Add firewalld_enabled toggle
This commit is contained in:
@@ -65,6 +65,7 @@ Global variables apply across your Ansible project and are loaded from `vars.yml
|
|||||||
| `custom_iso` (optional) | Skip ArchISO checks and pacman setup on installer media. | `true`, `false (default)` |
|
| `custom_iso` (optional) | Skip ArchISO checks and pacman setup on installer media. | `true`, `false (default)` |
|
||||||
| `cis` (optional) | Adjusts the installation to be CIS level 3 conformant. | `true`, `false (default)` |
|
| `cis` (optional) | Adjusts the installation to be CIS level 3 conformant. | `true`, `false (default)` |
|
||||||
| `selinux` (optional) | Toggle SELinux where supported. | `true (default)`, `false` |
|
| `selinux` (optional) | Toggle SELinux where supported. | `true (default)`, `false` |
|
||||||
|
| `firewalld_enabled` (optional) | Toggle firewalld package/service enablement. | `true (default)`, `false` |
|
||||||
|
|
||||||
### 2.2 Hypervisor Access (virtual installs)
|
### 2.2 Hypervisor Access (virtual installs)
|
||||||
|
|
||||||
|
|||||||
@@ -4,6 +4,7 @@ bootstrap_almalinux:
|
|||||||
- dbus-daemon
|
- dbus-daemon
|
||||||
- dhcp-client
|
- dhcp-client
|
||||||
- efibootmgr
|
- efibootmgr
|
||||||
|
- "{{ 'firewalld' if firewalld_enabled | bool else '' }}"
|
||||||
- glibc-langpack-de
|
- glibc-langpack-de
|
||||||
- glibc-langpack-en
|
- glibc-langpack-en
|
||||||
- grub2
|
- grub2
|
||||||
@@ -33,7 +34,7 @@ bootstrap_archlinux:
|
|||||||
- dhcpcd
|
- dhcpcd
|
||||||
- efibootmgr
|
- efibootmgr
|
||||||
- fastfetch
|
- fastfetch
|
||||||
- firewalld
|
- "{{ 'firewalld' if firewalld_enabled | bool else '' }}"
|
||||||
- fish
|
- fish
|
||||||
- fzf
|
- fzf
|
||||||
- grub
|
- grub
|
||||||
@@ -90,7 +91,7 @@ bootstrap_debian11:
|
|||||||
- bat
|
- bat
|
||||||
- curl
|
- curl
|
||||||
- entr
|
- entr
|
||||||
- firewalld
|
- "{{ 'firewalld' if firewalld_enabled | bool else '' }}"
|
||||||
- fish
|
- fish
|
||||||
- fzf
|
- fzf
|
||||||
- htop
|
- htop
|
||||||
@@ -139,7 +140,7 @@ bootstrap_debian12:
|
|||||||
- curl
|
- curl
|
||||||
- duf
|
- duf
|
||||||
- entr
|
- entr
|
||||||
- firewalld
|
- "{{ 'firewalld' if firewalld_enabled | bool else '' }}"
|
||||||
- fish
|
- fish
|
||||||
- fzf
|
- fzf
|
||||||
- htop
|
- htop
|
||||||
@@ -195,7 +196,7 @@ bootstrap_debian13:
|
|||||||
- duf
|
- duf
|
||||||
- entr
|
- entr
|
||||||
- fastfetch
|
- fastfetch
|
||||||
- firewalld
|
- "{{ 'firewalld' if firewalld_enabled | bool else '' }}"
|
||||||
- fish
|
- fish
|
||||||
- fzf
|
- fzf
|
||||||
- htop
|
- htop
|
||||||
@@ -233,6 +234,7 @@ bootstrap_fedora:
|
|||||||
- duf
|
- duf
|
||||||
- efibootmgr
|
- efibootmgr
|
||||||
- entr
|
- entr
|
||||||
|
- "{{ 'firewalld' if firewalld_enabled | bool else '' }}"
|
||||||
- fish
|
- fish
|
||||||
- fzf
|
- fzf
|
||||||
- glibc-langpack-de
|
- glibc-langpack-de
|
||||||
@@ -266,6 +268,7 @@ bootstrap_rhel8:
|
|||||||
- bind-utils
|
- bind-utils
|
||||||
- dhcp-client
|
- dhcp-client
|
||||||
- efibootmgr
|
- efibootmgr
|
||||||
|
- "{{ 'firewalld' if firewalld_enabled | bool else '' }}"
|
||||||
- glibc-langpack-de
|
- glibc-langpack-de
|
||||||
- glibc-langpack-en
|
- glibc-langpack-en
|
||||||
- grub2
|
- grub2
|
||||||
@@ -291,6 +294,7 @@ bootstrap_rhel9:
|
|||||||
- bind-utils
|
- bind-utils
|
||||||
- dhcp-client
|
- dhcp-client
|
||||||
- efibootmgr
|
- efibootmgr
|
||||||
|
- "{{ 'firewalld' if firewalld_enabled | bool else '' }}"
|
||||||
- glibc-langpack-de
|
- glibc-langpack-de
|
||||||
- glibc-langpack-en
|
- glibc-langpack-en
|
||||||
- grub2
|
- grub2
|
||||||
@@ -316,6 +320,7 @@ bootstrap_rhel9:
|
|||||||
bootstrap_rhel10:
|
bootstrap_rhel10:
|
||||||
- bind-utils
|
- bind-utils
|
||||||
- efibootmgr
|
- efibootmgr
|
||||||
|
- "{{ 'firewalld' if firewalld_enabled | bool else '' }}"
