From bc1ef10c3ecc51209e4c6f390e60246282c2fdb1 Mon Sep 17 00:00:00 2001
From: AndrewPaglusch <AndrewPaglusch@users.noreply.github.com>
Date: Fri, 27 Aug 2021 16:15:09 +0000
Subject: [PATCH 1/8] make nebula-check script optional

---
 defaults/main.yml | 1 +
 tasks/node.yml    | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/defaults/main.yml b/defaults/main.yml
index 2e3b366..bde0c7f 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -4,6 +4,7 @@ nebula_network_cidr: 24
 nebula_ca_cert_duration: "87600h0m0s" #10 years
 nebula_client_cert_duration: "43800h0m0s" #5 years
 nebula_clean_install: false
+nebula_install_check_cron: yes
 
 nebula_lighthouse_hostname: lighthouse
 nebula_lighthouse_internal_ip_addr: 192.168.77.1
diff --git a/tasks/node.yml b/tasks/node.yml
index 4e4fcc8..593e474 100644
--- a/tasks/node.yml
+++ b/tasks/node.yml
@@ -69,9 +69,11 @@
     owner: root
     group: root
     mode: '0755'
+  when: nebula_install_check_cron
 
 - name: Ensure nebula-check is scheduled via cron
   cron:
     name: "nebula-check"
     minute: "*/5"
     job: "/opt/nebula/nebula-check.sh"
+  when: nebula_install_check_cron

From 9993ab09e2fe6059a335ff5821e44da23730e115 Mon Sep 17 00:00:00 2001
From: AndrewPaglusch <AndrewPaglusch@users.noreply.github.com>
Date: Fri, 27 Aug 2021 16:43:40 +0000
Subject: [PATCH 2/8] add |bool filter to conditionals

---
 tasks/main.yml | 2 +-
 tasks/node.yml | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/tasks/main.yml b/tasks/main.yml
index d33b338..c508675 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -3,7 +3,7 @@
   block:
     - name: Uninstall Nebula (clean install)
       include: uninstall.yml
-      when: nebula_clean_install
+      when: nebula_clean_install|bool
     
     - name: Install Nebula on all hosts 
       include: nebula.yml
diff --git a/tasks/node.yml b/tasks/node.yml
index 593e474..0e68107 100644
--- a/tasks/node.yml
+++ b/tasks/node.yml
@@ -69,11 +69,11 @@
     owner: root
     group: root
     mode: '0755'
-  when: nebula_install_check_cron
+  when: nebula_install_check_cron|bool
 
 - name: Ensure nebula-check is scheduled via cron
   cron:
     name: "nebula-check"
     minute: "*/5"
     job: "/opt/nebula/nebula-check.sh"
-  when: nebula_install_check_cron
+  when: nebula_install_check_cron|bool

From 2a1d2aba903abe9a49e428f07dc427618abd2da9 Mon Sep 17 00:00:00 2001
From: Andrew Paglusch <AndrewPaglusch@users.noreply.github.com>
Date: Fri, 8 Oct 2021 23:59:26 -0500
Subject: [PATCH 3/8] Update node_config.yml.j2

---
 templates/node_config.yml.j2 | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/templates/node_config.yml.j2 b/templates/node_config.yml.j2
index 2e62e3c..d67e7fa 100644
--- a/templates/node_config.yml.j2
+++ b/templates/node_config.yml.j2
@@ -82,14 +82,14 @@ firewall:
 #
 
   outbound:
-{% for rule in nebula_default_outbound_rules %}
+{% for rule in nebula_outbound_rules %}
     - port: {{ rule.port }}
       proto: {{ rule.proto }}
       host: {{ rule.host }}
 {% endfor %}
 
   inbound:
-{% for rule in nebula_default_outbound_rules %}
+{% for rule in nebula_inbound_rules %}
     - port: {{ rule.port }}
       proto: {{ rule.proto }}
       host: {{ rule.host }}

From e388777088ece82bdc3ccdb232edc49cd38610a8 Mon Sep 17 00:00:00 2001
From: Andrew Paglusch <AndrewPaglusch@users.noreply.github.com>
Date: Fri, 8 Oct 2021 23:59:58 -0500
Subject: [PATCH 4/8] Update main.yml

---
 defaults/main.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index bde0c7f..22f5d09 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -11,8 +11,8 @@ nebula_lighthouse_internal_ip_addr: 192.168.77.1
 nebula_lighthouse_public_hostname: my-nebula-server.com
 nebula_lighthouse_public_port: 4242
 
-nebula_default_inbound_rules:
+nebula_inbound_rules:
   - { port: "any", proto: "any", host: "any" }
-nebula_default_outbound_rules:
+nebula_outbound_rules:
   - { port: "any", proto: "any", host: "any" }
 

