From c25c3c6a311628d2c16f5d8e4cd79bb11850b2f5 Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Thu, 30 Aug 2018 17:06:21 +0200 Subject: [PATCH] minifirewall: improve variables values and documentation --- CHANGELOG.md | 1 + minifirewall/README.md | 4 +++- minifirewall/defaults/main.yml | 6 ++++-- minifirewall/tasks/activate.yml | 2 +- minifirewall/tasks/tail.yml | 6 +++--- 5 files changed, 12 insertions(+), 7 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index bdec64fd..f58be4b3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,6 +13,7 @@ The **patch** part changes incrementally at each release. ### Added * minifirewall: add a variable to disable the restart handler * minifirewall: add a variable to force a restart of the firewall (even with no change) +* inifirewall: improve variables values and documentation ### Changed diff --git a/minifirewall/README.md b/minifirewall/README.md index 59cc86f6..7d023fd9 100644 --- a/minifirewall/README.md +++ b/minifirewall/README.md @@ -15,9 +15,11 @@ Everything is in the `tasks/main.yml` file. * `minifirewall_int_lan`: (default: IP/32) * `minifirewall_trusted_ips`: with IP/hosts should be trusted for full access (default: none) * `minifirewall_privilegied_ips`: with IP/hosts should be trusted for restricted access (default: none) -* `minifirewall_tail_included` : source a "tail" file at the end of the main config file. (default: `False`) +* `minifirewall_tail_included` : source a "tail" file at the end of the main config file (default: `False`) +* `minifirewall_tail_force` : overwrite the "tail" file (default: `True`) * `minifirewall_restart_if_needed` : should the restart handler be executed (default: `True`) * `minifirewall_restart_force` : force restart minifirewall at the end of the role execution (default: `False`) +* `minifirewall_autostart` : enable minifirewall start at boot time (default: `False`) The full list of variables (with default values) can be found in `defaults/main.yml`. **Some IP/hosts must be configured or the server will be inaccessible via network.** diff --git a/minifirewall/defaults/main.yml b/minifirewall/defaults/main.yml index b1dfbaf1..a331b033 100644 --- a/minifirewall/defaults/main.yml +++ b/minifirewall/defaults/main.yml @@ -1,6 +1,8 @@ --- + +minifirewall_tail_file: /etc/default/minifirewall.tail minifirewall_tail_included: False -minifirewall_tail_force: yes +minifirewall_tail_force: True minifirewall_git_url: "https://forge.evolix.org/minifirewall.git" minifirewall_checkout_path: "/tmp/minifirewall" @@ -23,7 +25,7 @@ minifirewall_semipublic_ports_udp: [] minifirewall_private_ports_tcp: [5666] minifirewall_private_ports_udp: [] -minifirewall_autostart: "no" +minifirewall_autostart: False minifirewall_restart_if_needed: True minifirewall_restart_force: False diff --git a/minifirewall/tasks/activate.yml b/minifirewall/tasks/activate.yml index ebe24fd6..1ecd0dc3 100644 --- a/minifirewall/tasks/activate.yml +++ b/minifirewall/tasks/activate.yml @@ -4,4 +4,4 @@ dest: /etc/init.d/alert5 regexp: '^#/etc/init.d/minifirewall start' replace: '/etc/init.d/minifirewall start' - when: minifirewall_autostart == "yes" + when: minifirewall_autostart diff --git a/minifirewall/tasks/tail.yml b/minifirewall/tasks/tail.yml index a4cb6013..4d404136 100644 --- a/minifirewall/tasks/tail.yml +++ b/minifirewall/tasks/tail.yml @@ -2,8 +2,8 @@ - name: Add some rules at the end of minifirewall file template: src: "{{ item }}" - dest: /etc/default/minifirewall.tail - force: "{{ minifirewall_tail_force | bool | ternary('yes', 'no') }}" + dest: "{{ minifirewall_tail_file }}" + force: "{{ minifirewall_tail_force | bool }}" with_first_found: - "templates/minifirewall-tail/minifirewall.{{ inventory_hostname }}.tail.j2" - "templates/minifirewall-tail/minifirewall.{{ host_group }}.tail.j2" @@ -19,7 +19,7 @@ blockinfile: dest: /etc/default/minifirewall marker: "# {mark} ANSIBLE MANAGED EXTERNAL RULES" - block: . /etc/default/minifirewall.tail + block: ". {{ minifirewall_tail_file }}" insertbefore: EOF register: minifirewall_tail_source