From df0afe3b71679b9d3fd09c9f9eb74d96a7bd53d9 Mon Sep 17 00:00:00 2001
From: "Andreas B. Mundt" <andi@debian.org>
Date: Tue, 25 Feb 2020 19:56:14 +0100
Subject: [PATCH] Add default NIC to public zone in firewalld.

---
 cloudbox.yml                   |  2 +-
 roles/nextcloud/tasks/main.yml | 15 +++++++++++++++
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/cloudbox.yml b/cloudbox.yml
index 16d8bfe..6e89cdd 100644
--- a/cloudbox.yml
+++ b/cloudbox.yml
@@ -15,7 +15,7 @@
     ## 'nc_download' and 'nc_checksum' are only
     ## used for ansible-pull during installation:
     nc_download: "https://download.nextcloud.com/server/releases/latest.tar.bz2"
-    nc_checksum: "sha256:194095a5586d84040bc455f77b8aa6c80f9a6a6dd713c9aebdad046713d4267b"
+    nc_checksum: "sha256:770faf34b8f0d81273623daed4d64ec7919c38dfeb07328b613058addbed19c0"
     nc_apps:
       - calendar
       - notes
diff --git a/roles/nextcloud/tasks/main.yml b/roles/nextcloud/tasks/main.yml
index f58e812..ea46e31 100644
--- a/roles/nextcloud/tasks/main.yml
+++ b/roles/nextcloud/tasks/main.yml
@@ -257,8 +257,23 @@
   failed_when:  cmd_result.stdout is not search('already installed') and cmd_result.rc != 0
   when: allow_download
 
+
+- name: add default NIC to public zone
+  firewalld:
+    interface: "{{ ansible_default_ipv4.interface }}"
+    zone: public
+    permanent: Yes
+    immediate: Yes
+    state: enabled
+  when: not run_in_installer|default(false)|bool
+
+- name: add default NIC to public zone, offline
+  command: "firewall-offline-cmd --add-interface={{ ansible_default_ipv4.interface }} --zone=public"
+  when: run_in_installer|default(false)|bool
+
 - name: allow https in firewalld
   firewalld:
+    zone: public
     service: https
     permanent: Yes
     immediate: Yes