refactor(security): reworked firewall configuration and added support for DNS, HTTP and ICMP rules; added autoconf for resolv.conf to match FW rules

2024-01-06 00:00:00 +00:00 · 2024-01-06 00:00:00 +00:00 · da45c7c409
commit da45c7c409
parent 3a7440f570
22 changed files with 169 additions and 48 deletions
--- a/playbooks/external.yml
+++ b/playbooks/external.yml
@ -2,15 +2,13 @@
 - name: setup external infrastructure
  hosts: external
  gather_facts: false
-  vars_files: ../inventory/vault.yml
  tasks:
-    - include_vars: ../inventory/vault.yml
-    - name: include common role
-      ansible.builtin.include_role:
-        name: nullified.infrastructure.common
    - name: include security role
      ansible.builtin.include_role:
        name: nullified.infrastructure.security
+    - name: include common role
+      ansible.builtin.include_role:
+        name: nullified.infrastructure.common

 - name: setup servers
  hosts: external:&server
--- a/playbooks/internal.yml
+++ b/playbooks/internal.yml
@ -2,15 +2,13 @@
 - name: setup internal infrastructure
  hosts: internal
  gather_facts: false
-  vars_files: ../inventory/vault.yml
  tasks:
-    - include_vars: ../inventory/vault.yml
-    - name: include common role
-      ansible.builtin.include_role:
-        name: nullified.infrastructure.common
    - name: include security role
      ansible.builtin.include_role:
        name: nullified.infrastructure.security
+    - name: include common role
+      ansible.builtin.include_role:
+        name: nullified.infrastructure.common

 - name: setup servers
  hosts: internal:&server