refactor(security): reworked firewall configuration and added support for DNS, HTTP and ICMP rules; added autoconf for resolv.conf to match FW rules

2024-01-06 00:00:00 +00:00 · 2024-01-06 00:00:00 +00:00 · da45c7c409
commit da45c7c409
parent 3a7440f570
22 changed files with 169 additions and 48 deletions
--- a/collections/ansible_collections/nullified/infrastructure/roles/common/templates/system/resolv.conf.j2
+++ b/collections/ansible_collections/nullified/infrastructure/roles/common/templates/system/resolv.conf.j2
@ -0,0 +1,10 @@
+{% if dns[dns.type].dns4 is defined and dns[dns.type].dns4 | length > 0 -%}
+{% for server in dns[dns.type].dns4 -%}
+nameserver {{ server }}
+{% endfor %}
+{% endif %}
+{% if ip_dualstack | default(false) and dns[dns.type].dns6 is defined and dns[dns.type].dns6 | length > 0 -%}
+{% for server in dns[dns.type].dns6 -%}
+nameserver {{ server }}
+{% endfor %}
+{% endif %}