Compare commits
2 commits
cbd3f1a7ea
...
f9f899fb2e
| Author | SHA1 | Date | |
|---|---|---|---|
| f9f899fb2e | |||
| bf4fd2c82d |
3 changed files with 45 additions and 3 deletions
21
filter_plugins/util.py
Normal file
21
filter_plugins/util.py
Normal file
|
|
@ -0,0 +1,21 @@
|
||||||
|
#!/usr/bin/python
|
||||||
|
|
||||||
|
class FilterModule(object):
|
||||||
|
'''Helper filters to make Ansible less unpleasant'''
|
||||||
|
def filters(self):
|
||||||
|
return {
|
||||||
|
'defaultattr': self.defaultattr,
|
||||||
|
'list2dict': self.list2dict,
|
||||||
|
}
|
||||||
|
|
||||||
|
def defaultattr(self, objects, attr, val=None):
|
||||||
|
'''
|
||||||
|
Set a default value if the given attribute is not defined for an object.
|
||||||
|
'''
|
||||||
|
yield from (obj | { attr: obj.get(attr, val) } for obj in objects)
|
||||||
|
|
||||||
|
def list2dict(self, items, key):
|
||||||
|
'''
|
||||||
|
Like items2dict but keep entire dictionaries as values.
|
||||||
|
'''
|
||||||
|
return {item[key]: item for item in items}
|
||||||
|
|
@ -1,9 +1,21 @@
|
||||||
|
{# Loopback interface must be present so define it here if none exists. #}
|
||||||
|
{% if interfaces | rejectattr("name", "==", "lo") %}
|
||||||
auto lo
|
auto lo
|
||||||
iface lo inet loopback
|
iface lo inet loopback
|
||||||
|
|
||||||
{% for iface in interfaces | selectattr('enabled') %}
|
{% endif -%}
|
||||||
|
|
||||||
|
{# Skip disabled and OOB management interfaces. #}
|
||||||
|
{# For VMs we have to set the attribute manually (to false) so rejectattr works. #}
|
||||||
|
{% for iface in interfaces
|
||||||
|
| defaultattr('mgmt_only')
|
||||||
|
| rejectattr('mgmt_only')
|
||||||
|
| selectattr('enabled') %}
|
||||||
auto {{ iface.name }}
|
auto {{ iface.name }}
|
||||||
iface {{ iface.name }} inet static
|
iface {{ iface.name }} inet {% if iface.name == "lo" %}loopback{% else %}static{% endif +%}
|
||||||
|
{% if iface.mtu %}
|
||||||
|
mtu {{ iface.mtu }}
|
||||||
|
{% endif %}
|
||||||
{% for address in iface.ip_addresses %}
|
{% for address in iface.ip_addresses %}
|
||||||
address {{ address.address }}
|
address {{ address.address }}
|
||||||
{% if address.family.value == 4 %}
|
{% if address.family.value == 4 %}
|
||||||
|
|
@ -21,4 +33,6 @@ iface {{ iface.name }} inet static
|
||||||
pre-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/autoconf
|
pre-up echo 0 > /proc/sys/net/ipv6/conf/$IFACE/autoconf
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% endfor %}
|
{% endfor -%}
|
||||||
|
|
||||||
|
source-directory /etc/network/interfaces.d
|
||||||
|
|
|
||||||
|
|
@ -16,6 +16,13 @@
|
||||||
- certbot
|
- certbot
|
||||||
- nginx
|
- nginx
|
||||||
|
|
||||||
|
- name: Don’t enable old TLS versions
|
||||||
|
lineinfile:
|
||||||
|
path: /etc/nginx/nginx.conf
|
||||||
|
regex: '(\s+ssl_protocols\s.*)'
|
||||||
|
backrefs: yes
|
||||||
|
line: '#\1'
|
||||||
|
|
||||||
- name: Create HTTP server directories
|
- name: Create HTTP server directories
|
||||||
file:
|
file:
|
||||||
path: /srv/http/.well-known
|
path: /srv/http/.well-known
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue