From aeba94bcba40f3c59ad09062ea23dee7cbef644f Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Wed, 20 Dec 2017 18:04:54 +0100 Subject: [PATCH] default/additional variables List of hosts/ip are a combination of 2 lists allowing overrides --- apache/defaults/main.yml | 7 +++---- evolinux-base/defaults/main.yml | 7 +++---- evomaintenance/defaults/main.yml | 7 +++---- fail2ban/defaults/main.yml | 7 +++---- minifirewall/defaults/main.yml | 7 +++---- nagios-nrpe/defaults/main.yml | 7 +++---- nginx/defaults/main.yml | 8 ++++---- 7 files changed, 22 insertions(+), 28 deletions(-) diff --git a/apache/defaults/main.yml b/apache/defaults/main.yml index b21e1d59..901f3c20 100644 --- a/apache/defaults/main.yml +++ b/apache/defaults/main.yml @@ -1,8 +1,7 @@ --- -evolix_trusted_ips: [] -additional_trusted_ips: [] -# Let's merge evolix_trusted_ips with additional_trusted_ips -apache_ipaddr_whitelist_present: "{{ evolix_trusted_ips | union(additional_trusted_ips) | unique }}" +apache_default_ipaddr_whitelist_ips: [] +apache_additional_ipaddr_whitelist_ips: [] +apache_ipaddr_whitelist_present: "{{ apache_default_ipaddr_whitelist_ips | union(apache_additional_ipaddr_whitelist_ips) | unique }}" apache_ipaddr_whitelist_absent: [] apache_private_htpasswd_present: [] diff --git a/evolinux-base/defaults/main.yml b/evolinux-base/defaults/main.yml index 54e5d85c..297735f4 100644 --- a/evolinux-base/defaults/main.yml +++ b/evolinux-base/defaults/main.yml @@ -108,10 +108,9 @@ evolinux_evomaintenance_include: True evolinux_ssh_include: True -evolix_trusted_ips: [] -additional_trusted_ips: [] -# Let's merge evolix_trusted_ips with additional_trusted_ips -evolinux_ssh_password_auth_addresses: "{{ evolix_trusted_ips | union(additional_trusted_ips) | unique }}" +evolinux_default_ssh_password_auth_addresses: [] +evolinux_additional_ssh_password_auth_addresses: [] +evolinux_ssh_password_auth_addresses: "{{ evolinux_default_ssh_password_auth_addresses | union(evolinux_additional_ssh_password_auth_addresses) | unique }}" evolinux_ssh_match_address: True evolinux_ssh_disable_acceptenv: True evolinux_ssh_allow_current_user: False diff --git a/evomaintenance/defaults/main.yml b/evomaintenance/defaults/main.yml index 2d0bf1b6..1806f691 100644 --- a/evomaintenance/defaults/main.yml +++ b/evomaintenance/defaults/main.yml @@ -17,7 +17,6 @@ evomaintenance_urgency_tel: "06.00.00.00.00" evomaintenance_realm: "{{ ansible_domain }}" -evolix_trusted_ips: [] -additional_trusted_ips: [] -# Let's merge evolix_trusted_ips with additional_trusted_ips -evomaintenance_hosts: "{{ evolix_trusted_ips | union(additional_trusted_ips) | unique }}" +evomaintenance_default_hosts: [] +evomaintenance_additional_hosts: [] +evomaintenance_hosts: "{{ evomaintenance_default_hosts | union(evomaintenance_additional_hosts) | unique }}" diff --git a/fail2ban/defaults/main.yml b/fail2ban/defaults/main.yml index 73cd46cb..45c2477a 100644 --- a/fail2ban/defaults/main.yml +++ b/fail2ban/defaults/main.yml @@ -2,10 +2,9 @@ general_alert_email: "root@localhost" fail2ban_alert_email: Null -evolix_trusted_ips: [] -additional_trusted_ips: [] -# Let's merge evolix_trusted_ips with additional_trusted_ips -fail2ban_ignore_ips: "{{ evolix_trusted_ips | union(additional_trusted_ips) | unique }}" +fail2ban_default_ignore_ips: [] +fail2ban_additional_ignore_ips: [] +fail2ban_ignore_ips: "{{ fail2ban_default_ignore_ips | union(fail2ban_additional_ignore_ips) | unique }}" fail2ban_wordpress: False fail2ban_roundcube: False diff --git a/minifirewall/defaults/main.yml b/minifirewall/defaults/main.yml index 4c8498cf..4f82138d 100644 --- a/minifirewall/defaults/main.yml +++ b/minifirewall/defaults/main.yml @@ -7,11 +7,10 @@ minifirewall_int: "{{ ansible_default_ipv4.interface }}" minifirewall_ipv6: "on" minifirewall_intlan: "{{ ansible_default_ipv4.address }}/32" -evolix_trusted_ips: [] -additional_trusted_ips: [] -# Let's merge evolix_trusted_ips with additional_trusted_ips +minifirewall_default_trusted_ips: [] +minifirewall_additional_trusted_ips: [] # and default to ['0.0.0.0/0'] if the result is still empty -minifirewall_trusted_ips: "{{ evolix_trusted_ips | union(additional_trusted_ips) | unique | default(['0.0.0.0/0'], true) }}" +minifirewall_trusted_ips: "{{ minifirewall_default_trusted_ips | union(minifirewall_additional_trusted_ips) | unique | default(['0.0.0.0/0'], true) }}" minifirewall_privilegied_ips: [] minifirewall_protected_ports_tcp: [22] diff --git a/nagios-nrpe/defaults/main.yml b/nagios-nrpe/defaults/main.yml index 96c3ddd3..4a1eb1c0 100644 --- a/nagios-nrpe/defaults/main.yml +++ b/nagios-nrpe/defaults/main.yml @@ -1,8 +1,7 @@ --- -evolix_trusted_ips: [] -additional_trusted_ips: [] -# Let's merge evolix_trusted_ips with additional_trusted_ips -nagios_nrpe_allowed_hosts: "{{ evolix_trusted_ips | union(additional_trusted_ips) | unique }}" +nagios_nrpe_default_allowed_hosts: [] +nagios_nrpe_additional_allowed_hosts: [] +nagios_nrpe_allowed_hosts: "{{ nagios_nrpe_default_allowed_hosts | union(nagios_nrpe_additional_allowed_hosts) | unique }}" nagios_nrpe_ldap_dc: "dc=DOMAIN,dc=EXT" nagios_nrpe_ldap_passwd: LDAP_PASSWD nagios_nrpe_pgsql_passwd: PGSQL_PASSWD diff --git a/nginx/defaults/main.yml b/nginx/defaults/main.yml index 38dcbb89..bea3159f 100644 --- a/nginx/defaults/main.yml +++ b/nginx/defaults/main.yml @@ -3,10 +3,10 @@ nginx_minimal: False nginx_jessie_backports: False -evolix_trusted_ips: [] -additional_trusted_ips: [] -# Let's merge evolix_trusted_ips with additional_trusted_ips -nginx_ipaddr_whitelist_present: "{{ evolix_trusted_ips | union(additional_trusted_ips) | unique }}" +nginx_default_ipaddr_whitelist_ips: [] +nginx_additional_ipaddr_whitelist_ips: [] +nginx_ipaddr_whitelist_present: "{{ nginx_default_ipaddr_whitelist_ips | union(nginx_additional_ipaddr_whitelist_ips) | unique }}" + nginx_ipaddr_whitelist_absent: [] nginx_private_htpasswd_present: []