diff options
author | Trygve Laugstøl <trygvis@inamo.no> | 2019-01-02 10:57:04 +0100 |
---|---|---|
committer | Trygve Laugstøl <trygvis@inamo.no> | 2019-01-02 10:57:04 +0100 |
commit | 62ff27b05167118c4fa9b5b6b39300041acf80da (patch) | |
tree | 8c5e75a4cf3d43535857ae15d9ad6e3b2893dffe /ansible/roles/ufw | |
parent | 1f3564a99e21af5bd4ac4d11fa3ec7c3885e5208 (diff) | |
download | infra-62ff27b05167118c4fa9b5b6b39300041acf80da.tar.gz infra-62ff27b05167118c4fa9b5b6b39300041acf80da.tar.bz2 infra-62ff27b05167118c4fa9b5b6b39300041acf80da.tar.xz infra-62ff27b05167118c4fa9b5b6b39300041acf80da.zip |
wireguard: Adding conflatorio.
dovecot: adding password management
postfix-satellite: removing apt update
ufw: handling missing variables. Allow ssh by default.
all.yml: taking passwords for postfix-satellite from dovecot.
Diffstat (limited to 'ansible/roles/ufw')
-rw-r--r-- | ansible/roles/ufw/tasks/main.yml | 26 |
1 files changed, 11 insertions, 15 deletions
diff --git a/ansible/roles/ufw/tasks/main.yml b/ansible/roles/ufw/tasks/main.yml index 0579f0a..b6a963b 100644 --- a/ansible/roles/ufw/tasks/main.yml +++ b/ansible/roles/ufw/tasks/main.yml @@ -2,17 +2,21 @@ - ufw become: yes block: - - when: - notify: ufw reload + - notify: ufw reload + vars: + state: "{{ 'present' if ufw__nat_address is defined else 'absent' }}" + nat: + address: "{{ ufw__nat_address if ufw__nat_address is defined else '' }}" + prefix: "{{ ufw__nat_prefix if ufw__nat_prefix is defined else '' }}" blockinfile: path: /etc/ufw/before.rules insertbefore: "^# Don't delete these required lines" marker: "# NAT config: {mark}" - state: "{{ 'present' if ufw__nat_address is defined else 'absent' }}" + state: "{{ state }}" content: | *nat :POSTROUTING ACCEPT [0:0] - -A POSTROUTING -s {{ ufw__nat_address }}/{{ ufw__nat_prefix }} -o eth0 -j MASQUERADE + -A POSTROUTING -s {{ nat.address }}/{{ nat.prefix }} -o eth0 -j MASQUERADE COMMIT - notify: ufw reload @@ -33,14 +37,6 @@ - ufw: state: enabled -# - ufw: -# default: allow -# direction: out - -# - ufw: -# policy: deny -# direction: out - -# - ufw: -# policy: allow -# direction: routed + - ufw: + name: OpenSSH + rule: allow |