ansible/oopen-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update..

Browse Source
This commit is contained in:
Christoph
2024-09-29 16:04:27 +02:00
parent 98fbed31b7
commit 134eb18465
28 changed files with 2356 additions and 128 deletions
Download Patch File Download Diff File Expand all files Collapse all files

119
roles/modify-ipt-server/tasks/ipt-server.yml
View File

@ -99,126 +99,73 @@
# ===
# ---
# Wireguard Service
# LOG CGI script Traffic out
# ---
- name: Check if String 'wg_ifs=..' is present in interfaces_ipv4.conf
shell: grep -q -E "^wg_ifs=" /etc/ipt-firewall/interfaces_ipv4.conf
register: wg_ifs_interfaces_ipv4_present
when: interfaces_ipv4_exists.stat.exists
failed_when: "wg_ifs_interfaces_ipv4_present.rc > 1"
changed_when: "wg_ifs_interfaces_ipv4_present.rc > 0"
- name: Adjust file '/etc/ipt-firewall/interfaces_ipv4.conf' (wg_ifs)
blockinfile:
path: /etc/ipt-firewall/interfaces_ipv4.conf
insertafter: '^#?\s*vpn_ifs'
block: |
# - Wireguard Interfaces
# - (comma separated list 'wg+' is also possible)
wg_ifs="wg+"
marker: "# Marker set by modify-ipt-server.yml (wg_ifs)"
when:
- interfaces_ipv4_exists.stat.exists
- wg_ifs_interfaces_ipv4_present is changed
notify:
- Restart IPv4 Firewall
- name: Check if String 'wg_ifs=..' is present in interfaces_ipv6.conf
shell: grep -q -E "^wg_ifs=" /etc/ipt-firewall/interfaces_ipv6.conf
register: wg_ifs_interfaces_ipv6_present
when: interfaces_ipv6_exists.stat.exists
failed_when: "wg_ifs_interfaces_ipv6_present.rc > 1"
changed_when: "wg_ifs_interfaces_ipv6_present.rc > 0"
- name: Adjust file '/etc/ipt-firewall/interfaces_ipv6.conf' (wg_ifs)
blockinfile:
path: /etc/ipt-firewall/interfaces_ipv6.conf
insertafter: '^#?\s*vpn_ifs'
block: |
# - Wireguard Interfaces
# - (comma separated list 'wg+' is also possible)
wg_ifs="wg+"
marker: "# Marker set by modify-ipt-server.yml (wg_ifs)"
when:
- interfaces_ipv6_exists.stat.exists
- wg_ifs_interfaces_ipv6_present is changed
notify:
- Restart IPv6 Firewall
# ---
# Mattermost (MM) Service (add a block)
# ---
- name: Check if String 'mm_server_ips=..' is present
shell: grep -q -E "^mm_server_ips=" /etc/ipt-firewall/main_ipv4.conf
register: mattermost_service_ipv4_present
- name: Check if String 'log_cgi_traffic_out=..' is present
shell: grep -q -E "^log_cgi_traffic_out=" /etc/ipt-firewall/main_ipv4.conf
register: log_cgi_traffic_out_ipv4_present
when: main_ipv4_exists.stat.exists
failed_when: "mattermost_service_ipv4_present.rc > 1"
changed_when: "mattermost_service_ipv4_present.rc > 0"
failed_when: "log_cgi_traffic_out_ipv4_present.rc > 1"
changed_when: "log_cgi_traffic_out_ipv4_present.rc > 0"
- name: Adjust file '/etc/ipt-firewall/main_ipv4.conf' (mattermost_service)
- name: Adjust file '/etc/ipt-firewall/main_ipv4.conf' (log_cgi_traffic_out)
blockinfile:
path: /etc/ipt-firewall/main_ipv4.conf
insertafter: '^#?\s*http_ports'
block: |
# - Mattermost (MM) Service
# - LOG CGI script Traffic out
# -
mm_server_ips=""
forward_mm_server_ips=""
log_cgi_traffic_out=false
# - UDP Ports IN and OUT used by MM Servive
# - cgi_script_users
# -
mm_udp_ports_in="$stansard_mattermost_udp_ports_in"
mm_udp_ports_out="$stansard_mattermost_udp_ports_out"
marker: "# Marker set by modify-ipt-server.yml (mattermost_service)"
# - List of CGI script users (suexec user, php-fpm user. ...)
# -
# - Blank separated list
# -
cgi_script_users=""
marker: "# Marker set by modify-ipt-server.yml (log_cgi_traffic_out)"
when:
- main_ipv4_exists.stat.exists
- mattermost_service_ipv4_present is changed
- log_cgi_traffic_out_ipv4_present is changed
notify:
- Restart IPv4 Firewall
- name: Check if String 'mm_server_ips=..' is present
shell: grep -q -E "^mm_server_ips=" /etc/ipt-firewall/main_ipv6.conf
register: mattermost_service_ipv6_present
- name: Check if String 'log_cgi_traffic_out=..' is present
shell: grep -q -E "^log_cgi_traffic_out=" /etc/ipt-firewall/main_ipv6.conf
register: log_cgi_traffic_out_ipv6_present
when: main_ipv6_exists.stat.exists
failed_when: "mattermost_service_ipv6_present.rc > 1"
changed_when: "mattermost_service_ipv6_present.rc > 0"
failed_when: "log_cgi_traffic_out_ipv6_present.rc > 1"
changed_when: "log_cgi_traffic_out_ipv6_present.rc > 0"
- name: Adjust file '/etc/ipt-firewall/main_ipv6.conf' (mattermost_service)
- name: Adjust file '/etc/ipt-firewall/main_ipv6.conf' (log_cgi_traffic_out)
blockinfile:
path: /etc/ipt-firewall/main_ipv6.conf
insertafter: '^#?\s*http_ports'
block: |
# - Mattermost (MM) Service
# - LOG CGI script Traffic out
# -
mm_server_ips=""
forward_mm_server_ips=""
log_cgi_traffic_out=false
# - UDP Ports IN and OUT used by MM Servive
# - cgi_script_users
# -
mm_udp_ports_in="$stansard_mattermost_udp_ports_in"
mm_udp_ports_out="$stansard_mattermost_udp_ports_out"
marker: "# Marker set by modify-ipt-server.yml (mattermost_service)"
# - List of CGI script users (suexec user, php-fpm user. ...)
# -
# - Blank separated list
# -
cgi_script_users=""
marker: "# Marker set by modify-ipt-server.yml (log_cgi_traffic_out)"
when:
- main_ipv6_exists.stat.exists
- mattermost_service_ipv6_present is changed
- log_cgi_traffic_out_ipv6_present is changed
notify:
- Restart IPv6 Firewall
# ===
# Remove Marker set by blockinfile
# ===