ansible/xoxys.unifi
1
0
Fork 0
Code Issues Pull Requests Releases Activity

remove iptables integration
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
Robert Kaussow 2019-10-28 20:12:54 +01:00
parent b1e1477c82
commit baad567860
2 changed files with 6 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
defaults/main.yml
View File

@ -9,36 +9,6 @@ unifi_user: ubnt
unifi_base_dir: /opt/unifi unifi_base_dir: /opt/unifi
unifi_tmp_dir: "{{ unifi_base_dir }}/tmp" unifi_tmp_dir: "{{ unifi_base_dir }}/tmp"
unifi_iptables_enabled: False
unifi_open_ports:
- name: allow_unifi_web
rules: |
-A INPUT -m state --state NEW -p tcp --dport 8443 -j ACCEPT
state: present
- name: allow_unifi_comm
rules: |
-A INPUT -m state --state NEW -p tcp --dport 8080 -j ACCEPT
-A OUTPUT -m state --state NEW -p tcp --dport 8080 -j ACCEPT
state: present
- name: allow_unifi_stun
rules: |
-A INPUT -m state --state NEW -p udp --dport 3478 -j ACCEPT
-A OUTPUT -m state --state NEW -p udp --dport 3478 -j ACCEPT
state: present
- name: allow_unifi_discover
rules: |
-A INPUT -m state --state NEW -p udp --dport 10001 -j ACCEPT
-A OUTPUT -m state --state NEW -p udp --dport 10001 -j ACCEPT
state: present
- name: allow_unifi_sped
rules: |
-A INPUT -m state --state NEW -p tcp --dport 6789 -j ACCEPT
state: present
- name: allow_unifi_adopt
rules: |
-A OUTPUT -m state --state NEW -p tcp --dport 22 -j ACCEPT
state: present
unifi_tls_enabled: False unifi_tls_enabled: False
unifi_tls_pkcs12_passphrase: temppass unifi_tls_pkcs12_passphrase: temppass
unifi_tls_certs_dir: "{{ unifi_base_dir }}/tls/certs" unifi_tls_certs_dir: "{{ unifi_base_dir }}/tls/certs"

25
tasks/install.yml
View File

@ -77,24 +77,11 @@
become: True become: True
become_user: "{{ unifi_user }}" become_user: "{{ unifi_user }}"
- block: - name: Create systemd unit files
- name: Open ports in iptables template:
iptables_raw: src: "etc/systemd/system/unifi.service.j2"
name: "{{ item.name }}" dest: "/etc/systemd/system/unifi.service"
rules: "{{ item.rules }}" mode: 0644
state: "{{ item.state }}" notify: __unifi_restart
weight: "{{ item.weight | default(omit) }}"
table: "{{ item.table | default(omit) }}"
loop: "{{ unifi_open_ports }}"
loop_control:
label: "{{ item.name }}"
when: unifi_iptables_enabled
- name: Create systemd unit files
template:
src: "etc/systemd/system/unifi.service.j2"
dest: "/etc/systemd/system/unifi.service"
mode: 0644
notify: __unifi_restart
become: True become: True
become_user: root become_user: root