[fix] roles with ufw incocation

2024-06-01 17:56:28 +02:00 · 2024-06-01 17:56:28 +02:00 · c7c9e6895c
commit c7c9e6895c
parent 2ac8c9c4c3
5 changed files with 58 additions and 45 deletions
--- a/roles/lighttpd/tasks/main.json
+++ b/roles/lighttpd/tasks/main.json
@ -28,30 +28,33 @@
 		}
 	},
 	{
-		"name": "Check wether enabling UFW would be considered a changed",
+		"name": "ufw | check",
 		"check_mode": true,
+		"become": true,
 		"community.general.ufw": {
-			"state": "enabled",
-			"register": "ufw_enable_check"
-		}
+			"state": "enabled"
+		},
+		"register": "ufw_enable_check"
 	},
 	{
-		"name": "Allow port 80 in ufw",
+		"name": "ufw | allow port 80",
+		"when": "not ufw_enable_check.changed",
+		"become": true,
 		"community.general.ufw": {
 			"rule": "allow",
 			"port": "80",
 			"proto": "tcp"
-		},
-		"when": "not ufw_enable_check.changed"
+		}
 	},
 	{
-		"name": "Allow port 443 in ufw",
+		"name": "ufw | allow port 443",
+		"when": "not ufw_enable_check.changed",
+		"become": true,
 		"community.general.ufw": {
 			"rule": "allow",
 			"port": "443",
 			"proto": "tcp"
-		},
-		"when": "not ufw_enable_check.changed"
+		}
 	},
 	{
 		"name": "restart service",
--- a/roles/murmur/tasks/main.json
+++ b/roles/murmur/tasks/main.json
@ -26,21 +26,23 @@
 		}
 	},
 	{
-		"name": "Check wether enabling UFW would be considered a changed",
+		"name": "ufw | check",
 		"check_mode": true,
+		"become": true,
 		"community.general.ufw": {
-			"state": "enabled",
-			"register": "ufw_enable_check"
-		}
+			"state": "enabled"
+		},
+		"register": "ufw_enable_check"
 	},
 	{
-		"name": "Allow port in ufw",
+		"name": "ufw | allow port",
+		"when": "not ufw_enable_check.changed",
+		"become": true,
 		"community.general.ufw": {
 			"rule": "allow",
-			"port": "{{ var_murmur_port }}",
+			"port": "{{var_murmur_port | string}}",
 			"proto": "tcp"
-		},
-		"when": "not ufw_enable_check.changed"
+		}
 	},
 	{
 		"name": "service",
--- a/roles/nginx/tasks/main.json
+++ b/roles/nginx/tasks/main.json
@ -10,30 +10,33 @@
 		}
 	},
 	{
-		"name": "Check wether enabling UFW would be considered a changed",
+		"name": "ufw | check",
+		"become": true,
 		"check_mode": true,
 		"community.general.ufw": {
-			"state": "enabled",
-			"register": "ufw_enable_check"
-		}
+			"state": "enabled"
+		},
+		"register": "ufw_enable_check"
 	},
 	{
-		"name": "Allow port 80 in ufw",
+		"name": "ufw | allow port 80",
+		"when": "not ufw_enable_check.changed",
+		"become": true,
 		"community.general.ufw": {
 			"rule": "allow",
 			"port": "80",
 			"proto": "tcp"
-		},
-		"when": "not ufw_enable_check.changed"
+		}
 	},
 	{
-		"name": "Allow port 443 in ufw",
+		"name": "ufw | allow port 443",
+		"when": "not ufw_enable_check.changed",
+		"become": true,
 		"community.general.ufw": {
 			"rule": "allow",
 			"port": "443",
 			"proto": "tcp"
-		},
-		"when": "not ufw_enable_check.changed"
+		}
 	},
 	{
 		"name": "restart service",
--- a/roles/proftpd/tasks/main.json
+++ b/roles/proftpd/tasks/main.json
@ -10,29 +10,32 @@
 		}
 	},
 	{
-		"name": "Check wether enabling UFW would be considered a changed",
+		"name": "ufw | check",
 		"check_mode": true,
+		"become": true,
 		"community.general.ufw": {
-			"state": "enabled",
-			"register": "ufw_enable_check"
-		}
+			"state": "enabled"
+		},
+		"register": "ufw_enable_check"
 	},
 	{
-		"name": "Allow FTP port 20 in ufw",
+		"name": "ufw | allow port 20",
+		"when": "not ufw_enable_check.changed",
+		"become": true,
 		"community.general.ufw": {
 			"rule": "allow",
 			"port": "20",
 			"proto": "tcp"
-		},
-		"when": "not ufw_enable_check.changed"
+		}
 	},
 	{
-		"name": "Allow FTP port 21 in ufw",
+		"name": "ufw | allow port 21",
+		"when": "not ufw_enable_check.changed",
+		"become": true,
 		"community.general.ufw": {
 			"rule": "allow",
 			"port": "21",
 			"proto": "tcp"
-		},
-		"when": "not ufw_enable_check.changed"
+		}
 	}
 ]
--- a/roles/synapse/tasks/main.json
+++ b/roles/synapse/tasks/main.json
@ -59,21 +59,23 @@
 		}
 	},
 	{
-		"name": "Check wether enabling UFW would be considered a changed",
+		"name": "ufw | check",
+		"become": true,
 		"check_mode": true,
 		"community.general.ufw": {
-			"state": "enabled",
-			"register": "ufw_enable_check"
-		}
+			"state": "enabled"
+		},
+		"register": "ufw_enable_check"
 	},
 	{
-		"name": "Allow matrix federation port in ufw",
+		"name": "ufw | allow port",
+		"when": "not ufw_enable_check.changed",
+		"become": true,
 		"community.general.ufw": {
 			"rule": "allow",
 			"port": "8448",
 			"proto": "tcp"
-		},
-		"when": "not ufw_enable_check.changed"
+		}
 	},
 	{
 		"name": "restart service",