From 873070eb0cd541cb8de8faf624365e7026f3deea Mon Sep 17 00:00:00 2001
From: Adar Nimrod <nimrod@shore.co.il>
Date: Fri, 10 Jun 2016 21:28:33 +0300
Subject: [PATCH] - Seperated UFW handling to independent role. - Removed
add_repo, wasn't used. - Removed ssh_ca, wasn't implemented yet and will
implement in a seperate role.
---
README.rst | 4 ----
defaults/main.yml | 1 -
tasks/add_repo.yml | 22 ----------------------
tasks/main.yml | 9 ---------
tasks/ssh_ca.yml | 5 -----
tasks/ufw.yml | 23 -----------------------
6 files changed, 64 deletions(-)
delete mode 100644 tasks/add_repo.yml
delete mode 100644 tasks/ssh_ca.yml
delete mode 100644 tasks/ufw.yml
diff --git a/README.rst b/README.rst
index 98d712d..568dda6 100644
--- a/README.rst
+++ b/README.rst
@@ -18,9 +18,6 @@ Role Variables
::
extra_tls_certs: [] # List of filenames of TLS certs to be added.
- ufw: True # To enable UFW.
- ufw_policy: deny # Default UFW policy.
- extra_repos: [] # List of Debian repos to add.
backports: False # To enable Debian backports repos.
ssh_ca: # TBD.
syslog_server: # The address of syslog server to forward.
@@ -51,7 +48,6 @@ Example Playbook
roles:
- role: common
extra_tls_certs: ['vagrant.crt', 'example.com.crt']
- ufw_policy: deny
tls_key: 'servers.key'
tls_cert: 'server.crt'
diff --git a/defaults/main.yml b/defaults/main.yml
index 05fc4de..4c0528b 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,5 +1,4 @@
---
# defaults file for ansible-common
-ufw_policy: reject
extra_tls_certs: []
diff --git a/tasks/add_repo.yml b/tasks/add_repo.yml
deleted file mode 100644
index 1cfc760..0000000
--- a/tasks/add_repo.yml
+++ /dev/null
@@ -1,22 +0,0 @@
----
-
-- name: Assert
- assert:
- that:
- - "ansible_pkg_mgr == 'apt'"
- - "extra_repos is defined"
-
-- name: Add additional apt repository keys
- with_items: extra_repos
- when: item.key_url is defined or item.key_data is defined
- apt_key:
- url: '{{ item.key_url|default(omit) }}'
- data: '{{ item.key_data|default(omit) }}'
- state: present
-
-- name: Add additional apt repository
- with_items: extra_repos
- apt_repository:
- repo: '{{ item.repo }}'
- state: present
- update_cache: yes
diff --git a/tasks/main.yml b/tasks/main.yml
index aa77d89..95c20ef 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -8,21 +8,12 @@
- include: backports.yml
when: backports|default(False) and ansible_os_family == 'Debian' and not common_role_finished is defined
-- include: add_repo.yml
- when: ansible_distribution == 'Debian' and extra_repos is defined and not common_role_finished is defined
-
-- include: ufw.yml
- when: ufw|default(True) and ansible_os_family == 'Debian' and not common_role_finished is defined
-
- include: tls_cert.yml
when: tls_cert|default(True) and not common_role_finished is defined
- include: add_tls_cert.yml
when: not common_role_finished is defined
-- include: ssh_ca.yml
- when: ssh_ca|default(True) and not common_role_finished is defined
-
- include: syslog_forward.yml
when: syslog_server is defined and not common_role_finished is defined
diff --git a/tasks/ssh_ca.yml b/tasks/ssh_ca.yml
deleted file mode 100644
index e03b087..0000000
--- a/tasks/ssh_ca.yml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-
-- name: Assert
- assert:
- that: ansible_os_family in [ 'Debian', 'OpenBSD' ]
diff --git a/tasks/ufw.yml b/tasks/ufw.yml
deleted file mode 100644
index 234bd2f..0000000
--- a/tasks/ufw.yml
+++ /dev/null
@@ -1,23 +0,0 @@
----
-
-- name: Assert
- assert:
- that: ansible_pkg_mgr == 'apt'
-
-- name: apt install ufw
- apt:
- name: ufw
- state: present
- update_cache: yes
- cache_valid_time: 3600
-
-- name: Rate limit SSH
- ufw:
- rule: limit
- port: ssh
- proto: tcp
-
-- name: Enable UFW
- ufw:
- policy: '{{ ufw_policy }}'
- state: enabled
--
GitLab