forked from evolix/ansible-roles
minifirewall: improve variables values and documentation
This commit is contained in:
parent
9787328a0b
commit
c25c3c6a31
|
@ -13,6 +13,7 @@ The **patch** part changes incrementally at each release.
|
|||
### Added
|
||||
* minifirewall: add a variable to disable the restart handler
|
||||
* minifirewall: add a variable to force a restart of the firewall (even with no change)
|
||||
* inifirewall: improve variables values and documentation
|
||||
|
||||
### Changed
|
||||
|
||||
|
|
|
@ -15,9 +15,11 @@ Everything is in the `tasks/main.yml` file.
|
|||
* `minifirewall_int_lan`: (default: IP/32)
|
||||
* `minifirewall_trusted_ips`: with IP/hosts should be trusted for full access (default: none)
|
||||
* `minifirewall_privilegied_ips`: with IP/hosts should be trusted for restricted access (default: none)
|
||||
* `minifirewall_tail_included` : source a "tail" file at the end of the main config file. (default: `False`)
|
||||
* `minifirewall_tail_included` : source a "tail" file at the end of the main config file (default: `False`)
|
||||
* `minifirewall_tail_force` : overwrite the "tail" file (default: `True`)
|
||||
* `minifirewall_restart_if_needed` : should the restart handler be executed (default: `True`)
|
||||
* `minifirewall_restart_force` : force restart minifirewall at the end of the role execution (default: `False`)
|
||||
* `minifirewall_autostart` : enable minifirewall start at boot time (default: `False`)
|
||||
The full list of variables (with default values) can be found in `defaults/main.yml`.
|
||||
|
||||
**Some IP/hosts must be configured or the server will be inaccessible via network.**
|
||||
|
|
|
@ -1,6 +1,8 @@
|
|||
---
|
||||
|
||||
minifirewall_tail_file: /etc/default/minifirewall.tail
|
||||
minifirewall_tail_included: False
|
||||
minifirewall_tail_force: yes
|
||||
minifirewall_tail_force: True
|
||||
|
||||
minifirewall_git_url: "https://forge.evolix.org/minifirewall.git"
|
||||
minifirewall_checkout_path: "/tmp/minifirewall"
|
||||
|
@ -23,7 +25,7 @@ minifirewall_semipublic_ports_udp: []
|
|||
minifirewall_private_ports_tcp: [5666]
|
||||
minifirewall_private_ports_udp: []
|
||||
|
||||
minifirewall_autostart: "no"
|
||||
minifirewall_autostart: False
|
||||
minifirewall_restart_if_needed: True
|
||||
minifirewall_restart_force: False
|
||||
|
||||
|
|
|
@ -4,4 +4,4 @@
|
|||
dest: /etc/init.d/alert5
|
||||
regexp: '^#/etc/init.d/minifirewall start'
|
||||
replace: '/etc/init.d/minifirewall start'
|
||||
when: minifirewall_autostart == "yes"
|
||||
when: minifirewall_autostart
|
||||
|
|
|
@ -2,8 +2,8 @@
|
|||
- name: Add some rules at the end of minifirewall file
|
||||
template:
|
||||
src: "{{ item }}"
|
||||
dest: /etc/default/minifirewall.tail
|
||||
force: "{{ minifirewall_tail_force | bool | ternary('yes', 'no') }}"
|
||||
dest: "{{ minifirewall_tail_file }}"
|
||||
force: "{{ minifirewall_tail_force | bool }}"
|
||||
with_first_found:
|
||||
- "templates/minifirewall-tail/minifirewall.{{ inventory_hostname }}.tail.j2"
|
||||
- "templates/minifirewall-tail/minifirewall.{{ host_group }}.tail.j2"
|
||||
|
@ -19,7 +19,7 @@
|
|||
blockinfile:
|
||||
dest: /etc/default/minifirewall
|
||||
marker: "# {mark} ANSIBLE MANAGED EXTERNAL RULES"
|
||||
block: . /etc/default/minifirewall.tail
|
||||
block: ". {{ minifirewall_tail_file }}"
|
||||
insertbefore: EOF
|
||||
register: minifirewall_tail_source
|
||||
|
||||
|
|
Loading…
Reference in a new issue