add handle of ufw

2023-03-19 17:49:08 +02:00 · 2023-03-19 17:49:08 +02:00 · 110bf14848
commit 110bf14848
parent a4eb685448
2 changed files with 7 additions and 1 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -4,3 +4,6 @@
 signal_data_folder: /var/lib/signal_api
 signal_api_port: 8080
 signal_container_image: bbernhard/signal-cli-rest-api
+handle_ufw: false
+localnetworks:
+  - 192.168.1.0/24
--- a/tasks/configure.yml
+++ b/tasks/configure.yml
@ -24,11 +24,14 @@
  register: container
  ignore_errors: true

- name: Ensure UFW allow traffic to exposed port
+- name: Ensure UFW allow traffic to exposed port from local network
  ufw:
    rule: allow
    route: true
+    from_ip: "{{ item }}"
    to_port: "{{ signal_api_port }}"
+  when: handle_ufw
+  with: "{{ localnetworks }}"

 - name: Generate service unit
  shell: podman generate systemd --new --name signal-api > /etc/systemd/system/podman_signal_api.service