From 8d352f100eea329e16f6a09035f8e879113891b8 Mon Sep 17 00:00:00 2001 From: Patrick Marchand Date: Tue, 2 Jul 2019 16:07:05 -0400 Subject: [PATCH] Adds default http sites whitelist for ubuntu Ubuntu and Debian do not use the same apt sources. I created two new default variables (minifirewall_default_xxx_http_sites) that contain a list of the sites required for apt to work. I then removed the debian sites from the default file and added two new tasks to prepend the contents of these variables to HTTPSITES. fixes #65 --- minifirewall/defaults/main.yml | 10 ++++++++++ minifirewall/files/minifirewall.conf | 2 +- minifirewall/tasks/config.yml | 16 ++++++++++++++++ 3 files changed, 27 insertions(+), 1 deletion(-) diff --git a/minifirewall/defaults/main.yml b/minifirewall/defaults/main.yml index 3f173962..6d12777a 100644 --- a/minifirewall/defaults/main.yml +++ b/minifirewall/defaults/main.yml @@ -37,6 +37,16 @@ minifirewall_smtp_ok: Null minifirewall_smtp_secure_ok: Null minifirewall_ntp_ok: Null +minifirewall_default_debian_http_sites: + - security.debian.org + - security-cdn.debian.org + - volatile.debian.org + - backports.debian.org + +minifirewall_default_ubuntu_http_sites: + - archive.ubuntu.com + - security.ubuntu.com + minifirewall_autostart: False minifirewall_restart_if_needed: True minifirewall_restart_force: False diff --git a/minifirewall/files/minifirewall.conf b/minifirewall/files/minifirewall.conf index 85246940..4e0d00ca 100644 --- a/minifirewall/files/minifirewall.conf +++ b/minifirewall/files/minifirewall.conf @@ -50,7 +50,7 @@ DNSSERVEURS='0.0.0.0/0' # HTTP authorizations # (you can use DNS names but set cron to reload minifirewall regularly) # (if you have HTTP proxy, set 0.0.0.0/0) -HTTPSITES='security.debian.org security-cdn.debian.org pub.evolix.net volatile.debian.org mirror.evolix.org backports.debian.org hwraid.le-vert.net antispam00.evolix.org spamassassin.apache.org sa-update.space-pro.be sa-update.secnap.net www.sa-update.pccc.com sa-update.dnswl.org' +HTTPSITES='pub.evolix.net mirror.evolix.org hwraid.le-vert.net antispam00.evolix.org spamassassin.apache.org sa-update.space-pro.be sa-update.secnap.net www.sa-update.pccc.com sa-update.dnswl.org' # HTTPS authorizations HTTPSSITES='0.0.0.0/0' diff --git a/minifirewall/tasks/config.yml b/minifirewall/tasks/config.yml index 13cb6145..6a0d0483 100644 --- a/minifirewall/tasks/config.yml +++ b/minifirewall/tasks/config.yml @@ -114,6 +114,22 @@ create: no when: minifirewall_dns_servers is not none +- name: Configure HTTPSITES for debian + lineinfile: + dest: "{{ minifirewall_main_file }}" + line: "HTTPSITES='{{ minifirewall_default_debian_http_sites | join(' ') }}'" + regexp: "HTTPSITES='.*'" + create: no + when: ansible_distribution == "Debian" + +- name: Configure HTTPSITES for ubuntu + lineinfile: + dest: "{{ minifirewall_main_file }}" + line: "HTTPSITES='{{ minifirewall_default_ubuntu_http_sites | join(' ') }}'" + regexp: "HTTPSITES='.*'" + create: no + when: ansible_distribution == "Ubuntu" + - name: Configure HTTPSITES lineinfile: dest: "{{ minifirewall_main_file }}"