slfhst/ansible
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

: remove the mandatory gather_subsets of all VMs
All checks were successful
ansible-lint / lint-everything (push) Successful in 1m40s
Details

Browse Source
This commit is contained in:
VC
2025-03-31 13:30:13 +02:00
parent b81d9f0b35
commit a94e9fcc9e
2 changed files with 31 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
playbooks/firewall.yml
View File

@@ -1,7 +1,7 @@
---
- name: Retrieve network info
hosts: all:!disabled_server_conf:!machinbox
- name: Retrieve network info for physical machines
hosts: physicalservers
gather_facts: true
gather_subset:
- network

58
roles/firewall/templates/firewall.j2
View File

@@ -120,7 +120,7 @@ config rule
config rule
option name 'Allow-DMZ-Syslog'
option dest 'dmz'
option dest_ip '{{ hostvars['syslog']['ansible_default_ipv4']['address'] }}'
option dest_ip '{{ hostvars['syslog'].proxmox_net0.ip | ansible.utils.ipaddr('address') }}'
option dest_port '514'
list proto 'udp'
option target 'ACCEPT'
@@ -173,7 +173,7 @@ config redirect
list proto 'tcp'
list proto 'udp'
option dest 'dmz'
option dest_ip '{{ hostvars['haproxy']['ansible_default_ipv4']['address'] }}'
option dest_ip '{{ hostvars['haproxy'].proxmox_net0.ip | ansible.utils.ipaddr('address') }}'
option dest_port '80'
option target 'DNAT'
@@ -184,7 +184,7 @@ config redirect
list proto 'tcp'
list proto 'udp'
option dest 'dmz'
option dest_ip '{{ hostvars['haproxy']['ansible_default_ipv4']['address'] }}'
option dest_ip '{{ hostvars['haproxy'].proxmox_net0.ip | ansible.utils.ipaddr('address') }}'
option dest_port '443'
option target 'DNAT'
@@ -196,7 +196,7 @@ config rule
list proto 'tcp'
list proto 'udp'
option dest 'dmz'
option dest_ip '{{ hostvars[host]['ansible_default_ipv6']['address'] }}'
option dest_ip '{{ hostvars[host].ansible_default_ipv6.address | default(hostvars[host].proxmox_net0.ip6 | ansible.utils.ipaddr('address')) }}'
option dest_port '80 443'
option target 'ACCEPT'
option family 'ipv6'
@@ -207,7 +207,7 @@ config rule
config rule
option name 'Allow-OUTPUT-BT'
option src 'dmz'
option src_ip '{{ hostvars['bt']['ansible_default_ipv4']['address'] }}'
option src_ip '{{ hostvars['bt'].proxmox_net0.ip | ansible.utils.ipaddr('address') }}'
list proto 'tcp'
list proto 'udp'
option dest 'wan'
@@ -217,7 +217,7 @@ config rule
config rule
option name 'Allow-OUTPUT-BT'
option src 'dmz'
option src_ip '{{ hostvars['bt']['ansible_default_ipv6']['address'] }}'
option src_ip '{{ hostvars['bt'].proxmox_net0.ip6 | ansible.utils.ipaddr('address') }}'
list proto 'tcp'
list proto 'udp'
option dest 'wan'
@@ -230,7 +230,7 @@ config rule
list proto 'tcp'
list proto 'udp'
option dest 'dmz'
option dest_ip '{{ hostvars['bt']['ansible_default_ipv6']['address'] }}'
option dest_ip '{{ hostvars['bt'].proxmox_net0.ip6 | ansible.utils.ipaddr('address') }}'
option dest_port '10010'
option target 'ACCEPT'
option family 'ipv6'
@@ -242,7 +242,7 @@ config redirect
list proto 'tcp'
list proto 'udp'
option dest 'dmz'
option dest_ip '{{ hostvars['bt']['ansible_default_ipv4']['address'] }}'
option dest_ip '{{ hostvars['bt'].proxmox_net0.ip | ansible.utils.ipaddr('address') }}'
option dest_port '10010'
option target 'DNAT'
@@ -253,7 +253,7 @@ config rule