|
||||||
- glibc-langpack-de
|
- glibc-langpack-de
|
||||||
- glibc-langpack-en
|
- glibc-langpack-en
|
||||||
- grub2
|
- grub2
|
||||||
@@ -343,6 +348,7 @@ bootstrap_rocky:
|
|||||||
- dbus-daemon
|
- dbus-daemon
|
||||||
- dhcp-client
|
- dhcp-client
|
||||||
- efibootmgr
|
- efibootmgr
|
||||||
|
- "{{ 'firewalld' if firewalld_enabled | bool else '' }}"
|
||||||
- glibc-langpack-de
|
- glibc-langpack-de
|
||||||
- glibc-langpack-en
|
- glibc-langpack-en
|
||||||
- grub2
|
- grub2
|
||||||
@@ -394,7 +400,7 @@ bootstrap_ubuntu:
|
|||||||
- eza
|
- eza
|
||||||
- fdupes
|
- fdupes
|
||||||
- fio
|
- fio
|
||||||
- firewalld
|
- "{{ 'firewalld' if firewalld_enabled | bool else '' }}"
|
||||||
- fish
|
- fish
|
||||||
- htop
|
- htop
|
||||||
- jq
|
- jq
|
||||||
@@ -457,7 +463,7 @@ bootstrap_ubuntu_lts:
|
|||||||
- eza
|
- eza
|
||||||
- fdupes
|
- fdupes
|
||||||
- fio
|
- fio
|
||||||
- firewalld
|
- "{{ 'firewalld' if firewalld_enabled | bool else '' }}"
|
||||||
- fish
|
- fish
|
||||||
- htop
|
- htop
|
||||||
- jq
|
- jq
|
||||||
|
|||||||
@@ -2,6 +2,7 @@
|
|||||||
- name: Enable Systemd Services
|
- name: Enable Systemd Services
|
||||||
ansible.builtin.command: >
|
ansible.builtin.command: >
|
||||||
arch-chroot /mnt systemctl enable NetworkManager
|
arch-chroot /mnt systemctl enable NetworkManager
|
||||||
|
{{ ' firewalld' if firewalld_enabled | bool else '' }}
|
||||||
{{
|
{{
|
||||||
' ssh' if os | lower in ['ubuntu', 'ubuntu-lts'] else
|
' ssh' if os | lower in ['ubuntu', 'ubuntu-lts'] else
|
||||||
(' sshd' if os | lower not in ['debian11', 'debian12', 'debian13'] else '')
|
(' sshd' if os | lower not in ['debian11', 'debian12', 'debian13'] else '')
|
||||||
@@ -12,3 +13,10 @@
|
|||||||
}}
|
}}
|
||||||
register: configuration_enable_services_result
|
register: configuration_enable_services_result
|
||||||
changed_when: configuration_enable_services_result.rc == 0
|
changed_when: configuration_enable_services_result.rc == 0
|
||||||
|
|
||||||
|
- name: Disable firewalld when disabled
|
||||||
|
when: not firewalld_enabled | bool
|
||||||
|
ansible.builtin.command: arch-chroot /mnt systemctl disable --now firewalld
|
||||||
|
register: configuration_disable_firewalld_result
|
||||||
|
changed_when: configuration_disable_firewalld_result.rc == 0
|
||||||
|
failed_when: false
|
||||||
|
|||||||
@@ -4,6 +4,7 @@ custom_iso: false
|
|||||||
cis: false
|
cis: false
|
||||||
selinux: true
|
selinux: true
|
||||||
vmware_ssh: false
|
vmware_ssh: false
|
||||||
|
firewalld_enabled: true
|
||||||
|
|
||||||
cis_enabled: "{{ cis | bool }}"
|
cis_enabled: "{{ cis | bool }}"
|
||||||
custom_iso_enabled: "{{ custom_iso | bool }}"
|
custom_iso_enabled: "{{ custom_iso | bool }}"
|
||||||
|
|||||||
@@ -8,6 +8,7 @@ filesystem: "btrfs"
|
|||||||
|
|
||||||
cis: false
|
cis: false
|
||||||
selinux: true
|
selinux: true
|
||||||
|
firewalld_enabled: true
|
||||||
|
|
||||||
luks_enabled: true
|
luks_enabled: true
|
||||||
luks_passphrase: "1234"
|
luks_passphrase: "1234"
|
||||||
|
|||||||
@@ -7,6 +7,7 @@ install_drive: "/dev/sda" # Use /dev/vda for virtio/libvirt.
|
|||||||
custom_iso: false # Set true to skip ArchISO-specific validation and pacman setup.
|
custom_iso: false # Set true to skip ArchISO-specific validation and pacman setup.
|
||||||
cis: false # Set true to enable CIS hardening.
|
cis: false # Set true to enable CIS hardening.
|
||||||
selinux: true # Toggle SELinux where supported.
|
selinux: true # Toggle SELinux where supported.
|
||||||
|
firewalld_enabled: true # Toggle firewalld package and service.
|
||||||
|
|
||||||
hypervisor_url: "pve01.example.com"
|
hypervisor_url: "pve01.example.com"
|
||||||
hypervisor_username: "root@pam"
|
hypervisor_username: "root@pam"
|
||||||
|
|||||||
Reference in New Issue
Block a user