From 43d521617f7a628d35854f99d06e05007b0fdeb3 Mon Sep 17 00:00:00 2001
From: Nicolas KAROLAK <nicolas@karolak.fr>
Date: Thu, 26 Mar 2020 17:04:41 +0000
Subject: [PATCH] remove default saddr

---
 roles/celerity/defaults/main.yml     |  3 +-
 roles/mirismanager/defaults/main.yml | 46 ++++++++++++++++++++++++++++
 roles/postgres/defaults/main.yml     |  3 +-
 3 files changed, 48 insertions(+), 4 deletions(-)
 create mode 100644 roles/mirismanager/defaults/main.yml

diff --git a/roles/celerity/defaults/main.yml b/roles/celerity/defaults/main.yml
index fac75691..ad510f68 100644
--- a/roles/celerity/defaults/main.yml
+++ b/roles/celerity/defaults/main.yml
@@ -33,8 +33,7 @@ celerity_f2b_jail:
 celerity_firewall_enabled: true
 celerity_ferm_rules_filename: celerity
 celerity_ferm_input_rules:
-  - saddr: "{{ groups['worker'] | map('extract', hostvars, ['ansible_default_ipv4', 'address']) | list }}"
-    proto:
+  - proto:
       - tcp
     dport:
       - 6200
diff --git a/roles/mirismanager/defaults/main.yml b/roles/mirismanager/defaults/main.yml
new file mode 100644
index 00000000..fae361ba
--- /dev/null
+++ b/roles/mirismanager/defaults/main.yml
@@ -0,0 +1,46 @@
+---
+
+manager_packages:
+  - ubicast-skyreach
+  - ubicast-skyreach-runtime
+
+manager_testing: false
+manager_mail: dev-mediaserver@ubicast.eu
+manager_hostname: "{{ envsetup_cm_server_name }}"
+manager_default_email_sender: "noreply@{{ manager_hostname }}"
+manager_email_sender: "{{ envsetup_email_sender | default(manager_default_email_sender, true) }}"
+manager_proxy_http: "{{ envsetup_proxy_http }}"
+
+manager_fail2ban_enabled: "{{ envsetup_fail2ban_enabled | d(true) }}"
+manager_f2b_filter:
+  name: manager
+  content: |
+    [INCLUDES]
+    before = common.conf
+    [Definition]
+    failregex = INFO Wrong credentials given to login\. IP: <HOST>, username: \S+\.$
+                INFO Wrong crendentials given to login\. IP: <HOST>, username: \S+\.$
+    ignoreregex =
+manager_f2b_jail:
+  name: manager
+  content: |
+    [manager]
+    logpath = /home/skyreach/.skyreach/logs/skyreach.log
+    enabled = {% if manager_fail2ban_enabled | bool %}true{% else %}false{% endif %}
+
+manager_firewall_enabled: true
+manager_ferm_rules_filename: manager
+manager_ferm_input_rules:
+  - proto:
+      - tcp
+    dport:
+      - 80
+      - 443
+  - proto:
+      - tcp
+    dport:
+      - 3142
+manager_ferm_output_rules: []
+manager_ferm_global_settings:
+
+...
diff --git a/roles/postgres/defaults/main.yml b/roles/postgres/defaults/main.yml
index d5716237..fd6a0499 100644
--- a/roles/postgres/defaults/main.yml
+++ b/roles/postgres/defaults/main.yml
@@ -7,8 +7,7 @@ postgres_pwd: "{{ envsetup_db_pg_root_pwd }}"
 postgres_firewall_enabled: true
 postgres_ferm_rules_filename: postgres
 postgres_ferm_input_rules:
-  - saddr: "{{ groups['server'] | union(groups['manager']) | map('extract', hostvars, ['ansible_default_ipv4', 'address']) | list }}"
-    proto:
+  - proto:
       - tcp
     dport:
       - 5432
-- 
GitLab