idempotenz hergestellt

playbook.yml

@@ -15,120 +15,7 @@
 
 
   tasks:
-    - name: Install ufw
-      apt: package=ufw state=present
 
-    - name: Configure ufw defaults
-      ufw: direction={{ item.direction }} policy={{ item.policy }}
-      with_items:
-        - { direction: 'incoming', policy: 'deny' }
-        - { direction: 'outgoing', policy: 'deny' }
-      environment:
-        PATH: /sbin:{{ ansible_env.PATH }}       
-
-    # disable ipv6
-    - lineinfile:
-        path: /etc/default/ufw
-        state: present
-        regexp: '^IPV6'
-        line: 'IPV6=no'
-
-    - name: Enable ufw logging
-      ufw: logging=off
-      environment:
-        PATH: /sbin:{{ ansible_env.PATH }} 
-    - name: Commenting a line.
-      replace:
-        path: /etc/ufw/before.rules
-        regexp: '(.*limit --limit*)'
-        replace: '#\1'
-      when: config_ufw
-    - name: Allow all access to tcp port 123
-      ufw:
-        rule: allow
-        port: '3142'
-        direction: '{{ item }}'
-      with_items:
-        - in
-        - out
-      when: config_ufw
-      environment:
-        PATH: /sbin:{{ ansible_env.PATH }}    
-
-    - name: Allow SSH-Access to some servers
-      ufw:
-        rule: allow
-        direction: '{{ item.direction }}'
-        dest: '{{ item.destination }}'
-        port: '22'
-      with_items:
-        - { direction: 'in',  destination: '10.0.0.1/32' }
-        - { direction: 'out', destination: '10.0.0.1/32' }
-        - { direction: 'in',  destination: '10.0.2.254/32' }
-        - { direction: 'out', destination: '10.0.2.243/32' }
-        - { direction: 'in',  destination: '10.16.109.252/32' }
-        - { direction: 'out', destination: '10.16.109.252/32' }
-        - { direction: 'in',  destination: '10.16.1.1/32' }
-        - { direction: 'out', destination: '10.16.1.1/32' }
-        - { direction: 'in',  destination: '162.55.5.40/32' }
-        - { direction: 'out', destination: '162.55.5.40/32' }
-      when: config_ufw
-      environment:
-        PATH: /sbin:{{ ansible_env.PATH }}
-    - name: Allow https-Access to some servers
-      ufw:
-        rule: allow
-        direction: '{{ item.direction }}'
-        dest: '{{ item.destination }}'
-        port: '443'
-      with_items:
-        - { direction: 'in',  destination: '10.0.0.1/32' }
-        - { direction: 'out', destination: '10.0.0.1/32' }
-        - { direction: 'in',  destination: '10.0.2.254/32' }
-        - { direction: 'out', destination: '10.0.2.243/32' }
-        - { direction: 'in',  destination: '10.16.109.252/32' }
-        - { direction: 'out', destination: '10.16.109.252/32' }
-        - { direction: 'in',  destination: '10.16.1.1/32' }
-        - { direction: 'out', destination: '10.16.1.1/32' }
-        - { direction: 'in',  destination: '162.55.5.40/32' }
-        - { direction: 'out', destination: '162.55.5.40/32' }
-      when: config_ufw
-      environment:
-        PATH: /sbin:{{ ansible_env.PATH }}      
-    - name: Allow apt-proxy-Access to some servers
-      ufw:
-        rule: allow
-        direction: '{{ item.direction }}'
-        dest: '{{ item.destination }}'
-        port: '3142'
-      with_items:
-        - { direction: 'in',  destination: '10.0.2.254/32' }
-        - { direction: 'out', destination: '10.0.2.243/32' }
-        - { direction: 'in',  destination: '10.16.1.3/32' }
-        - { direction: 'out', destination: '10.16.1.3/32' }
-      environment:
-        PATH: /sbin:{{ ansible_env.PATH }}    
-    - name: Allow DNS-Access to some servers
-      ufw:
-        rule: allow
-        direction: '{{ item.direction }}'
-        dest: '{{ item.destination }}'
-        port: '53'
-      with_items:
-        - { direction: 'in',  destination: '10.0.0.1/32' }
-        - { direction: 'out', destination: '10.0.0.1/32' }
-        - { direction: 'in',  destination: '10.16.1.1/32' }
-        - { direction: 'out', destination: '10.16.1.1/32' }
-      when: config_ufw
-      environment:
-        PATH: /sbin:{{ ansible_env.PATH }}
-    - name: Allow dns
-      ufw: rule={{ item.rule }} port={{ item.port }}
-      with_items:
-        - { rule: 'allow', port: '53'}
-      when: config_ufw
-      environment:
-        PATH: /sbin:{{ ansible_env.PATH }}
     - name: disable mounting of usb flash drives
       file:
         path: /media

