- Seperated UFW handling to independent role.

- Removed add_repo, wasn't used. - Removed ssh_ca, wasn't implemented yet and will implement in a seperate role.

- Seperated UFW handling to independent role.
873070eb · nimrod · 6e985123 · 873070eb · 873070eb · 6e985123
Commit 873070eb authored 9 years ago by nimrod
--- a/README.rst
+++ b/README.rst
@@ -18,9 +18,6 @@ Role Variables
 ::

    extra_tls_certs: [] # List of filenames of TLS certs to be added.
-    ufw: True # To enable UFW.
-    ufw_policy: deny # Default UFW policy.
-    extra_repos: [] # List of Debian repos to add.
    backports: False # To enable Debian backports repos.
    ssh_ca: # TBD.
    syslog_server: # The address of syslog server to forward.
@@ -51,7 +48,6 @@ Example Playbook
      roles:
      - role: common
        extra_tls_certs: ['vagrant.crt', 'example.com.crt']
-        ufw_policy: deny
        tls_key: 'servers.key'
        tls_cert: 'server.crt'


--- a/defaults/main.yml
+++ b/defaults/main.yml
 ---
 # defaults file for ansible-common

-ufw_policy: reject
 extra_tls_certs: []
--- a/tasks/add_repo.yml
+++ b/tasks/add_repo.yml
---
-
- name: Assert
-  assert:
-    that:
-    - "ansible_pkg_mgr == 'apt'"
-    - "extra_repos is defined"
-
- name: Add additional apt repository keys
-  with_items: extra_repos
-  when: item.key_url is defined or item.key_data is defined
-  apt_key:
-    url: '{{ item.key_url|default(omit) }}'
-    data: '{{ item.key_data|default(omit) }}'
-    state: present
-
- name: Add additional apt repository
-  with_items: extra_repos
-  apt_repository:
-    repo: '{{ item.repo }}'
-    state: present
-    update_cache: yes
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -8,21 +8,12 @@
 - include: backports.yml
  when: backports|default(False) and ansible_os_family == 'Debian' and not common_role_finished is defined

- include: add_repo.yml
-  when: ansible_distribution == 'Debian' and extra_repos is defined and not common_role_finished is defined
-
- include: ufw.yml
-  when: ufw|default(True) and ansible_os_family == 'Debian' and not common_role_finished is defined
-
 - include: tls_cert.yml
  when: tls_cert|default(True) and not common_role_finished is defined

 - include: add_tls_cert.yml
  when: not common_role_finished is defined

- include: ssh_ca.yml
-  when: ssh_ca|default(True) and not common_role_finished is defined
-
 - include: syslog_forward.yml
  when: syslog_server is defined and not common_role_finished is defined


--- a/tasks/ssh_ca.yml
+++ b/tasks/ssh_ca.yml
---
-
- name: Assert
-  assert:
-    that: ansible_os_family in [ 'Debian', 'OpenBSD' ]
--- a/tasks/ufw.yml
+++ b/tasks/ufw.yml
---
-
- name: Assert
-  assert:
-    that: ansible_pkg_mgr == 'apt'
-
- name: apt install ufw
-  apt:
-    name: ufw
-    state: present
-    update_cache: yes
-    cache_valid_time: 3600
-
- name: Rate limit SSH
-  ufw:
-    rule: limit
-    port: ssh
-    proto: tcp
-
- name: Enable UFW
-  ufw:
-    policy: '{{ ufw_policy }}'
-    state: enabled