configure whitelisting for clients

This commit is contained in:
histausse 2021-06-29 01:40:35 +02:00
parent 3bcbc04bb4
commit 0d7536ed19
Signed by: histausse
GPG key ID: 67486F107F62E9E9
3 changed files with 23 additions and 0 deletions

View file

@ -2,3 +2,6 @@
apt_proxy_port: 3142
apt_proxy_admin_user: admin
apt_proxy_admin_mdp: "{{ vault_apt_proxy_admin_mdp }}"
apt_proxy_allowed_clients:
- "{{ intranet['ipv4'] }}/{{ intranet['netmaskv4'] }}"

View file

@ -28,6 +28,26 @@
notify: Restart apt-cacher-ng
no_log: true
- name: Edit the clients allowed to use the proxy
lineinfile:
path: /etc/hosts.allow
regexp: '^apt-cacher-ng'
line: "apt-cacher-ng: 127.0.0.1 {{ apt_proxy_allowed_clients | join(' ') }}"
owner: root
group: root
mode: '644'
notify: Restart apt-cacher-ng
- name: Block everyone else
lineinfile:
path: /etc/hosts.deny
regexp: '^apt-cacher-ng'
line: "apt-cacher-ng: ALL"
owner: root
group: root
mode: '644'
notify: Restart apt-cacher-ng
- name: Enable apt-cacher-ng
systemd:
name: "apt-cacher-ng"