Alan Orth
8851f8f631
This reverts commit 201165cff662caad9b51508272e7f8f2eece7b0c. Turns out this actually breaks initial deployments, because the cache gets updated in the first task, then you add sources for nginx and mariadb, but it doesn't update the indexes because the cache is < 3600 seconds old, so you end up getting the distro's versions of nginx and mariadb.
36 lines
1.1 KiB
YAML
36 lines
1.1 KiB
YAML
---
|
|
- name: Install iptables-persistent
|
|
when: ansible_distribution_version == '14.04'
|
|
apt: pkg=iptables-persistent update_cache=yes
|
|
tags: packages
|
|
|
|
- name: Copy /etc/iptables/rules.v4
|
|
when: ansible_distribution_version == '14.04'
|
|
template: src=iptables.j2 dest=/etc/iptables/rules.v4 owner=root mode=0600
|
|
notify:
|
|
- restart iptables-persistent
|
|
|
|
- name: Copy /etc/iptables/rules.v6
|
|
when: ansible_distribution_version == '14.04'
|
|
template: src=ip6tables.j2 dest=/etc/iptables/rules.v6 owner=root group=root mode=0600
|
|
notify:
|
|
- restart iptables-persistent
|
|
|
|
- name: Install firewalld and deps
|
|
when: ansible_distribution_version >= '15.04'
|
|
apt: pkg={{ item }} state=latest
|
|
with_items:
|
|
- firewalld
|
|
- tidy
|
|
tags: packages
|
|
|
|
- name: Copy firewalld public zone file
|
|
when: ansible_distribution_version >= '15.04'
|
|
template: src=public.xml.j2 dest=/etc/firewalld/zones/public.xml owner=root mode=0600
|
|
|
|
- name: Format public.xml firewalld zone file
|
|
when: ansible_distribution_version >= '15.04'
|
|
shell: tidy -xml -iq -m -w 0 /etc/firewalld/zones/public.xml
|
|
notify:
|
|
- restart firewalld
|