Merge branch 'master' into matt/hosts

2021-10-15 22:52:39 -05:00
parent 24104f0480 a3aaa55c91
commit 7ebdb906a3
6 changed files with 16 additions and 14 deletions
--- a/README.md
+++ b/README.md
@@ -25,14 +25,12 @@ You can read more about Nebula [on the official repo](https://github.com/slackhq
    nebula_lighthouse_public_hostname: lighthouse.company.com
    nebula_lighthouse_public_port: 4242

-    nebula_default_inbound_rules:
-      - { port: 22, proto: "tcp", host: "any" }
+    nebula_inbound_rules:
      - { port: "any", proto: "icmp", host: "any" }
-    nebula_default_outbound_rules:
      - { port: 22, proto: "tcp", host: "any" }
-      - { port: "any", proto: "icmp", host: "any" }
-      - { port: 4505, proto: "tcp", host: "10.43.0.1/32" }
-      - { port: 4506, proto: "tcp", host: "10.43.0.1/32" }
+    nebula_outbound_rules:
+      - { port: "any", proto: "any", host: "any" }
+
  roles:
    - role: nebula
 ```
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -5,15 +5,17 @@ nebula_ca_cert_duration: "87600h0m0s" #10 years
 nebula_client_cert_duration: "43800h0m0s" #5 years
 nebula_clean_install: false
 nebula_lighthouse_build_hosts_file: true
-nebula_node_lighthouse_in_hosts_file: true 
+nebula_node_lighthouse_in_hosts_file: true
+nebula_install_check_cron: yes
+

 nebula_lighthouse_hostname: lighthouse
 nebula_lighthouse_internal_ip_addr: 192.168.77.1
 nebula_lighthouse_public_hostname: my-nebula-server.com
 nebula_lighthouse_public_port: 4242

-nebula_default_inbound_rules:
+nebula_inbound_rules:
  - { port: "any", proto: "any", host: "any" }
-nebula_default_outbound_rules:
+nebula_outbound_rules:
  - { port: "any", proto: "any", host: "any" }

--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -3,7 +3,7 @@
  block:
    - name: Uninstall Nebula (clean install)
      include: uninstall.yml
-      when: nebula_clean_install
+      when: nebula_clean_install|bool
    
    - name: Install Nebula on all hosts 
      include: nebula.yml
--- a/tasks/node.yml
+++ b/tasks/node.yml
@@ -71,9 +71,11 @@
    owner: root
    group: root
    mode: '0755'
+  when: nebula_install_check_cron|bool

 - name: Ensure nebula-check is scheduled via cron
  cron:
    name: "nebula-check"
    minute: "*/5"
    job: "/opt/nebula/nebula-check.sh"
+  when: nebula_install_check_cron|bool
--- a/templates/lighthouse_config.yml.j2
+++ b/templates/lighthouse_config.yml.j2
@@ -82,14 +82,14 @@ firewall:
 #

  outbound:
-{% for rule in nebula_default_outbound_rules %}
+{% for rule in nebula_outbound_rules %}
    - port: {{ rule.port }}
      proto: {{ rule.proto }}
      host: {{ rule.host }}
 {% endfor %}

  inbound:
-{% for rule in nebula_default_outbound_rules %}
+{% for rule in nebula_inbound_rules %}
    - port: {{ rule.port }}
      proto: {{ rule.proto }}
      host: {{ rule.host }}
--- a/templates/node_config.yml.j2
+++ b/templates/node_config.yml.j2
@@ -82,14 +82,14 @@ firewall:
 #

  outbound:
-{% for rule in nebula_default_outbound_rules %}
+{% for rule in nebula_outbound_rules %}
    - port: {{ rule.port }}
      proto: {{ rule.proto }}
      host: {{ rule.host }}
 {% endfor %}

  inbound:
-{% for rule in nebula_default_outbound_rules %}
+{% for rule in nebula_inbound_rules %}
    - port: {{ rule.port }}
      proto: {{ rule.proto }}
      host: {{ rule.host }}