From 8c7b10f852f803f5c42766dee970f3aad7785d55 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20Fra=C3=9F?= Date: Sat, 1 Jun 2024 17:17:40 +0200 Subject: [PATCH] [fix] roles with ufw incocation --- roles/lighttpd/tasks/main.json | 20 ++++++++++---------- roles/murmur/tasks/main.json | 16 ++++++++-------- roles/nginx/defaults/main.json | 2 +- roles/nginx/tasks/main.json | 23 ++++++++++++++++++++--- roles/nginx/vardef.json | 8 ++++++++ roles/proftpd/tasks/main.json | 20 ++++++++++---------- roles/synapse/tasks/main.json | 14 +++++++------- 7 files changed, 64 insertions(+), 39 deletions(-) create mode 100644 roles/nginx/vardef.json diff --git a/roles/lighttpd/tasks/main.json b/roles/lighttpd/tasks/main.json index 8e85d43..57ec279 100644 --- a/roles/lighttpd/tasks/main.json +++ b/roles/lighttpd/tasks/main.json @@ -28,30 +28,30 @@ } }, { - "name": "Check wether enabling UFW would be considered a changed", + "name": "check whether enabling UFW would be considered a change", "check_mode": true, "community.general.ufw": { - "state": "enabled", - "register": "ufw_enable_check" - } + "state": "enabled" + }, + "register": "ufw_enable_check" }, { - "name": "Allow port 80 in ufw", + "name": "allow port 80 in ufw", + "when": "not ufw_enable_check.changed", "community.general.ufw": { "rule": "allow", "port": "80", "proto": "tcp" - }, - "when": "not ufw_enable_check.changed" + } }, { - "name": "Allow port 443 in ufw", + "name": "allow port 443 in ufw", + "when": "not ufw_enable_check.changed", "community.general.ufw": { "rule": "allow", "port": "443", "proto": "tcp" - }, - "when": "not ufw_enable_check.changed" + } }, { "name": "restart service", diff --git a/roles/murmur/tasks/main.json b/roles/murmur/tasks/main.json index b8303b2..196e044 100644 --- a/roles/murmur/tasks/main.json +++ b/roles/murmur/tasks/main.json @@ -26,21 +26,21 @@ } }, { - "name": "Check wether enabling UFW would be considered a changed", + "name": "check whether enabling UFW would be considered a change", "check_mode": true, "community.general.ufw": { - "state": "enabled", - "register": "ufw_enable_check" - } + "state": "enabled" + }, + "register": "ufw_enable_check" }, { - "name": "Allow port in ufw", + "name": "allow port in ufw", + "when": "not ufw_enable_check.changed", "community.general.ufw": { "rule": "allow", - "port": "{{ var_murmur_port }}", + "port": "{{var_murmur_port | string}}", "proto": "tcp" - }, - "when": "not ufw_enable_check.changed" + } }, { "name": "service", diff --git a/roles/nginx/defaults/main.json b/roles/nginx/defaults/main.json index bfd870e..997702e 100644 --- a/roles/nginx/defaults/main.json +++ b/roles/nginx/defaults/main.json @@ -1,3 +1,3 @@ { + "var_nginx_auto_reload_interval": null } - diff --git a/roles/nginx/tasks/main.json b/roles/nginx/tasks/main.json index 6ed5f8c..8093955 100644 --- a/roles/nginx/tasks/main.json +++ b/roles/nginx/tasks/main.json @@ -13,7 +13,9 @@ { "name": "generate dhparams file", "become": true, - "ansible.builtin.command": "openssl dhparam -out /etc/nginx/dhparam 4096", + "ansible.builtin.command": { + "cmd": "openssl dhparam -out /etc/nginx/dhparam 4096" + }, "args": { "creates": "/etc/nginx/dhparam" } @@ -27,11 +29,11 @@ } }, { - "name": "Check wether enabling UFW would be considered a changed", + "name": "check whether enabling UFW would be considered a change", "become": true, "check_mode": true, "community.general.ufw": { - "state": "enabled", + "state": "enabled" }, "register": "ufw_enable_check" }, @@ -55,6 +57,21 @@ "proto": "tcp" } }, + { + "name": "auto reload", + "when": "auto_reload_interval != None", + "become": true, + "ansible.builtin.cron": { + "name": "nginx_auto_reload", + "disabled": true, + "minute": "0", + "hour": "*/{{auto_reload_interval | string}}", + "day": "*", + "month": "*", + "weekday": "*", + "job": "systemctl reload nginx" + } + }, { "name": "restart service", "become": true, diff --git a/roles/nginx/vardef.json b/roles/nginx/vardef.json new file mode 100644 index 0000000..c03ddc6 --- /dev/null +++ b/roles/nginx/vardef.json @@ -0,0 +1,8 @@ +{ + "auto_reload_interval": { + "description": "in hours", + "nullable": true, + "type": "integer", + "mandatory": false + } +} diff --git a/roles/proftpd/tasks/main.json b/roles/proftpd/tasks/main.json index 53374a6..6662604 100644 --- a/roles/proftpd/tasks/main.json +++ b/roles/proftpd/tasks/main.json @@ -10,29 +10,29 @@ } }, { - "name": "Check wether enabling UFW would be considered a changed", + "name": "check whether enabling UFW would be considered a change", "check_mode": true, "community.general.ufw": { - "state": "enabled", - "register": "ufw_enable_check" - } + "state": "enabled" + }, + "register": "ufw_enable_check" }, { - "name": "Allow FTP port 20 in ufw", + "name": "allow FTP port 20 in ufw", + "when": "not ufw_enable_check.changed", "community.general.ufw": { "rule": "allow", "port": "20", "proto": "tcp" - }, - "when": "not ufw_enable_check.changed" + } }, { - "name": "Allow FTP port 21 in ufw", + "name": "allow FTP port 21 in ufw", + "when": "not ufw_enable_check.changed", "community.general.ufw": { "rule": "allow", "port": "21", "proto": "tcp" - }, - "when": "not ufw_enable_check.changed" + } } ] diff --git a/roles/synapse/tasks/main.json b/roles/synapse/tasks/main.json index ef5c79c..06fd96f 100644 --- a/roles/synapse/tasks/main.json +++ b/roles/synapse/tasks/main.json @@ -59,21 +59,21 @@ } }, { - "name": "Check wether enabling UFW would be considered a changed", + "name": "check whether enabling UFW would be considered a change", "check_mode": true, "community.general.ufw": { - "state": "enabled", - "register": "ufw_enable_check" - } + "state": "enabled" + }, + "register": "ufw_enable_check" }, { - "name": "Allow matrix federation port in ufw", + "name": "allow matrix federation port in ufw", + "when": "not ufw_enable_check.changed", "community.general.ufw": { "rule": "allow", "port": "8448", "proto": "tcp" - }, - "when": "not ufw_enable_check.changed" + } }, { "name": "restart service",