[fix] roles with ufw incocation
This commit is contained in:
Christian Fraß
parent
abdd13264f
commit
8c7b10f852
|
|
@ -28,30 +28,30 @@
|
|||
}
|
||||
},
|
||||
{
|
||||
"name": "Check wether enabling UFW would be considered a changed",
|
||||
"name": "check whether enabling UFW would be considered a change",
|
||||
"check_mode": true,
|
||||
"community.general.ufw": {
|
||||
"state": "enabled",
|
||||
"register": "ufw_enable_check"
|
||||
}
|
||||
"state": "enabled"
|
||||
},
|
||||
"register": "ufw_enable_check"
|
||||
},
|
||||
{
|
||||
"name": "Allow port 80 in ufw",
|
||||
"name": "allow port 80 in ufw",
|
||||
"when": "not ufw_enable_check.changed",
|
||||
"community.general.ufw": {
|
||||
"rule": "allow",
|
||||
"port": "80",
|
||||
"proto": "tcp"
|
||||
},
|
||||
"when": "not ufw_enable_check.changed"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "Allow port 443 in ufw",
|
||||
"name": "allow port 443 in ufw",
|
||||
"when": "not ufw_enable_check.changed",
|
||||
"community.general.ufw": {
|
||||
"rule": "allow",
|
||||
"port": "443",
|
||||
"proto": "tcp"
|
||||
},
|
||||
"when": "not ufw_enable_check.changed"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "restart service",
|
||||
|
|
|
|||
|
|
@ -26,21 +26,21 @@
|
|||
}
|
||||
},
|
||||
{
|
||||
"name": "Check wether enabling UFW would be considered a changed",
|
||||
"name": "check whether enabling UFW would be considered a change",
|
||||
"check_mode": true,
|
||||
"community.general.ufw": {
|
||||
"state": "enabled",
|
||||
"register": "ufw_enable_check"
|
||||
}
|
||||
"state": "enabled"
|
||||
},
|
||||
"register": "ufw_enable_check"
|
||||
},
|
||||
{
|
||||
"name": "Allow port in ufw",
|
||||
"name": "allow port in ufw",
|
||||
"when": "not ufw_enable_check.changed",
|
||||
"community.general.ufw": {
|
||||
"rule": "allow",
|
||||
"port": "{{ var_murmur_port }}",
|
||||
"port": "{{var_murmur_port | string}}",
|
||||
"proto": "tcp"
|
||||
},
|
||||
"when": "not ufw_enable_check.changed"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "service",
|
||||
|
|
|
|||
|
|
@ -1,3 +1,3 @@
|
|||
{
|
||||
"var_nginx_auto_reload_interval": null
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -13,7 +13,9 @@
|
|||
{
|
||||
"name": "generate dhparams file",
|
||||
"become": true,
|
||||
"ansible.builtin.command": "openssl dhparam -out /etc/nginx/dhparam 4096",
|
||||
"ansible.builtin.command": {
|
||||
"cmd": "openssl dhparam -out /etc/nginx/dhparam 4096"
|
||||
},
|
||||
"args": {
|
||||
"creates": "/etc/nginx/dhparam"
|
||||
}
|
||||
|
|
@ -27,11 +29,11 @@
|
|||
}
|
||||
},
|
||||
{
|
||||
"name": "Check wether enabling UFW would be considered a changed",
|
||||
"name": "check whether enabling UFW would be considered a change",
|
||||
"become": true,
|
||||
"check_mode": true,
|
||||
"community.general.ufw": {
|
||||
"state": "enabled",
|
||||
"state": "enabled"
|
||||
},
|
||||
"register": "ufw_enable_check"
|
||||
},
|
||||
|
|
@ -55,6 +57,21 @@
|
|||
"proto": "tcp"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "auto reload",
|
||||
"when": "auto_reload_interval != None",
|
||||
"become": true,
|
||||
"ansible.builtin.cron": {
|
||||
"name": "nginx_auto_reload",
|
||||
"disabled": true,
|
||||
"minute": "0",
|
||||
"hour": "*/{{auto_reload_interval | string}}",
|
||||
"day": "*",
|
||||
"month": "*",
|
||||
"weekday": "*",
|
||||
"job": "systemctl reload nginx"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "restart service",
|
||||
"become": true,
|
||||
|
|
|
|||
8
roles/nginx/vardef.json
Normal file
8
roles/nginx/vardef.json
Normal file
|
|
@ -0,0 +1,8 @@
|
|||
{
|
||||
"auto_reload_interval": {
|
||||
"description": "in hours",
|
||||
"nullable": true,
|
||||
"type": "integer",
|
||||
"mandatory": false
|
||||
}
|
||||
}
|
||||
|
|
@ -10,29 +10,29 @@
|
|||
}
|
||||
},
|
||||
{
|
||||
"name": "Check wether enabling UFW would be considered a changed",
|
||||
"name": "check whether enabling UFW would be considered a change",
|
||||
"check_mode": true,
|
||||
"community.general.ufw": {
|
||||
"state": "enabled",
|
||||
"register": "ufw_enable_check"
|
||||
}
|
||||
"state": "enabled"
|
||||
},
|
||||
"register": "ufw_enable_check"
|
||||
},
|
||||
{
|
||||
"name": "Allow FTP port 20 in ufw",
|
||||
"name": "allow FTP port 20 in ufw",
|
||||
"when": "not ufw_enable_check.changed",
|
||||
"community.general.ufw": {
|
||||
"rule": "allow",
|
||||
"port": "20",
|
||||
"proto": "tcp"
|
||||
},
|
||||
"when": "not ufw_enable_check.changed"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "Allow FTP port 21 in ufw",
|
||||
"name": "allow FTP port 21 in ufw",
|
||||
"when": "not ufw_enable_check.changed",
|
||||
"community.general.ufw": {
|
||||
"rule": "allow",
|
||||
"port": "21",
|
||||
"proto": "tcp"
|
||||
},
|
||||
"when": "not ufw_enable_check.changed"
|
||||
}
|
||||
}
|
||||
]
|
||||
|
|
|
|||
|
|
@ -59,21 +59,21 @@
|
|||
}
|
||||
},
|
||||
{
|
||||
"name": "Check wether enabling UFW would be considered a changed",
|
||||
"name": "check whether enabling UFW would be considered a change",
|
||||
"check_mode": true,
|
||||
"community.general.ufw": {
|
||||
"state": "enabled",
|
||||
"register": "ufw_enable_check"
|
||||
}
|
||||
"state": "enabled"
|
||||
},
|
||||
"register": "ufw_enable_check"
|
||||
},
|
||||
{
|
||||
"name": "Allow matrix federation port in ufw",
|
||||
"name": "allow matrix federation port in ufw",
|
||||
"when": "not ufw_enable_check.changed",
|
||||
"community.general.ufw": {
|
||||
"rule": "allow",
|
||||
"port": "8448",
|
||||
"proto": "tcp"
|
||||
},
|
||||
"when": "not ufw_enable_check.changed"
|
||||
}
|
||||
},
|
||||
{
|
||||
"name": "restart service",
|
||||
|
|
|
|||
Loading…
Reference in a new issue