misc/ansible-base
0
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

Merge branch 'dev-ufw_1' into 'dev-ufw'

Browse source 
Add ufw role | Adjustments after test

See merge request roydfalk/ansible-base!6
This commit is contained in:
roydfalk 2024-06-09 08:57:04 +00:00
commit cf175b8ec1
6 changed files with 66 additions and 49 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
roles/lighttpd/tasks/main.json
View file

@ -28,30 +28,33 @@
} }
}, },
{ {
"name": "Check wether enabling UFW would be considered a changed", "name": "ufw | check",
"check_mode": true, "check_mode": true,
"become": true,
"community.general.ufw": { "community.general.ufw": {
"state": "enabled", "state": "enabled"
},
"register": "ufw_enable_check" "register": "ufw_enable_check"
}
}, },
{ {
"name": "Allow port 80 in ufw", "name": "ufw | allow port 80",
"when": "not ufw_enable_check.changed",
"become": true,
"community.general.ufw": { "community.general.ufw": {
"rule": "allow", "rule": "allow",
"port": "80", "port": "80",
"proto": "tcp" "proto": "tcp"
}, }
"when": "not ufw_enable_check.changed"
}, },
{ {
"name": "Allow port 443 in ufw", "name": "ufw | allow port 443",
"when": "not ufw_enable_check.changed",
"become": true,
"community.general.ufw": { "community.general.ufw": {
"rule": "allow", "rule": "allow",
"port": "443", "port": "443",
"proto": "tcp" "proto": "tcp"
}, }
"when": "not ufw_enable_check.changed"
}, },
{ {
"name": "restart service", "name": "restart service",

16
roles/murmur/tasks/main.json
View file

@ -26,21 +26,23 @@
} }
}, },
{ {
"name": "Check wether enabling UFW would be considered a changed", "name": "ufw | check",
"check_mode": true, "check_mode": true,
"become": true,
"community.general.ufw": { "community.general.ufw": {
"state": "enabled", "state": "enabled"
},
"register": "ufw_enable_check" "register": "ufw_enable_check"
}
}, },
{ {
"name": "Allow port in ufw", "name": "ufw | allow port",
"when": "not ufw_enable_check.changed",
"become": true,
"community.general.ufw": { "community.general.ufw": {
"rule": "allow", "rule": "allow",
"port": "{{ var_murmur_port }}", "port": "{{var_murmur_port | string}}",
"proto": "tcp" "proto": "tcp"
}, }
"when": "not ufw_enable_check.changed"
}, },
{ {
"name": "service", "name": "service",

21
roles/nginx/tasks/main.json
View file

@ -10,30 +10,33 @@
} }
}, },
{ {
"name": "Check wether enabling UFW would be considered a changed", "name": "ufw | check",
"become": true,
"check_mode": true, "check_mode": true,
"community.general.ufw": { "community.general.ufw": {
"state": "enabled", "state": "enabled"
},
"register": "ufw_enable_check" "register": "ufw_enable_check"
}
}, },
{ {
"name": "Allow port 80 in ufw", "name": "ufw | allow port 80",
"when": "not ufw_enable_check.changed",
"become": true,
"community.general.ufw": { "community.general.ufw": {
"rule": "allow", "rule": "allow",
"port": "80", "port": "80",
"proto": "tcp" "proto": "tcp"
}, }
"when": "not ufw_enable_check.changed"
}, },
{ {
"name": "Allow port 443 in ufw", "name": "ufw | allow port 443",
"when": "not ufw_enable_check.changed",
"become": true,
"community.general.ufw": { "community.general.ufw": {
"rule": "allow", "rule": "allow",
"port": "443", "port": "443",
"proto": "tcp" "proto": "tcp"
}, }
"when": "not ufw_enable_check.changed"
}, },
{ {
"name": "restart service", "name": "restart service",

21
roles/proftpd/tasks/main.json
View file

@ -10,29 +10,32 @@
} }
}, },
{ {
"name": "Check wether enabling UFW would be considered a changed", "name": "ufw | check",
"check_mode": true, "check_mode": true,
"become": true,
"community.general.ufw": { "community.general.ufw": {
"state": "enabled", "state": "enabled"
},
"register": "ufw_enable_check" "register": "ufw_enable_check"
}
}, },
{ {
"name": "Allow FTP port 20 in ufw", "name": "ufw | allow port 20",
"when": "not ufw_enable_check.changed",
"become": true,
"community.general.ufw": { "community.general.ufw": {
"rule": "allow", "rule": "allow",
"port": "20", "port": "20",
"proto": "tcp" "proto": "tcp"
}, }
"when": "not ufw_enable_check.changed"
}, },
{ {
"name": "Allow FTP port 21 in ufw", "name": "ufw | allow port 21",
"when": "not ufw_enable_check.changed",
"become": true,
"community.general.ufw": { "community.general.ufw": {
"rule": "allow", "rule": "allow",
"port": "21", "port": "21",
"proto": "tcp" "proto": "tcp"
}, }
"when": "not ufw_enable_check.changed"
} }
] ]

14
roles/synapse/tasks/main.json
View file

@ -59,21 +59,23 @@
} }
}, },
{ {
"name": "Check wether enabling UFW would be considered a changed", "name": "ufw | check",
"become": true,
"check_mode": true, "check_mode": true,
"community.general.ufw": { "community.general.ufw": {
"state": "enabled", "state": "enabled"
},
"register": "ufw_enable_check" "register": "ufw_enable_check"
}
}, },
{ {
"name": "Allow matrix federation port in ufw", "name": "ufw | allow port",
"when": "not ufw_enable_check.changed",
"become": true,
"community.general.ufw": { "community.general.ufw": {
"rule": "allow", "rule": "allow",
"port": "8448", "port": "8448",
"proto": "tcp" "proto": "tcp"
}, }
"when": "not ufw_enable_check.changed"
}, },
{ {
"name": "restart service", "name": "restart service",

12
roles/ufw/tasks/main.json
View file

@ -11,7 +11,8 @@
}, },
{ {
"name": "ufw deny incoming", "name": "ufw deny incoming",
"ufw": { "become": true,
"community.general.ufw": {
"direction": "incoming", "direction": "incoming",
"proto": "any", "proto": "any",
"policy": "deny" "policy": "deny"
@ -19,7 +20,8 @@
}, },
{ {
"name": "ufw allow outgoing", "name": "ufw allow outgoing",
"ufw": { "become": true,
"community.general.ufw": {
"direction": "outgoing", "direction": "outgoing",
"proto": "any", "proto": "any",
"policy": "allow" "policy": "allow"
@ -27,14 +29,16 @@
}, },
{ {
"name": "ufw allow and rate-limit ssh", "name": "ufw allow and rate-limit ssh",
"ufw": { "become": true,
"community.general.ufw": {
"rule": "limit", "rule": "limit",
"name": "ssh" "name": "ssh"
} }
}, },
{ {
"name": "enable ufw service", "name": "enable ufw service",
"ufw": { "become": true,
"community.general.ufw": {
"state": "enabled" "state": "enabled"
} }
} }