From 0d7536ed1950d1a6a35af1cfd1c6a293bac2da8c Mon Sep 17 00:00:00 2001 From: Jean-Marie Mineau Date: Tue, 29 Jun 2021 01:40:35 +0200 Subject: [PATCH] configure whitelisting for clients --- books/{proxy_apt.yml => apt_proxy.yml} | 0 .../all/{proxy_apt.yml => apt_proxy.yml} | 3 +++ roles/apt_cacher_ng/tasks/main.yml | 20 +++++++++++++++++++ 3 files changed, 23 insertions(+) rename books/{proxy_apt.yml => apt_proxy.yml} (100%) rename group_vars/all/{proxy_apt.yml => apt_proxy.yml} (55%) diff --git a/books/proxy_apt.yml b/books/apt_proxy.yml similarity index 100% rename from books/proxy_apt.yml rename to books/apt_proxy.yml diff --git a/group_vars/all/proxy_apt.yml b/group_vars/all/apt_proxy.yml similarity index 55% rename from group_vars/all/proxy_apt.yml rename to group_vars/all/apt_proxy.yml index 1132cf8..169bdf0 100644 --- a/group_vars/all/proxy_apt.yml +++ b/group_vars/all/apt_proxy.yml @@ -2,3 +2,6 @@ apt_proxy_port: 3142 apt_proxy_admin_user: admin apt_proxy_admin_mdp: "{{ vault_apt_proxy_admin_mdp }}" + +apt_proxy_allowed_clients: + - "{{ intranet['ipv4'] }}/{{ intranet['netmaskv4'] }}" diff --git a/roles/apt_cacher_ng/tasks/main.yml b/roles/apt_cacher_ng/tasks/main.yml index 5ae6b2e..0235352 100644 --- a/roles/apt_cacher_ng/tasks/main.yml +++ b/roles/apt_cacher_ng/tasks/main.yml @@ -28,6 +28,26 @@ notify: Restart apt-cacher-ng no_log: true +- name: Edit the clients allowed to use the proxy + lineinfile: + path: /etc/hosts.allow + regexp: '^apt-cacher-ng' + line: "apt-cacher-ng: 127.0.0.1 {{ apt_proxy_allowed_clients | join(' ') }}" + owner: root + group: root + mode: '644' + notify: Restart apt-cacher-ng + +- name: Block everyone else + lineinfile: + path: /etc/hosts.deny + regexp: '^apt-cacher-ng' + line: "apt-cacher-ng: ALL" + owner: root + group: root + mode: '644' + notify: Restart apt-cacher-ng + - name: Enable apt-cacher-ng systemd: name: "apt-cacher-ng"