update..

2022-08-17 16:08:58 +02:00 · 2022-08-17 16:08:58 +02:00 · 68e7e0e174
commit 68e7e0e174
parent 1d6c38b418
2 changed files with 71 additions and 0 deletions
--- a/host_vars/zapata.opp.netz.yml
+++ b/host_vars/zapata.opp.netz.yml
@ -303,6 +303,11 @@ samba_user:
      - beratung
    password: 'Jul14n_2018'

+  - name: junia
+    groups:
+      - buero
+    password: 'jun1a#adb22'
+
  - name: kyra
    groups:
      - buero
--- a/roles/modify-ipt-server/tasks/main.yml
+++ b/roles/modify-ipt-server/tasks/main.yml
@ -76,6 +76,8 @@
    line: 'vpn_ifs="tun+"'
  when: 
      - interfaces_ipv4_exists.stat.exists
+  notify:
+    - Restart IPv4 Firewall

 - name: addjust line 'vpn_ifs' (IPv6)
  lineinfile:
@ -84,6 +86,8 @@
    line: 'vpn_ifs="tun+"'
  when: 
      - interfaces_ipv6_exists.stat.exists
+  notify:
+    - Restart IPv6 Firewall


 # ===
@ -115,6 +119,8 @@
  when:
    - interfaces_ipv4_exists.stat.exists
    - wg_ifs_interfaces_ipv4_present is changed
+  notify:
+    - Restart IPv4 Firewall


 - name: Check if String 'wg_ifs=..' is present in interfaces_ipv6.conf
@ -138,6 +144,62 @@
  when:
    - interfaces_ipv6_exists.stat.exists
    - wg_ifs_interfaces_ipv6_present is changed
+  notify:
+    - Restart IPv6 Firewall
+
+
+- name: Check if String 'nat_devices=..' is present in interfaces_ipv4.conf
+  shell: grep -q -E "^nat_devices=" /etc/ipt-firewall/interfaces_ipv4.conf
+  register: nat_devices_interfaces_ipv4_present
+  when: interfaces_ipv4_exists.stat.exists
+  failed_when: "nat_devices_interfaces_ipv4_present.rc > 1"
+  changed_when: "nat_devices_interfaces_ipv4_present.rc > 0"
+
+- name: Adjust file '/etc/ipt-firewall/interfaces_ipv4.conf' (nat_devices)
+  blockinfile:
+    path: /etc/ipt-firewall/interfaces_ipv4.conf
+    insertafter: '^#?\s*local_2_ip'
+    block: |
+
+      # - Devices given in list "nat_devices" will be natted
+      # -
+      # - Blank separated list
+      # -
+      nat_devices=""
+
+    marker: "# Marker set by modify-ipt-server.yml (nat_devices)"
+  when:
+    - interfaces_ipv4_exists.stat.exists
+    - nat_devices_interfaces_ipv4_present is changed
+  notify:
+    - Restart IPv4 Firewall
+
+
+- name: Check if String 'nat_devices=..' is present in interfaces_ipv6.conf
+  shell: grep -q -E "^nat_devices=" /etc/ipt-firewall/interfaces_ipv6.conf
+  register: nat_devices_interfaces_ipv6_present
+  when: interfaces_ipv6_exists.stat.exists
+  failed_when: "nat_devices_interfaces_ipv6_present.rc > 1"
+  changed_when: "nat_devices_interfaces_ipv6_present.rc > 0"
+
+- name: Adjust file '/etc/ipt-firewall/interfaces_ipv6.conf' (nat_devices)
+  blockinfile:
+    path: /etc/ipt-firewall/interfaces_ipv6.conf
+    insertafter: '^#?\s*local_2_ip'
+    block: |
+
+      # - Devices given in list "nat_devices" will be natted
+      # -
+      # - Blank separated list
+      # -
+      nat_devices=""
+
+    marker: "# Marker set by modify-ipt-server.yml (nat_devices)"
+  when:
+    - interfaces_ipv6_exists.stat.exists
+    - nat_devices_interfaces_ipv6_present is changed
+  notify:
+    - Restart IPv6 Firewall


 - name: Check if String 'wireguard_server_ips=..' is present
@ -172,6 +234,8 @@
  when:
    - main_ipv4_exists.stat.exists
    - wireguard_service_ipv4_present is changed
+  notify:
+    - Restart IPv4 Firewall


 - name: Check if String 'wireguard_server_ips=..' is present
@ -206,6 +270,8 @@
  when:
    - main_ipv6_exists.stat.exists
    - wireguard_service_ipv6_present is changed
+  notify:
+    - Restart IPv6 Firewall


 # ===