apache/tasks/ip_whitelist.yml
Normal file
|
|
@ -0,0 +1,10 @@
|
||||||
|
---
|
||||||
|
- name: add IP addresses to private IP whitelist
|
||||||
|
lineinfile:
|
||||||
|
dest: /etc/apache2/ipaddr_whitelist.conf
|
||||||
|
line: "Require ip {{ item }}"
|
||||||
|
state: present
|
||||||
|
with_items: "{{ apache_ipaddr_whitelist_present }}"
|
||||||
|
notify: reload apache
|
||||||
|
tags:
|
||||||
|
- apache
|
||||||
10
fail2ban/tasks/ip_whitelist.yml
Normal file
10
fail2ban/tasks/ip_whitelist.yml
Normal file
|
|
@ -0,0 +1,10 @@
|
||||||
|
---
|
||||||
|
- name: Update ignoreips lists
|
||||||
|
ini_file:
|
||||||
|
dest: /etc/fail2ban/jail.local
|
||||||
|
section: "[DEFAULT]"
|
||||||
|
option: "ignoreips"
|
||||||
|
value: "{{ fail2ban_ignore_ips | join(' ') }}"
|
||||||
|
notify: restart fail2ban
|
||||||
|
tags:
|
||||||
|
- fail2ban
|
||||||
|
|
@ -28,13 +28,8 @@
|
||||||
tags:
|
tags:
|
||||||
- fail2ban
|
- fail2ban
|
||||||
|
|
||||||
- name: update ignoreips lists
|
- name: Include ignoredips update task
|
||||||
ini_file:
|
include: ip_whitelist.yml
|
||||||
dest: /etc/fail2ban/jail.local
|
|
||||||
section: "[DEFAULT]"
|
|
||||||
option: "ignoreips"
|
|
||||||
value: "{{ fail2ban_ignore_ips | join(' ') }}"
|
|
||||||
notify: restart fail2ban
|
|
||||||
when: fail2ban_force_update_ignore_ips
|
when: fail2ban_force_update_ignore_ips
|
||||||
tags:
|
tags:
|
||||||
- fail2ban
|
- fail2ban
|
||||||
|
|
|
||||||
10
nginx/tasks/ip_whitelist.yml
Normal file
10
nginx/tasks/ip_whitelist.yml
Normal file
|
|
@ -0,0 +1,10 @@
|
||||||
|
---
|
||||||
|
- name: add IP addresses to private IP whitelist
|
||||||
|
lineinfile:
|
||||||
|
dest: /etc/nginx/snippets/ipaddr_whitelist
|
||||||
|
line: "allow {{ item }};"
|
||||||
|
state: present
|
||||||
|
with_items: "{{ nginx_ipaddr_whitelist_present }}"
|
||||||
|
notify: reload nginx
|
||||||
|
tags
|
||||||
|
- nginx
|
||||||
|
|
@ -49,14 +49,9 @@
|
||||||
notify: reload nginx
|
notify: reload nginx
|
||||||
tags:
|
tags:
|
||||||
- nginx
|
- nginx
|
||||||
|
|
||||||
- name: add IP addresses to private IP whitelist
|
- name: Include IP address whitelist task
|
||||||
lineinfile:
|
include: ip_whitelist.yml
|
||||||
dest: /etc/nginx/snippets/ipaddr_whitelist
|
|
||||||
line: "allow {{ item }};"
|
|
||||||
state: present
|
|
||||||
with_items: "{{ nginx_ipaddr_whitelist_present }}"
|
|
||||||
notify: reload nginx
|
|
||||||
tags:
|
tags:
|
||||||
- nginx
|
- nginx
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue