Adds default http sites whitelist for ubuntu
Some checks reported errors
continuous-integration/drone/push Build encountered an error
Some checks reported errors
continuous-integration/drone/push Build encountered an error
Ubuntu and Debian do not use the same apt sources. I created two new default variables (minifirewall_default_xxx_http_sites) that contain a list of the sites required for apt to work. I then removed the debian sites from the default file and added two new tasks to prepend the contents of these variables to HTTPSITES. fixes #65
This commit is contained in:
parent
5385db2b16
commit
8d352f100e
|
@ -37,6 +37,16 @@ minifirewall_smtp_ok: Null
|
|||
minifirewall_smtp_secure_ok: Null
|
||||
minifirewall_ntp_ok: Null
|
||||
|
||||
minifirewall_default_debian_http_sites:
|
||||
- security.debian.org
|
||||
- security-cdn.debian.org
|
||||
- volatile.debian.org
|
||||
- backports.debian.org
|
||||
|
||||
minifirewall_default_ubuntu_http_sites:
|
||||
- archive.ubuntu.com
|
||||
- security.ubuntu.com
|
||||
|
||||
minifirewall_autostart: False
|
||||
minifirewall_restart_if_needed: True
|
||||
minifirewall_restart_force: False
|
||||
|
|
|
@ -50,7 +50,7 @@ DNSSERVEURS='0.0.0.0/0'
|
|||
# HTTP authorizations
|
||||
# (you can use DNS names but set cron to reload minifirewall regularly)
|
||||
# (if you have HTTP proxy, set 0.0.0.0/0)
|
||||
HTTPSITES='security.debian.org security-cdn.debian.org pub.evolix.net volatile.debian.org mirror.evolix.org backports.debian.org hwraid.le-vert.net antispam00.evolix.org spamassassin.apache.org sa-update.space-pro.be sa-update.secnap.net www.sa-update.pccc.com sa-update.dnswl.org'
|
||||
HTTPSITES='pub.evolix.net mirror.evolix.org hwraid.le-vert.net antispam00.evolix.org spamassassin.apache.org sa-update.space-pro.be sa-update.secnap.net www.sa-update.pccc.com sa-update.dnswl.org'
|
||||
|
||||
# HTTPS authorizations
|
||||
HTTPSSITES='0.0.0.0/0'
|
||||
|
|
|
@ -114,6 +114,22 @@
|
|||
create: no
|
||||
when: minifirewall_dns_servers is not none
|
||||
|
||||
- name: Configure HTTPSITES for debian
|
||||
lineinfile:
|
||||
dest: "{{ minifirewall_main_file }}"
|
||||
line: "HTTPSITES='{{ minifirewall_default_debian_http_sites | join(' ') }}'"
|
||||
regexp: "HTTPSITES='.*'"
|
||||
create: no
|
||||
when: ansible_distribution == "Debian"
|
||||
|
||||
- name: Configure HTTPSITES for ubuntu
|
||||
lineinfile:
|
||||
dest: "{{ minifirewall_main_file }}"
|
||||
line: "HTTPSITES='{{ minifirewall_default_ubuntu_http_sites | join(' ') }}'"
|
||||
regexp: "HTTPSITES='.*'"
|
||||
create: no
|
||||
when: ansible_distribution == "Ubuntu"
|
||||
|
||||
- name: Configure HTTPSITES
|
||||
lineinfile:
|
||||
dest: "{{ minifirewall_main_file }}"
|
||||
|
|
Loading…
Reference in a new issue