From 5700eb6613c0a0bfca46ca1c4b398d05c0f12103 Mon Sep 17 00:00:00 2001
From: Andrew Paglusch <AndrewPaglusch@users.noreply.github.com>
Date: Sat, 9 Oct 2021 00:01:03 -0500
Subject: [PATCH 5/8] Update README.md

---
 README.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 200aeb0..aede68f 100644
--- a/README.md
+++ b/README.md
@@ -25,14 +25,14 @@ You can read more about Nebula [on the official repo](https://github.com/slackhq
     nebula_lighthouse_public_hostname: lighthouse.company.com
     nebula_lighthouse_public_port: 4242
 
-    nebula_default_inbound_rules:
-      - { port: 22, proto: "tcp", host: "any" }
+    nebula_inbound_rules:
       - { port: "any", proto: "icmp", host: "any" }
-    nebula_default_outbound_rules:
       - { port: 22, proto: "tcp", host: "any" }
-      - { port: "any", proto: "icmp", host: "any" }
       - { port: 4505, proto: "tcp", host: "10.43.0.1/32" }
       - { port: 4506, proto: "tcp", host: "10.43.0.1/32" }
+    nebula_outbound_rules:
+      - { port: "any", proto: "any", host: "any" }
+
   roles:
     - role: nebula
 ```

From 1afcc4a0973534edc7dd42984ec11704110504e8 Mon Sep 17 00:00:00 2001
From: Andrew Paglusch <AndrewPaglusch@users.noreply.github.com>
Date: Sat, 9 Oct 2021 00:12:59 -0500
Subject: [PATCH 6/8] Update lighthouse_config.yml.j2

---
 templates/lighthouse_config.yml.j2 | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/templates/lighthouse_config.yml.j2 b/templates/lighthouse_config.yml.j2
index b35a8b1..9b0a1f9 100644
--- a/templates/lighthouse_config.yml.j2
+++ b/templates/lighthouse_config.yml.j2
@@ -82,14 +82,14 @@ firewall:
 #
 
   outbound:
-{% for rule in nebula_default_outbound_rules %}
+{% for rule in nebula_outbound_rules %}
     - port: {{ rule.port }}
       proto: {{ rule.proto }}
       host: {{ rule.host }}
 {% endfor %}
 
   inbound:
-{% for rule in nebula_default_outbound_rules %}
+{% for rule in nebula_inbound_rules %}
     - port: {{ rule.port }}
       proto: {{ rule.proto }}
       host: {{ rule.host }}

From 6799416e2d3f9f91ea743e18cc35f28cd9560734 Mon Sep 17 00:00:00 2001
From: Andrew Paglusch <AndrewPaglusch@users.noreply.github.com>
Date: Sat, 9 Oct 2021 00:53:28 -0500
Subject: [PATCH 7/8] Update README.md

---
 README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index aede68f..e5bfa63 100644
--- a/README.md
+++ b/README.md
@@ -28,8 +28,8 @@ You can read more about Nebula [on the official repo](https://github.com/slackhq
     nebula_inbound_rules:
       - { port: "any", proto: "icmp", host: "any" }
       - { port: 22, proto: "tcp", host: "any" }
-      - { port: 4505, proto: "tcp", host: "10.43.0.1/32" }
-      - { port: 4506, proto: "tcp", host: "10.43.0.1/32" }
+      - { port: 4505, proto: "tcp", cidr: "10.43.0.1/32" }
+      - { port: 4506, proto: "tcp", cidr: "10.43.0.1/32" }
     nebula_outbound_rules:
       - { port: "any", proto: "any", host: "any" }
 

From a3aaa55c91cef944349bc991124076c34fdca6bf Mon Sep 17 00:00:00 2001
From: Andrew Paglusch <AndrewPaglusch@users.noreply.github.com>
Date: Sat, 9 Oct 2021 00:55:13 -0500
Subject: [PATCH 8/8] Update README.md

---
 README.md | 2 --
 1 file changed, 2 deletions(-)

diff --git a/README.md b/README.md
index e5bfa63..5a575b1 100644
--- a/README.md
+++ b/README.md
@@ -28,8 +28,6 @@ You can read more about Nebula [on the official repo](https://github.com/slackhq
     nebula_inbound_rules:
       - { port: "any", proto: "icmp", host: "any" }
       - { port: 22, proto: "tcp", host: "any" }
-      - { port: 4505, proto: "tcp", cidr: "10.43.0.1/32" }
-      - { port: 4506, proto: "tcp", cidr: "10.43.0.1/32" }
     nebula_outbound_rules:
       - { port: "any", proto: "any", host: "any" }