common/firewall: deploy

cdb902d1 · Pietro Albini · b98790c4 · cdb902d1 · cdb902d1 · cdb902d1
Commit cdb902d1 authored Mar 13, 2018 by Pietro Albini
5 changed files
--- a/roles/common/tasks/firewall.yml
+++ b/roles/common/tasks/firewall.yml
@@ -2,7 +2,7 @@

 - name: create the firewall config dir
  file:
-    path: /usr/local/share/firewall.d
+    path: /etc/firewall
    mode: 0700
    state: directory


--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -9,8 +9,8 @@
 - name: ssh
  include: ssh.yml

-#- name: firewall
-#  include: firewall.yml
+- name: firewall
+  include: firewall.yml

 #- name: backup
 #  include: backup.yml

--- a/roles/common/templates/firewall/firewall.sh
+++ b/roles/common/templates/firewall/firewall.sh
@@ -106,7 +106,7 @@ command -A input -j DROP
 echo "Applied basic configuration to the firewall"

 # Load other config files
-for file in /usr/local/share/firewall.d/*.sh; do
+for file in /etc/firewall/*.sh; do
    if [[ -x "${file}" ]]; then
        echo "Loading script ${file}"
        source "${file}"

--- a/roles/lxd-container/tasks/networking.yml
+++ b/roles/lxd-container/tasks/networking.yml
@@ -16,7 +16,7 @@
 - name: "Expose {{ name }} ports"
  template:
    src: firewall.sh.j2
-    dest: "/usr/local/share/firewall.d/lxd-container-{{ name }}.sh"
+    dest: "/etc/firewall/lxd-container-{{ name }}.sh"
    mode: 0700

  when: expose_ports

--- a/roles/nginx/tasks/setup.yml
+++ b/roles/nginx/tasks/setup.yml
@@ -35,7 +35,7 @@
 - name: Allow http through the firewall
  template:
    src: firewall.sh
-    dest: /usr/local/share/firewall.d/nginx.sh
+    dest: /etc/firewall/nginx.sh
    mode: 0700

  notify: