Adds default http sites whitelist for ubuntu
Some checks reported errors
continuous-integration/drone/push Build encountered an error
Some checks reported errors
continuous-integration/drone/push Build encountered an error
Ubuntu and Debian do not use the same apt sources. I created two new default variables (minifirewall_default_xxx_http_sites) that contain a list of the sites required for apt to work. I then removed the debian sites from the default file and added two new tasks to prepend the contents of these variables to HTTPSITES. fixes #65
This commit is contained in:
parent
5385db2b16
commit
8d352f100e
|
@ -37,6 +37,16 @@ minifirewall_smtp_ok: Null
|
||||||
minifirewall_smtp_secure_ok: Null
|
minifirewall_smtp_secure_ok: Null
|
||||||
minifirewall_ntp_ok: Null
|
minifirewall_ntp_ok: Null
|
||||||
|
|
||||||
|
minifirewall_default_debian_http_sites:
|
||||||
|
- security.debian.org
|
||||||
|
- security-cdn.debian.org
|
||||||
|
- volatile.debian.org
|
||||||
|
- backports.debian.org
|
||||||
|
|
||||||
|
minifirewall_default_ubuntu_http_sites:
|
||||||
|
- archive.ubuntu.com
|
||||||
|
- security.ubuntu.com
|
||||||
|
|
||||||
minifirewall_autostart: False
|
minifirewall_autostart: False
|
||||||
minifirewall_restart_if_needed: True
|
minifirewall_restart_if_needed: True
|
||||||
minifirewall_restart_force: False
|
minifirewall_restart_force: False
|
||||||
|
|
|
@ -50,7 +50,7 @@ DNSSERVEURS='0.0.0.0/0'
|
||||||
# HTTP authorizations
|
# HTTP authorizations
|
||||||
# (you can use DNS names but set cron to reload minifirewall regularly)
|
# (you can use DNS names but set cron to reload minifirewall regularly)
|
||||||
# (if you have HTTP proxy, set 0.0.0.0/0)
|
# (if you have HTTP proxy, set 0.0.0.0/0)
|
||||||
HTTPSITES='security.debian.org security-cdn.debian.org pub.evolix.net volatile.debian.org mirror.evolix.org backports.debian.org hwraid.le-vert.net antispam00.evolix.org spamassassin.apache.org sa-update.space-pro.be sa-update.secnap.net www.sa-update.pccc.com sa-update.dnswl.org'
|
HTTPSITES='pub.evolix.net mirror.evolix.org hwraid.le-vert.net antispam00.evolix.org spamassassin.apache.org sa-update.space-pro.be sa-update.secnap.net www.sa-update.pccc.com sa-update.dnswl.org'
|
||||||
|
|
||||||
# HTTPS authorizations
|
# HTTPS authorizations
|
||||||
HTTPSSITES='0.0.0.0/0'
|
HTTPSSITES='0.0.0.0/0'
|
||||||
|
|
|
@ -114,6 +114,22 @@
|
||||||
create: no
|
create: no
|
||||||
when: minifirewall_dns_servers is not none
|
when: minifirewall_dns_servers is not none
|
||||||
|
|
||||||
|
- name: Configure HTTPSITES for debian
|
||||||
|
lineinfile:
|
||||||
|
dest: "{{ minifirewall_main_file }}"
|
||||||
|
line: "HTTPSITES='{{ minifirewall_default_debian_http_sites | join(' ') }}'"
|
||||||
|
regexp: "HTTPSITES='.*'"
|
||||||
|
create: no
|
||||||
|
when: ansible_distribution == "Debian"
|
||||||
|
|
||||||
|
- name: Configure HTTPSITES for ubuntu
|
||||||
|
lineinfile:
|
||||||
|
dest: "{{ minifirewall_main_file }}"
|
||||||
|
line: "HTTPSITES='{{ minifirewall_default_ubuntu_http_sites | join(' ') }}'"
|
||||||
|
regexp: "HTTPSITES='.*'"
|
||||||
|
create: no
|
||||||
|
when: ansible_distribution == "Ubuntu"
|
||||||
|
|
||||||
- name: Configure HTTPSITES
|
- name: Configure HTTPSITES
|
||||||
lineinfile:
|
lineinfile:
|
||||||
dest: "{{ minifirewall_main_file }}"
|
dest: "{{ minifirewall_main_file }}"
|
||||||
|
|
Loading…
Reference in a new issue