Make ip whitelist tasks more flexible
Now the list of whitelisted ip addresses can be updated simply by including the specific tasks in an external playbook without polluting our role list. This change takes effect for nginx, apache and fail2ban.
This commit is contained in:
parent
3d76454984
commit
b776fc3da2
|
@ -10,14 +10,9 @@
|
|||
force: no
|
||||
tags:
|
||||
- apache
|
||||
|
||||
- name: add IP addresses to private IP whitelist
|
||||
lineinfile:
|
||||
dest: /etc/apache2/ipaddr_whitelist.conf
|
||||
line: "Require ip {{ item }}"
|
||||
state: present
|
||||
with_items: "{{ apache_ipaddr_whitelist_present }}"
|
||||
notify: reload apache
|
||||
|
||||
- name: Load IP whitelist task
|
||||
include: ip_whitelist.yml
|
||||
tags:
|
||||
- apache
|
||||
|
||||
|
|
|
@ -0,0 +1,10 @@
|
|||
---
|
||||
- name: add IP addresses to private IP whitelist
|
||||
lineinfile:
|
||||
dest: /etc/apache2/ipaddr_whitelist.conf
|
||||
line: "Require ip {{ item }}"
|
||||
state: present
|
||||
with_items: "{{ apache_ipaddr_whitelist_present }}"
|
||||
notify: reload apache
|
||||
tags:
|
||||
- apache
|
|
@ -0,0 +1,10 @@
|
|||
---
|
||||
- name: Update ignoreips lists
|
||||
ini_file:
|
||||
dest: /etc/fail2ban/jail.local
|
||||
section: "[DEFAULT]"
|
||||
option: "ignoreips"
|
||||
value: "{{ fail2ban_ignore_ips | join(' ') }}"
|
||||
notify: restart fail2ban
|
||||
tags:
|
||||
- fail2ban
|
|
@ -28,13 +28,8 @@
|
|||
tags:
|
||||
- fail2ban
|
||||
|
||||
- name: update ignoreips lists
|
||||
ini_file:
|
||||
dest: /etc/fail2ban/jail.local
|
||||
section: "[DEFAULT]"
|
||||
option: "ignoreips"
|
||||
value: "{{ fail2ban_ignore_ips | join(' ') }}"
|
||||
notify: restart fail2ban
|
||||
- name: Include ignoredips update task
|
||||
include: ip_whitelist.yml
|
||||
when: fail2ban_force_update_ignore_ips
|
||||
tags:
|
||||
- fail2ban
|
||||
|
|
|
@ -0,0 +1,10 @@
|
|||
---
|
||||
- name: add IP addresses to private IP whitelist
|
||||
lineinfile:
|
||||
dest: /etc/nginx/snippets/ipaddr_whitelist
|
||||
line: "allow {{ item }};"
|
||||
state: present
|
||||
with_items: "{{ nginx_ipaddr_whitelist_present }}"
|
||||
notify: reload nginx
|
||||
tags
|
||||
- nginx
|
|
@ -50,14 +50,9 @@
|
|||
tags:
|
||||
- nginx
|
||||
- ips
|
||||
|
||||
- name: add IP addresses to private IP whitelist
|
||||
lineinfile:
|
||||
dest: /etc/nginx/snippets/ipaddr_whitelist
|
||||
line: "allow {{ item }};"
|
||||
state: present
|
||||
with_items: "{{ nginx_ipaddr_whitelist_present }}"
|
||||
notify: reload nginx
|
||||
|
||||
- name: Include IP address whitelist task
|
||||
include: ip_whitelist.yml
|
||||
tags:
|
||||
- nginx
|
||||
- ips
|
||||
|
|
Loading…
Reference in New Issue