option src 'wan'
list proto 'tcp'
option dest 'dmz'
option dest_ip '{{ hostvars[host]['ansible_default_ipv6']['address'] }}'
option dest_ip '{{ hostvars[host].ansible_default_ipv6.address }}'
option dest_port '80 8006'
option target 'ACCEPT'
option family 'ipv6'
@@ -267,7 +267,7 @@ config redirect
option src_dport '8006'
list proto 'tcp'
option dest 'dmz'
option dest_ip '{{ first_hypervisor['ansible_default_ipv4']['address'] }}'
option dest_ip '{{ first_hypervisor.ansible_default_ipv4.address }}'
option dest_port '8006'
option target 'DNAT'
@@ -275,7 +275,7 @@ config redirect
config rule
option name 'Allow-OUTPUT-XMPP-s2s'
option src 'dmz'
option src_ip '{{ hostvars['jabber']['ansible_default_ipv4']['address']}}'
option src_ip '{{ hostvars['jabber'].proxmox_net0.ip | ansible.utils.ipaddr('address')}}'
list proto 'tcp'
list proto 'udp'
option dest 'wan'
@@ -286,7 +286,7 @@ config rule
config rule
option name 'Allow-OUTPUT-XMPP-s2s'
option src 'dmz'
option src_ip '{{ hostvars['jabber']['ansible_default_ipv6']['address'] }}'
option src_ip '{{ hostvars['jabber'].proxmox_net0.ip6 | ansible.utils.ipaddr('address') }}'
list proto 'tcp'
list proto 'udp'
option dest 'wan'
@@ -301,7 +301,7 @@ config redirect
list proto 'tcp'
list proto 'udp'
option dest 'dmz'
option dest_ip '{{ hostvars['jabber']['ansible_default_ipv4']['address'] }}'
option dest_ip '{{ hostvars['jabber'].proxmox_net0.ip | ansible.utils.ipaddr('address') }}'
option dest_port '5222'
option target 'DNAT'
@@ -312,7 +312,7 @@ config redirect
list proto 'tcp'
list proto 'udp'
option dest 'dmz'
option dest_ip '{{ hostvars['jabber']['ansible_default_ipv4']['address'] }}'
option dest_ip '{{ hostvars['jabber'].proxmox_net0.ip | ansible.utils.ipaddr('address') }}'
option dest_port '5269'
option target 'DNAT'
@@ -322,7 +322,7 @@ config rule
list proto 'tcp'
list proto 'udp'
option dest 'dmz'
option dest_ip '{{ hostvars['jabber']['ansible_default_ipv6']['address'] }}'
option dest_ip '{{ hostvars['jabber'].proxmox_net0.ip6 | ansible.utils.ipaddr('address') }}'
option dest_port '5222 5269'
option target 'ACCEPT'
option family 'ipv6'
@@ -334,7 +334,7 @@ config rule
list proto 'tcp'
list proto 'udp'
option dest 'dmz'
option dest_ip '{{ hostvars['voice1']['ansible_default_ipv6']['address'] }}'
option dest_ip '{{ hostvars['voice1'].proxmox_net0.ip6 | ansible.utils.ipaddr('address') }}'
option dest_port '64738'
option target 'ACCEPT'
option family 'ipv6'
@@ -346,7 +346,7 @@ config redirect
list proto 'tcp'
list proto 'udp'
option dest 'dmz'
option dest_ip '{{ hostvars['voice1']['ansible_default_ipv4']['address'] }}'
option dest_ip '{{ hostvars['voice1'].proxmox_net0.ip | ansible.utils.ipaddr('address') }}'
option dest_port '64738'
option target 'DNAT'
@@ -354,7 +354,7 @@ config redirect
config rule
option name 'Allow-OUTPUT-SMTP'
option src 'dmz'
option src_ip '{{ hostvars['mail']['ansible_default_ipv4']['address'] }}'
option src_ip '{{ hostvars['mail'].proxmox_net0.ip | ansible.utils.ipaddr('address') }}'
list proto 'tcp'
option dest 'wan'
option dest_port '25'
@@ -366,7 +366,7 @@ config rule
option src 'wan'
list proto 'tcp'
option dest 'dmz'
option dest_ip '{{ hostvars['mail']['ansible_default_ipv6']['address'] }}'
