From a0b3585f86883521354fe472c9c9500048e8f83a Mon Sep 17 00:00:00 2001
From: Robert Kaussow <mail@thegeeklab.de>
Date: Sun, 19 Feb 2023 20:59:55 +0100
Subject: [PATCH] feat: add option to ignore zones not managed by ansible

---
 defaults/main.yml | 2 ++
 tasks/setup.yml   | 6 ++++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index bda4f57..38db84b 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -108,3 +108,5 @@ firewalld_zones:
       - name: dhcpv6-client
       - name: cockpit
 firewalld_zones_extra: []
+
+firewalld_zones_unmanaged: []
diff --git a/tasks/setup.yml b/tasks/setup.yml
index 5e1076a..0acd52c 100644
--- a/tasks/setup.yml
+++ b/tasks/setup.yml
@@ -73,7 +73,7 @@
         src: etc/firewalld/zones/zone.xml.j2
         dest: /etc/firewalld/zones/{{ item.name }}.xml
         mode: 0640
-      loop: "{{ __firewalld_zones }}"
+      loop: "{{ __firewalld_zones | difference(firewalld_zones_unmanaged) }}"
       loop_control:
         label: "{{ item.name }}"
       notify: __firewalld_reload
@@ -93,7 +93,9 @@
         state: absent
       loop: "{{ __firewalld_zones_active.files | map(attribute='path') | list }}"
       notify: __firewalld_reload
-      when: (item | basename | splitext | first) not in (__firewalld_zones | map(attribute='name') | list)
+      when:
+        - (item | basename | splitext | first) not in (__firewalld_zones | map(attribute='name') | list)
+        - (item not in firewalld_zones_unmanaged)
 
     - name: Validate deployed configuration
       command: firewall-offline-cmd --check-config