diff --git a/minifirewall/defaults/main.yml b/minifirewall/defaults/main.yml index 3f173962..6d12777a 100644 --- a/minifirewall/defaults/main.yml +++ b/minifirewall/defaults/main.yml @@ -37,6 +37,16 @@ minifirewall_smtp_ok: Null minifirewall_smtp_secure_ok: Null minifirewall_ntp_ok: Null +minifirewall_default_debian_http_sites: + - security.debian.org + - security-cdn.debian.org + - volatile.debian.org + - backports.debian.org + +minifirewall_default_ubuntu_http_sites: + - archive.ubuntu.com + - security.ubuntu.com + minifirewall_autostart: False minifirewall_restart_if_needed: True minifirewall_restart_force: False diff --git a/minifirewall/files/minifirewall.conf b/minifirewall/files/minifirewall.conf index 85246940..4e0d00ca 100644 --- a/minifirewall/files/minifirewall.conf +++ b/minifirewall/files/minifirewall.conf @@ -50,7 +50,7 @@ DNSSERVEURS='0.0.0.0/0' # HTTP authorizations # (you can use DNS names but set cron to reload minifirewall regularly) # (if you have HTTP proxy, set 0.0.0.0/0) -HTTPSITES='security.debian.org security-cdn.debian.org pub.evolix.net volatile.debian.org mirror.evolix.org backports.debian.org hwraid.le-vert.net antispam00.evolix.org spamassassin.apache.org sa-update.space-pro.be sa-update.secnap.net www.sa-update.pccc.com sa-update.dnswl.org' +HTTPSITES='pub.evolix.net mirror.evolix.org hwraid.le-vert.net antispam00.evolix.org spamassassin.apache.org sa-update.space-pro.be sa-update.secnap.net www.sa-update.pccc.com sa-update.dnswl.org' # HTTPS authorizations HTTPSSITES='0.0.0.0/0' diff --git a/minifirewall/tasks/config.yml b/minifirewall/tasks/config.yml index 13cb6145..6a0d0483 100644 --- a/minifirewall/tasks/config.yml +++ b/minifirewall/tasks/config.yml @@ -114,6 +114,22 @@ create: no when: minifirewall_dns_servers is not none +- name: Configure HTTPSITES for debian + lineinfile: + dest: "{{ minifirewall_main_file }}" + line: "HTTPSITES='{{ minifirewall_default_debian_http_sites | join(' ') }}'" + regexp: "HTTPSITES='.*'" + create: no + when: ansible_distribution == "Debian" + +- name: Configure HTTPSITES for ubuntu + lineinfile: + dest: "{{ minifirewall_main_file }}" + line: "HTTPSITES='{{ minifirewall_default_ubuntu_http_sites | join(' ') }}'" + regexp: "HTTPSITES='.*'" + create: no + when: ansible_distribution == "Ubuntu" + - name: Configure HTTPSITES lineinfile: dest: "{{ minifirewall_main_file }}"