roles/ufw/tasks/main.yml

@@ -0,0 +1,115 @@
+- name: Install ufw
+  apt: package=ufw state=present
+
+- name: Configure ufw defaults
+  ufw: direction={{ item.direction }} policy={{ item.policy }}
+  with_items:
+    - { direction: 'incoming', policy: 'deny' }
+    - { direction: 'outgoing', policy: 'deny' }
+  environment:
+    PATH: /sbin:{{ ansible_env.PATH }}       
+
+# disable ipv6
+- lineinfile:
+    path: /etc/default/ufw
+    state: present
+    regexp: '^IPV6'
+    line: 'IPV6=no'
+
+- name: Enable ufw logging
+  ufw: logging=off
+  environment:
+    PATH: /sbin:{{ ansible_env.PATH }} 
+
+- name: Commenting a line.
+  replace:
+    path: /etc/ufw/before.rules
+    regexp: '^(?!#)(.*limit --limit*)'
+    replace: '#\1'
+  when: config_ufw
+- name: Allow all access to tcp port 123
+  ufw:
+    rule: allow
+    port: '3142'
+    direction: '{{ item }}'
+  with_items:
+    - in
+    - out
+  when: config_ufw
+  environment:
+    PATH: /sbin:{{ ansible_env.PATH }}    
+
+- name: Allow SSH-Access to some servers
+  ufw:
+    rule: allow
+    direction: '{{ item.direction }}'
+    dest: '{{ item.destination }}'
+    port: '22'
+  with_items:
+    - { direction: 'in',  destination: '10.0.0.1/32' }
+    - { direction: 'out', destination: '10.0.0.1/32' }
+    - { direction: 'in',  destination: '10.0.2.254/32' }
+    - { direction: 'out', destination: '10.0.2.243/32' }
+    - { direction: 'in',  destination: '10.16.109.252/32' }
+    - { direction: 'out', destination: '10.16.109.252/32' }
+    - { direction: 'in',  destination: '10.16.1.1/32' }
+    - { direction: 'out', destination: '10.16.1.1/32' }
+    - { direction: 'in',  destination: '162.55.5.40/32' }
+    - { direction: 'out', destination: '162.55.5.40/32' }
+  when: config_ufw
+  environment:
+    PATH: /sbin:{{ ansible_env.PATH }}
+- name: Allow https-Access to some servers
+  ufw:
+    rule: allow
+    direction: '{{ item.direction }}'
+    dest: '{{ item.destination }}'
+    port: '443'
+  with_items:
+    - { direction: 'in',  destination: '10.0.0.1/32' }
+    - { direction: 'out', destination: '10.0.0.1/32' }
+    - { direction: 'in',  destination: '10.0.2.254/32' }
+    - { direction: 'out', destination: '10.0.2.243/32' }
+    - { direction: 'in',  destination: '10.16.109.252/32' }
+    - { direction: 'out', destination: '10.16.109.252/32' }
+    - { direction: 'in',  destination: '10.16.1.1/32' }
+    - { direction: 'out', destination: '10.16.1.1/32' }
+    - { direction: 'in',  destination: '162.55.5.40/32' }
+    - { direction: 'out', destination: '162.55.5.40/32' }
+  when: config_ufw
+  environment:
+    PATH: /sbin:{{ ansible_env.PATH }}      
+- name: Allow apt-proxy-Access to some servers
+  ufw:
+    rule: allow
+    direction: '{{ item.direction }}'
+    dest: '{{ item.destination }}'
+    port: '3142'
+  with_items:
+    - { direction: 'in',  destination: '10.0.2.254/32' }
+    - { direction: 'out', destination: '10.0.2.243/32' }
+    - { direction: 'in',  destination: '10.16.1.3/32' }
+    - { direction: 'out', destination: '10.16.1.3/32' }
+  environment:
+    PATH: /sbin:{{ ansible_env.PATH }}    
+- name: Allow DNS-Access to some servers
+  ufw:
+    rule: allow
+    direction: '{{ item.direction }}'
+    dest: '{{ item.destination }}'
+    port: '53'
+  with_items:
+    - { direction: 'in',  destination: '10.0.0.1/32' }
+    - { direction: 'out', destination: '10.0.0.1/32' }
+    - { direction: 'in',  destination: '10.16.1.1/32' }
+    - { direction: 'out', destination: '10.16.1.1/32' }
+  when: config_ufw
+  environment:
+    PATH: /sbin:{{ ansible_env.PATH }}
+- name: Allow dns
+  ufw: rule={{ item.rule }} port={{ item.port }}
+  with_items:
+    - { rule: 'allow', port: '53'}
+  when: config_ufw
+  environment:
+    PATH: /sbin:{{ ansible_env.PATH }}