evolix/ansible-roles
22
2
Fork 2
Code Issues 61 Pull requests 18 Releases 33 Wiki Activity
ansible-roles/squid/tasks/minifirewall.yml
Jérémy Lecour ee21973371
All checks were successful
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2777|524|2253|2462|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/223//ansiblelint">Evolix » ansible-roles » unstable #223</a>
Details
gitea/ansible-roles/pipeline/head This commit looks good
Details
Use FQCN 
Fully Qualified Collection Name
2023-03-20 23:33:19 +01:00

63 lines
2.2 KiB
YAML
Raw Permalink Blame History

---
- name: Check if Minifirewall is present
ansible.builtin.stat:
path: "/etc/default/minifirewall"
check_mode: no
register: minifirewall_test
- block:
- name: HTTPSITES list is commented in minifirewall
ansible.builtin.replace:
dest: "/etc/default/minifirewall"
regexp: "^(HTTPSITES='[^0-9])"
replace: '#\1'
notify: restart minifirewall
- name: all HTTPSITES are authorized in minifirewall
ansible.builtin.lineinfile:
dest: "/etc/default/minifirewall"
line: "HTTPSITES='0.0.0.0/0'"
regexp: "HTTPSITES='.*'"
insertafter: "^#HTTPSITES="
notify: restart minifirewall
# The PROXY variable means that minifirewall is "modern"
- name: Look for PROXY variable
ansible.builtin.shell:
cmd: "grep -E '^\\s*PROXY=' /etc/default/minifirewall"
failed_when: False
changed_when: False
check_mode: False
register: _minifirewall_proxy_var_check
- name: Set proxy configuration for minifirewall (legacy mode)
ansible.builtin.lineinfile:
dest: "/etc/default/minifirewall"
regexp: "^#? *{{ item }}"
line: "{{ item }}"
insertafter: "^# Proxy"
loop:
- "/sbin/iptables -t nat -A OUTPUT -p tcp --dport 80 -m owner --uid-owner proxy -j ACCEPT"
- "/sbin/iptables -t nat -A OUTPUT -p tcp --dport 80 -d {{ squid_address }} -j ACCEPT"
- "/sbin/iptables -t nat -A OUTPUT -p tcp --dport 80 -d 127.0.0.0/8 -j ACCEPT"
- "/sbin/iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-port 8888"
notify: restart minifirewall
when: _minifirewall_proxy_var_check.rc == 1
- name: remove minifirewall example rule for the proxy (legacy mode)
ansible.builtin.lineinfile:
dest: "/etc/default/minifirewall"
regexp: '^#.*(-t nat).*(-d X\.X\.X\.X)'
state: absent
notify: restart minifirewall
when: _minifirewall_proxy_var_check.rc == 1
- name: Set proxy configuration for minifirewall (modern mode)
ansible.builtin.replace:
dest: "/etc/default/minifirewall"
replace: "PROXY='on'"
regexp: "PROXY='.*'"
notify: restart minifirewall
when: _minifirewall_proxy_var_check.rc == 0
when: minifirewall_test.stat.exists
Reference in a new issue View git blame Copy permalink