Move ferm configuration to dependent variables

debops · Oct 8, 2014 · 3d345e9 · 3d345e9
1 parent 65062a3
commit 3d345e9
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 27 deletions.
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -7,8 +7,7 @@ samba_shares_path: '{{ samba_path }}/shares'
 
 # Allow access to Samba through firewall for specified networks
 # If samba_allow is undefined or False, allow access from all
-#samba_allow:
-#  - '192.168.0.0/16'
+samba_allow: []
 
 samba_workgroup: 'WORKGROUP'
 samba_netbios_name: '{{ ansible_hostname }}'

diff --git a/meta/main.yml b/meta/main.yml
@@ -2,6 +2,23 @@
 
 dependencies:
   - role: debops.ferm
+    ferm_input_list:
+
+      - type: 'dport_accept'
+        protocol: [ 'udp' ]
+        dport: [ 'netbios-ns', 'netbios-dgm' ]
+        saddr: '{{ samba_allow }}'
+        accept_any: True
+        filename: 'samba_dependency_accept_udp'
+        weight: '50'
+
+      - type: 'dport_accept'
+        protocol: [ 'tcp' ]
+        dport: [ 'netbios-ssn', 'microsoft-ds' ]
+        saddr: '{{ samba_allow }}'
+        accept_any: True
+        filename: 'samba_dependency_accept_tcp'
+        weight: '50'
 
 galaxy_info:
   author: 'Maciej Delmanowski'

diff --git a/tasks/main.yml b/tasks/main.yml
@@ -28,9 +28,3 @@
               state=present line='nf_conntrack_netbios_ns'
   when: samba_iptables is defined and samba_iptables
 
-- name: Configure firewall for Samba server
-  template: src=etc/ferm/filter-input.d/samba.conf.j2
-            dest=/etc/ferm/filter-input.d/samba.conf
-            owner=root group=root mode=0644
-  notify: Restart ferm
-
diff --git a/templates/etc/ferm/filter-input.d/samba.conf.j2 b/templates/etc/ferm/filter-input.d/samba.conf.j2