Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WIP - Should also modify the before.rules config #39

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

WIP - Should also modify the before.rules config #39

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
3451fa2
Should also modify the `before.rules` config
tersmitten Jun 30, 2020
d2a69ba
Fix tasks logic and add some test(s)
tersmitten Jul 1, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 20 additions & 0 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
FROM ubuntu:16.04
MAINTAINER Mischa ter Smitten <[email protected]>

# python
RUN apt-get update && \
DEBIAN_FRONTEND=noninteractive apt-get install -y python-minimal python-dev curl && \
apt-get clean
RUN curl -sL https://bootstrap.pypa.io/get-pip.py | python -
RUN rm -rf $HOME/.cache

# ansible
RUN DEBIAN_FRONTEND=noninteractive apt-get install -y gcc libffi-dev libssl-dev net-tools iproute2 ethtool && \
apt-get clean
RUN pip install ansible==2.6.2
RUN rm -rf $HOME/.cache

# provision
COPY . /etc/ansible/roles/ansible-role
WORKDIR /etc/ansible/roles/ansible-role
RUN ansible-playbook -i tests/inventory tests/test.yml --connection=local
7 changes: 7 additions & 0 deletions Vagrantfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,13 @@ boxes = [
:cpu => "50",
:ram => "256"
},
{
:name => "debian-10",
:box => "bento/debian-10",
:ip => '10.0.0.18',
:cpu => "50",
:ram => "256"
},
]

Vagrant.configure("2") do |config|
Expand Down
12 changes: 12 additions & 0 deletions defaults/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,3 +23,15 @@ ufw_etc_default_ipt_modules:
- nf_conntrack_ftp
- nf_nat_ftp
- nf_conntrack_netbios_ns

ufw_etc_ufw_after_manage: false
ufw_etc_ufw_after6_rules: []
ufw_etc_ufw_after_rules: []

ufw_etc_ufw_before_manage: false
ufw_etc_ufw_before6_rules: []
ufw_etc_ufw_before_rules: []

ufw_etc_ufw_user_manage: false
ufw_etc_ufw_user6_rules: []
ufw_etc_ufw_user_rules: []
1 change: 1 addition & 0 deletions meta/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ galaxy_info:
- wheezy
- jessie
- stretch
- buster
galaxy_tags:
- system
- networking
Expand Down
79 changes: 70 additions & 9 deletions tasks/configure.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
---
- name: configure | create (local facts) directory
file:
path: /etc/ansible/facts.d/
path: "{{ ufw_etc_ansible_facts_file | dirname }}/"
state: directory
owner: root
group: root
Expand All @@ -18,22 +18,26 @@
group: root
mode: 0644
with_items:
- src: etc/default/ufw.j2
dest: /etc/default/ufw
- src: etc/ansible/facts.d/ufw.fact.j2
dest: /etc/ansible/facts.d/ufw.fact
register: configuration
- src: "{{ ufw_etc_default_file.lstrip('/') }}.j2"
dest: "{{ ufw_etc_default_file }}"
- src: "{{ ufw_etc_ansible_facts_file.lstrip('/') }}.j2"
dest: "{{ ufw_etc_ansible_facts_file }}"
register: _configuration
tags:
- ufw-configure-facts

- name: configure | reset
ufw:
state: reset
when: configuration is changed
when: >
_configuration is changed
# or _after_rules is changed
# or _before_rules is changed
# or _user_rules is changed
tags:
- ufw-configure-reset

- name: configure | default (incoming) policy
- name: configure | default policy | incoming
ufw:
policy: "{{ ufw_default_incoming_policy }}"
direction: incoming
Expand All @@ -42,7 +46,7 @@
- ufw-configure-default-policy
- ufw-configure-default-policy-incoming

- name: configure | default (outgoing) policy
- name: configure | default policy | outgoing
ufw:
policy: "{{ ufw_default_outgoing_policy }}"
direction: outgoing
Expand Down Expand Up @@ -75,3 +79,60 @@
notify: reload ufw
tags:
- ufw-configure-logging

- name: configure | rules | update after file(s)
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: root
mode: 0640
with_items:
- src: "{{ ufw_etc_ufw_after6_rules_file.lstrip('/') }}.j2"
dest: "{{ ufw_etc_ufw_after6_rules_file }}"
- src: "{{ ufw_etc_ufw_after_rules_file.lstrip('/') }}.j2"
dest: "{{ ufw_etc_ufw_after_rules_file }}"
when: ufw_etc_ufw_after_manage | bool
register: _after_rules
notify: reload ufw
tags:
- ufw-configure-rules
- ufw-configure-rules-after

- name: configure | rules | update before file(s)
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: root
mode: 0640
with_items:
- src: "{{ ufw_etc_ufw_before6_rules_file.lstrip('/') }}.j2"
dest: "{{ ufw_etc_ufw_before6_rules_file }}"
- src: "{{ ufw_etc_ufw_before_rules_file.lstrip('/') }}.j2"
dest: "{{ ufw_etc_ufw_before_rules_file }}"
when: ufw_etc_ufw_before_manage | bool
register: _before_rules
notify: reload ufw
tags:
- ufw-configure-rules
- ufw-configure-rules-before

- name: configure | rules | update user file(s)
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
owner: root
group: root
mode: 0640
with_items:
- src: "{{ ufw_etc_ufw_user6_rules_file.lstrip('/') }}.j2"
dest: "{{ ufw_etc_ufw_user6_rules_file }}"
- src: "{{ ufw_etc_ufw_user_rules_file.lstrip('/') }}.j2"
dest: "{{ ufw_etc_ufw_user_rules_file }}"
when: ufw_etc_ufw_user_manage | bool
register: _user_rules
notify: reload ufw
tags:
- ufw-configure-rules
- ufw-configure-rules-user
5 changes: 5 additions & 0 deletions templates/etc/ufw/after.rules.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
# {{ ansible_managed }}

{% for line in ufw_etc_ufw_after_rules | default([]) %}
{{ line }}
{% endfor %}
5 changes: 5 additions & 0 deletions templates/etc/ufw/after6.rules.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
# {{ ansible_managed }}

{% for line in ufw_etc_ufw_after6_rules | default([]) %}
{{ line }}
{% endfor %}
5 changes: 5 additions & 0 deletions templates/etc/ufw/before.rules.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
# {{ ansible_managed }}

{% for line in ufw_etc_ufw_before_rules | default([]) %}
{{ line }}
{% endfor %}
5 changes: 5 additions & 0 deletions templates/etc/ufw/before6.rules.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
# {{ ansible_managed }}

{% for line in ufw_etc_ufw_before6_rules | default([]) %}
{{ line }}
{% endfor %}
5 changes: 5 additions & 0 deletions templates/etc/ufw/user.rules.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
# {{ ansible_managed }}

{% for line in ufw_etc_ufw_user_rules | default([]) %}
{{ line }}
{% endfor %}
5 changes: 5 additions & 0 deletions templates/etc/ufw/user6.rules.j2
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
# {{ ansible_managed }}

{% for line in ufw_etc_ufw_user6_rules | default([]) %}
{{ line }}
{% endfor %}
Loading