Prox server playbooks reconfiguration

2024-03-18 10:50:19 +00:00 · 2024-03-18 10:50:19 +00:00 · 7a4818592f
parent 04ef639f55
commit 7a4818592f
4 changed files with 9 additions and 77 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,8 +1,6 @@
 **/*.enc
 newkey_out
 hosts
-prox-server-firewall-setup.yml
-prox-server-setup.yml
 prox-deploy-service.yml

 !**/ansible_resources/*
--- a/ansible_resources/prox-server-firewall-setup.yml
+++ b/ansible_resources/prox-server-firewall-setup.yml
@ -1,8 +1,6 @@
-# {{ ansible_managed }}
-
 - hosts: 
-  - {{ proxy_server_hostname }}
-  - {{ proxy_server_hostname }}-defaultport
+  - "{{ proxy_server_hostname }}"
+  - "{{ proxy_server_hostname }}-defaultport"
  become: 'yes'
  ignore_errors: true
  tasks:
@ -68,68 +66,14 @@

    - name: Block known attacker IP's
      ansible.builtin.iptables:
-        chain: "{{ '{{' }} item.chain {{ '}}' }}"
-        source: "{{ '{{' }} item.source {{ '}}' }}"
+        chain: "{{ item.chain }}"
+        source: "{{ item.source }}"
        jump: DROP
      loop:
        - { chain: INPUT, source: 46.148.40.0/24 } # IP targetting mailserver
        - { chain: OUTPUT, source: 46.148.40.0/24 }
        - { chain: FORWARD, source: 46.148.40.0/24 }

-          #    # These rules currently kind of obsolete
-          #    # NGinx Service
-          #    - name: Allow inbound HTTPS web traffic 
-          #      ansible.builtin.iptables:
-          #        chain: INPUT
-          #        protocol: tcp
-          #        destination_port: 443 
-          #        jump: ACCEPT
-          #    - name: Allow outbound HTTPS web traffic
-          #      ansible.builtin.iptables:
-          #        chain: OUTPUT
-          #        protocol: tcp
-          #        destination_port: 443 
-          #        jump: ACCEPT
-          #    - name: Allow inbound HTTP web traffic 
-          #      ansible.builtin.iptables:
-          #        chain: INPUT
-          #        protocol: tcp
-          #        destination_port: 80 
-          #        jump: ACCEPT
-          #    - name: Allow outbound HTTP web traffic
-          #      ansible.builtin.iptables:
-          #        chain: OUTPUT
-          #        protocol: tcp
-          #        destination_port: 80
-          #
-          #    # Invidious Service
-          #    - name: Allow inbound network traffic to the Invidious service only on service port 3000
-          #      ansible.builtin.iptables:
-          #        chain: INPUT
-          #        protocol: tcp
-          #        destination_port: 3000
-          #        jump: ACCEPT
-          #    - name: Allow outbound network traffic to the Invidious service only on service port 3000
-          #      ansible.builtin.iptables:
-          #        chain: OUTPUT
-          #        protocol: tcp
-          #        destination_port: 3000
-          #        jump: ACCEPT
-          #
-          #    # Minecraft Service
-          #    - name: Allow inbound local network traffic to the Invidious service only on service port 25565
-          #      ansible.builtin.iptables:
-          #        chain: INPUT
-          #        protocol: tcp
-          #        destination_port: 25565 
-          #        jump: ACCEPT
-          #    - name: Allow outbound local network traffic to the Invidious service only on service port 25565
-          #      ansible.builtin.iptables:
-          #        chain: OUTPUT
-          #        protocol: tcp
-          #        destination_port: 25565
-          #        jump: ACCEPT
-
    - name: Reset doas configuration back to default
      become: yes
      template:
--- a/prox-server-ansible-playbooks-generate.yml
+++ b/prox-server-ansible-playbooks-generate.yml
@ -5,14 +5,6 @@
        src: "ansible_resources/hosts"
        dest: "hosts"
        mode: '0777'
-    - name: Generate proxy server playbooks
-      template:
-        src: "ansible_resources/{{ item }}"
-        dest: "{{ item }}"
-        mode: '0777'
-      loop:
-        - prox-server-setup.yml
-        - prox-server-firewall-setup.yml
    - name: Debug Finish message
      debug:
        msg: Ansible playbook has finished!
--- a/ansible_resources/prox-server-setup.yml
+++ b/ansible_resources/prox-server-setup.yml
@ -1,8 +1,6 @@
-# {{ ansible_managed }}
-
 - hosts: 
-    - {{ proxy_server_hostname }} 
-      #    - {{ proxy_server_hostname }}-defaultport
+    - "{{ proxy_server_hostname }}"
+      #    - "{{ proxy_server_hostname }}"-defaultport
  become: 'yes'
  ignore_errors: true
  vars:
@ -59,7 +57,7 @@
        replace: '\1 contrib'
    - name: Ensure list of packages is installed
      apt:
-        name: '{{ "{{" }} packages {{ "}}" }}'
+        name: '{{ packages }}'
        state: present
    # SSH Server Setup
    - name: Enable SSH
@ -103,8 +101,8 @@
        dest: "/etc/nginx/sites-available/git.{{ domain_name }}"
    - name: Enable the reverse proxy git domain config
      ansible.builtin.file:
-        src: /etc/nginx/sites-available/git.{{ domain_name }}
-        dest: /etc/nginx/sites-enabled/git.{{ domain_name }}
+        src: "/etc/nginx/sites-available/git.{{ domain_name }}"
+        dest: "/etc/nginx/sites-enabled/git.{{ domain_name }}"
        state: link

          # TODO : Overhaul all of this to use loops instead