[SKIP CI] add iptables tasks

2019-08-04 13:30:18 +02:00 · 2019-08-04 13:30:18 +02:00 · 2e6e141e88
commit 2e6e141e88
parent 90e20c350c
2 changed files with 19 additions and 0 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -73,3 +73,10 @@ droneci_gitea_skip_verify: False
 # droneci_no_proxy: (see below)
 # - drone-server
 # - drone-agent
+
+droneci_iptables_enabled: False
+droneci_open_ports:
+  - name: allow_droneci_web
+    rules: |
+      -A INPUT -m state --state NEW -p tcp --dport {{ droneci_server_exposed_port }} -j ACCEPT
+    state: present
--- a/tasks/setup.yml
+++ b/tasks/setup.yml
@ -26,5 +26,17 @@
        dest: "{{ droneci_service_directory }}/{{ droneci_license_key | basename }}"
        mode: 0600
      when: droneci_license_key is defined
+
+    - name: Open ports in iptables
+      iptables_raw:
+        name: "{{ item.name }}"
+        rules: "{{ item.rules }}"
+        state: "{{ item.state | default('present') }}"
+        weight: "{{ item.weight | default(omit) }}"
+        table: "{{ item.table | default(omit) }}"
+      with_items: "{{ droneci_open_ports }}"
+      loop_control:
+        label: "{{ item.name }}"
+      when: droneci_iptables_enabled | bool
  become: True
  become_user: root