option dest_ip '{{ hostvars['mail'].proxmox_net0.ip6 | ansible.utils.ipaddr('address') }}'
option dest_port '25 465 587'
option target 'ACCEPT'
option family 'ipv6'
@@ -376,7 +376,7 @@ config rule
option src 'wan'
list proto 'tcp'
option dest 'dmz'
option dest_ip '{{ hostvars['mail']['ansible_default_ipv6']['address'] }}'
option dest_ip '{{ hostvars['mail'].proxmox_net0.ip6 | ansible.utils.ipaddr('address') }}'
option dest_port '143 993'
option target 'ACCEPT'
option family 'ipv6'
@@ -387,7 +387,7 @@ config redirect
option src_dport '25'
list proto 'tcp'
option dest 'dmz'
option dest_ip '{{ hostvars['mail']['ansible_default_ipv4']['address'] }}'
option dest_ip '{{ hostvars['mail'].proxmox_net0.ip | ansible.utils.ipaddr('address') }}'
option dest_port '25'
option target 'DNAT'
@@ -397,7 +397,7 @@ config redirect
option src_dport '465'
list proto 'tcp'
option dest 'dmz'
option dest_ip '{{ hostvars['mail']['ansible_default_ipv4']['address'] }}'
option dest_ip '{{ hostvars['mail'].proxmox_net0.ip | ansible.utils.ipaddr('address') }}'
option dest_port '465'
option target 'DNAT'
@@ -407,7 +407,7 @@ config redirect
option src_dport '587'
list proto 'tcp'
option dest 'dmz'
option dest_ip '{{ hostvars['mail']['ansible_default_ipv4']['address'] }}'
option dest_ip '{{ hostvars['mail'].proxmox_net0.ip | ansible.utils.ipaddr('address') }}'
option dest_port '587'
option target 'DNAT'
@@ -417,7 +417,7 @@ config redirect
option src_dport '143'
list proto 'tcp'
option dest 'dmz'
option dest_ip '{{ hostvars['mail']['ansible_default_ipv4']['address'] }}'
option dest_ip '{{ hostvars['mail'].proxmox_net0.ip | ansible.utils.ipaddr('address') }}'
option dest_port '143'
option target 'DNAT'
@@ -427,7 +427,7 @@ config redirect
option src_dport '993'
list proto 'tcp'
option dest 'lan'
option dest_ip '{{ hostvars['mail']['ansible_default_ipv4']['address'] }}'
option dest_ip '{{ hostvars['mail'].proxmox_net0.ip | ansible.utils.ipaddr('address') }}'
option dest_port '993'
option target 'DNAT'
@@ -435,7 +435,7 @@ config redirect
config rule
option name 'Allow-INPUT-Munin'
option src 'dmz'
option src_ip '{{ hostvars['munin']['ansible_default_ipv4']['address'] }}'
option src_ip '{{ hostvars['munin'].proxmox_net0.ip | ansible.utils.ipaddr('address') }}'
list proto 'tcp'
option dest_port '4949'
option target 'ACCEPT'
@@ -444,7 +444,7 @@ config rule
config rule
option name 'Allow-FORWARD-Munin-Mikrotik-Garregmach'
option src 'dmz'
option src_ip '{{ hostvars['munin']['ansible_default_ipv4']['address'] }}'
option src_ip '{{ hostvars['munin'].proxmox_net0.ip | ansible.utils.ipaddr('address') }}'
list proto 'tcp'
list proto 'udp'
option dest 'lan'
@@ -456,7 +456,7 @@ config rule
config rule
option name 'Allow-FORWARD-Munin-Mikrotik-Derdriu'
option src 'dmz'
option src_ip '{{ hostvars['munin']['ansible_default_ipv4']['address'] }}'
option src_ip '{{ hostvars['munin'].proxmox_net0.ip | ansible.utils.ipaddr('address') }}'
list proto 'tcp'
list proto 'udp'
option dest 'lan'
@@ -530,7 +530,7 @@ config rule
option src 'iot'
list proto 'tcp'
option dest 'dmz'
option dest_ip '{{ hostvars['ftp']['ansible_default_ipv4']['address'] }}'
option dest_ip '{{ hostvars['ftp'].proxmox_net0.ip | ansible.utils.ipaddr('address') }}'
option dest_port '21 10100-10110'
option target 'ACCEPT'