Rename some roles to make ansible-lint happy.

2022-06-12 14:27:44 +02:00 · 2022-06-12 14:27:44 +02:00 · 1db0b6ec31
commit 1db0b6ec31
parent 4d791a65f1
75 changed files with 29 additions and 29 deletions
--- a/roles/shorewall2if/handlers/main.yml
+++ b/roles/shorewall2if/handlers/main.yml
@ -0,0 +1,7 @@
+- name: restart networking
+  systemd: name=networking state=restarted enabled=yes
+  listen: restart networking
+
+- name: restart shorewall
+  systemd: name=shorewall state=restarted enabled=yes
+  listen: restart shorewall
--- a/roles/shorewall2if/tasks/main.yml
+++ b/roles/shorewall2if/tasks/main.yml
@ -0,0 +1,74 @@
+- name: add if_lan with static address
+  template:
+    src: interfaces-static.j2
+    dest: /etc/network/interfaces.d/static
+    mode: 0644
+  notify: restart networking
+
+- name: install shorewall packages
+  apt: name=shorewall state=latest # noqa package-latest
+
+- name: copy shorewall configuration
+  command: cp {{ item }} /etc/shorewall/
+  args:
+    chdir: /usr/share/doc/shorewall/examples/two-interfaces/
+    creates: "/etc/shorewall/{{ item }}"
+  with_items:
+    - interfaces
+    - snat
+    - policy
+    - rules
+    - stoppedrules
+    - zones
+  notify: restart shorewall
+
+- name: find files in /etc/shorewall/
+  find:
+    paths: /etc/shorewall/
+    use_regex: true
+    pattern: '.+[^~]$'
+    contains: '.*(eth0|eth1).*'
+  register: find_result
+  notify: restart shorewall
+
+- name: fix WAN interface name in shorewall configuration
+  replace:
+    dest: "{{ item.path }}"
+    regexp: 'eth0'
+    replace: "{{ if_wan }}"
+    backup: true
+  with_items: "{{ find_result.files }}"
+  notify: restart shorewall
+
+- name: fix LAN interface name in shorewall configuration
+  replace:
+    dest: "{{ item.path }}"
+    regexp: 'eth1'
+    replace: "{{ if_lan }}"
+    backup: true
+  with_items: "{{ find_result.files }}"
+  notify: restart shorewall
+
+- name: configure forwarding in shorewall.conf
+  replace:
+    dest: /etc/shorewall/shorewall.conf
+    regexp: 'IP_FORWARDING=Keep'
+    replace: 'IP_FORWARDING=Yes'
+    backup: true
+  notify: restart shorewall
+
+- name: configure shorewall policy
+  replace:
+    dest: /etc/shorewall/policy
+    regexp: 'loc(\s+)net(\s+)ACCEPT'
+    replace: 'loc\1all\2ACCEPT\n$FW\1all\2ACCEPT'
+    backup: true
+  notify: restart shorewall
+
+- name: configure shorewall rules
+  replace:
+    dest: /etc/shorewall/rules
+    regexp: '(SSH\(ACCEPT\)\s+)loc(\s+\$FW)'
+    replace: '\1all\2'
+    backup: true
+  notify: restart shorewall
--- a/roles/shorewall2if/templates/interfaces-static.j2
+++ b/roles/shorewall2if/templates/interfaces-static.j2
@ -0,0 +1,4 @@
+auto {{ if_lan }}
+allow-hotplug {{ if_lan }}
+iface {{ if_lan }} inet static
+  address {{ ipaddr_lan }}