thomas
/
sovereign
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

ufw tasks shall have the ufw tag 

resolves #453

Conflicts:
	roles/common/tasks/ufw.yml
Sebastian Kriems 9 years ago
parent
829c8491c7
commit
fe536873b7
6 changed files with 12 additions and 1 deletions
Unified View Show Diff Stats
  1. 7
    1
      roles/common/tasks/ufw.yml
  2. 1
    0
      roles/ircbouncer/tasks/znc.yml
  3. 1
    0
      roles/mailserver/tasks/dovecot.yml
  4. 1
    0
      roles/mailserver/tasks/postfix.yml
  5. 1
    0
      roles/vpn/tasks/openvpn.yml
  6. 1
    0
      roles/xmpp/tasks/prosody.yml

+ 7
- 1
roles/common/tasks/ufw.yml View File

6 
   apt: pkg=ufw state=present
 6 
   apt: pkg=ufw state=present
7 
   tags:
 7 
   tags:
8 
     - dependencies
 8 
     - dependencies
9 
+    - ufw
9
10
10 
 - name: Deny everything
 11 
 - name: Deny everything
11 
   ufw: policy=deny
 12 
   ufw: policy=deny
13 
+  tags: ufw
12
14
13 
 - name: Set firewall rule for DNS
 15 
 - name: Set firewall rule for DNS
14 
   ufw: rule=allow port=domain
 16 
   ufw: rule=allow port=domain
17 
+  tags: ufw
15
18
16 
 - name: Set firewall rule for mosh
 19 
 - name: Set firewall rule for mosh
17 
   ufw: rule=allow port=60000:61000 proto=udp
 20 
   ufw: rule=allow port=60000:61000 proto=udp
21 
+  tags: ufw
18
22
19 
 - name: Set firewall rules for web traffic and SSH
 23 
 - name: Set firewall rules for web traffic and SSH
20 
   ufw: rule=allow port={{ item }} proto=tcp
 24 
   ufw: rule=allow port={{ item }} proto=tcp
22 
     - http
 26 
     - http
23 
     - https
 27 
     - https
24 
     - ssh
 28 
     - ssh
29 
+  tags: ufw
25
30
26 
 - name: Enable UFW
 31 
 - name: Enable UFW
27 
   ufw: state=enabled
 32 
   ufw: state=enabled
33 
+  tags: ufw
28
34
29 
 - name: Check config of ufw
 35 
 - name: Check config of ufw
30 
   command: cat /etc/ufw/ufw.conf
 36 
   command: cat /etc/ufw/ufw.conf
31 
   register: ufw_config
 37 
   register: ufw_config
32 
   changed_when: False  # never report as "changed"
 38 
   changed_when: False  # never report as "changed"
33 
-
39 
+  tags: ufw

+ 1
- 0
roles/ircbouncer/tasks/znc.yml View File

30
30
31 
 - name: Set firewall rule for znc
 31 
 - name: Set firewall rule for znc
32 
   ufw: rule=allow port=6697 proto=tcp
 32 
   ufw: rule=allow port=6697 proto=tcp
33 
+  tags: ufw
33
34
34 
 - name: Ensure znc is a system service
 35 
 - name: Ensure znc is a system service
35 
   service: name=znc state=started enabled=true
 36 
   service: name=znc state=started enabled=true

+ 1
- 0
roles/mailserver/tasks/dovecot.yml View File

67 
   with_items:
 67 
   with_items:
68 
     - imaps
 68 
     - imaps
69 
     - pop3s
 69 
     - pop3s
70 
+  tags: ufw

+ 1
- 0
roles/mailserver/tasks/postfix.yml View File

68 
   with_items:
 68 
   with_items:
69 
     - smtp
 69 
     - smtp
70 
     - ssmtp
 70 
     - ssmtp
71 
+  tags: ufw

+ 1
- 0
roles/vpn/tasks/openvpn.yml View File

135
135
136 
 - name: Allow OpenVPN through ufw
 136 
 - name: Allow OpenVPN through ufw
137 
   ufw: rule=allow port={{ openvpn_port }} proto={{ openvpn_protocol }}
 137 
   ufw: rule=allow port={{ openvpn_port }} proto={{ openvpn_protocol }}
138 
+  tags: ufw
138
139
139 
 - name: Copy OpenVPN configuration file into place
 140 
 - name: Copy OpenVPN configuration file into place
140 
   template: src=etc_openvpn_server.conf.j2 dest=/etc/openvpn/server.conf
 141 
   template: src=etc_openvpn_server.conf.j2 dest=/etc/openvpn/server.conf

+ 1
- 0
roles/xmpp/tasks/prosody.yml View File

35 
   with_items:
 35 
   with_items:
36 
     - 5222  # xmpp c2s
 36 
     - 5222  # xmpp c2s
37 
     - 5269  # xmpp s2s
 37 
     - 5269  # xmpp s2s
38 
+  tags: ufw

Write Preview
Loading…
Cancel
Save