ansible/oopen-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update..

Browse Source
This commit is contained in:
Christoph 2022-08-17 16:08:58 +02:00
parent 1d6c38b418
commit 68e7e0e174
2 changed files with 71 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
host_vars/zapata.opp.netz.yml
View File

@ -303,6 +303,11 @@ samba_user:
- beratung - beratung
password: 'Jul14n_2018' password: 'Jul14n_2018'
- name: junia
groups:
- buero
password: 'jun1a#adb22'
- name: kyra - name: kyra
groups: groups:
- buero - buero

66
roles/modify-ipt-server/tasks/main.yml
View File

@ -76,6 +76,8 @@
line: 'vpn_ifs="tun+"' line: 'vpn_ifs="tun+"'
when: when:
- interfaces_ipv4_exists.stat.exists - interfaces_ipv4_exists.stat.exists
notify:
- Restart IPv4 Firewall
- name: addjust line 'vpn_ifs' (IPv6) - name: addjust line 'vpn_ifs' (IPv6)
lineinfile: lineinfile:
@ -84,6 +86,8 @@
line: 'vpn_ifs="tun+"' line: 'vpn_ifs="tun+"'
when: when:
- interfaces_ipv6_exists.stat.exists - interfaces_ipv6_exists.stat.exists
notify:
- Restart IPv6 Firewall
# === # ===
@ -115,6 +119,8 @@
when: when:
- interfaces_ipv4_exists.stat.exists - interfaces_ipv4_exists.stat.exists
- wg_ifs_interfaces_ipv4_present is changed - wg_ifs_interfaces_ipv4_present is changed
notify:
- Restart IPv4 Firewall
- name: Check if String 'wg_ifs=..' is present in interfaces_ipv6.conf - name: Check if String 'wg_ifs=..' is present in interfaces_ipv6.conf
@ -138,6 +144,62 @@
when: when:
- interfaces_ipv6_exists.stat.exists - interfaces_ipv6_exists.stat.exists
- wg_ifs_interfaces_ipv6_present is changed - wg_ifs_interfaces_ipv6_present is changed
notify:
- Restart IPv6 Firewall
- name: Check if String 'nat_devices=..' is present in interfaces_ipv4.conf
shell: grep -q -E "^nat_devices=" /etc/ipt-firewall/interfaces_ipv4.conf
register: nat_devices_interfaces_ipv4_present
when: interfaces_ipv4_exists.stat.exists
failed_when: "nat_devices_interfaces_ipv4_present.rc > 1"
changed_when: "nat_devices_interfaces_ipv4_present.rc > 0"
- name: Adjust file '/etc/ipt-firewall/interfaces_ipv4.conf' (nat_devices)
blockinfile:
path: /etc/ipt-firewall/interfaces_ipv4.conf
insertafter: '^#?\s*local_2_ip'
block: |
# - Devices given in list "nat_devices" will be natted
# -
# - Blank separated list
# -
nat_devices=""
marker: "# Marker set by modify-ipt-server.yml (nat_devices)"
when:
- interfaces_ipv4_exists.stat.exists
- nat_devices_interfaces_ipv4_present is changed
notify:
- Restart IPv4 Firewall
- name: Check if String 'nat_devices=..' is present in interfaces_ipv6.conf
shell: grep -q -E "^nat_devices=" /etc/ipt-firewall/interfaces_ipv6.conf
register: nat_devices_interfaces_ipv6_present
when: interfaces_ipv6_exists.stat.exists
failed_when: "nat_devices_interfaces_ipv6_present.rc > 1"
changed_when: "nat_devices_interfaces_ipv6_present.rc > 0"
- name: Adjust file '/etc/ipt-firewall/interfaces_ipv6.conf' (nat_devices)
blockinfile:
path: /etc/ipt-firewall/interfaces_ipv6.conf
insertafter: '^#?\s*local_2_ip'
block: |
# - Devices given in list "nat_devices" will be natted
# -
# - Blank separated list
# -
nat_devices=""
marker: "# Marker set by modify-ipt-server.yml (nat_devices)"
when:
- interfaces_ipv6_exists.stat.exists
- nat_devices_interfaces_ipv6_present is changed
notify:
- Restart IPv6 Firewall
- name: Check if String 'wireguard_server_ips=..' is present - name: Check if String 'wireguard_server_ips=..' is present
@ -172,6 +234,8 @@
when: when:
- main_ipv4_exists.stat.exists - main_ipv4_exists.stat.exists
- wireguard_service_ipv4_present is changed - wireguard_service_ipv4_present is changed
notify:
- Restart IPv4 Firewall
- name: Check if String 'wireguard_server_ips=..' is present - name: Check if String 'wireguard_server_ips=..' is present
@ -206,6 +270,8 @@
when: when:
- main_ipv6_exists.stat.exists - main_ipv6_exists.stat.exists
- wireguard_service_ipv6_present is changed - wireguard_service_ipv6_present is changed
notify:
- Restart IPv6 Firewall
# === # ===