Pains-Perdus/ansible
3
1
Fork 0
Code Issues Pull requests 1 Releases Wiki Activity

configure whitelisting for clients

Browse source
This commit is contained in:
histausse 2021-06-29 01:40:35 +02:00
parent 3bcbc04bb4
commit 0d7536ed19
Signed by: histausse
GPG key ID: 67486F107F62E9E9
3 changed files with 23 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

0
books/proxy_apt.yml → books/apt_proxy.yml
View file

3
group_vars/all/proxy_apt.yml → group_vars/all/apt_proxy.yml
View file

@ -2,3 +2,6 @@
apt_proxy_port: 3142 apt_proxy_port: 3142
apt_proxy_admin_user: admin apt_proxy_admin_user: admin
apt_proxy_admin_mdp: "{{ vault_apt_proxy_admin_mdp }}" apt_proxy_admin_mdp: "{{ vault_apt_proxy_admin_mdp }}"
apt_proxy_allowed_clients:
- "{{ intranet['ipv4'] }}/{{ intranet['netmaskv4'] }}"

20
roles/apt_cacher_ng/tasks/main.yml
View file

@ -28,6 +28,26 @@
notify: Restart apt-cacher-ng notify: Restart apt-cacher-ng
no_log: true no_log: true
- name: Edit the clients allowed to use the proxy
lineinfile:
path: /etc/hosts.allow
regexp: '^apt-cacher-ng'
line: "apt-cacher-ng: 127.0.0.1 {{ apt_proxy_allowed_clients | join(' ') }}"
owner: root
group: root
mode: '644'
notify: Restart apt-cacher-ng
- name: Block everyone else
lineinfile:
path: /etc/hosts.deny
regexp: '^apt-cacher-ng'
line: "apt-cacher-ng: ALL"
owner: root
group: root
mode: '644'
notify: Restart apt-cacher-ng
- name: Enable apt-cacher-ng - name: Enable apt-cacher-ng
systemd: systemd:
name: "apt-cacher-ng" name: "apt-cacher-ng"