Add all files needed to bring up VM and run agaric.com locally

2018-08-20 10:45:20 -04:00 · 2018-08-20 10:45:20 -04:00 · 4d2bc0ee24
commit 4d2bc0ee24
parent 52c8b60bac
742 changed files with 24037 additions and 0 deletions
--- a/box/provisioning/roles/geerlingguy.firewall/tasks/disable-other-firewalls.yml
+++ b/box/provisioning/roles/geerlingguy.firewall/tasks/disable-other-firewalls.yml
@ -0,0 +1,48 @@
+---
+- name: Check if firewalld package is installed (on RHEL).
+  shell: yum list installed firewalld
+  args:
+    warn: no
+  register: firewalld_installed
+  ignore_errors: true
+  changed_when: false
+  when: ansible_os_family == "RedHat" and firewall_disable_firewalld
+
+- name: Disable the firewalld service (on RHEL, if configured).
+  service:
+    name: firewalld
+    state: stopped
+    enabled: no
+  when: ansible_os_family == "RedHat" and firewall_disable_firewalld and firewalld_installed.rc == 0
+
+- name: Check if ufw package is installed (on Ubuntu).
+  shell: service ufw status
+  args:
+    warn: no
+  register: ufw_installed
+  ignore_errors: true
+  changed_when: false
+  when: ansible_distribution == "Ubuntu" and firewall_disable_ufw
+
+- name: Disable the ufw firewall (on Ubuntu, if configured).
+  service:
+    name: ufw
+    state: stopped
+    enabled: no
+  when: ansible_distribution == "Ubuntu" and firewall_disable_ufw and ufw_installed.rc == 0
+
+- name: Check if ufw package is installed (on Archlinux).
+  command: pacman -Q ufw
+  args:
+    warn: no
+  register: ufw_installed
+  ignore_errors: true
+  changed_when: false
+  when: ansible_distribution == "Archlinux" and firewall_disable_ufw
+
+- name: Disable the ufw firewall (on Archlinux, if configured).
+  service:
+    name: ufw
+    state: stopped
+    enabled: no
+  when: ansible_distribution == "Archlinux" and firewall_disable_ufw and ufw_installed.rc == 0
--- a/box/provisioning/roles/geerlingguy.firewall/tasks/main.yml
+++ b/box/provisioning/roles/geerlingguy.firewall/tasks/main.yml
@ -0,0 +1,44 @@
+---
+- name: Ensure iptables is installed.
+  package: name=iptables state=installed
+
+- name: Flush iptables the first time playbook runs.
+  command: >
+    iptables -F
+    creates=/etc/firewall.bash
+
+- name: Copy firewall script into place.
+  template:
+    src: firewall.bash.j2
+    dest: /etc/firewall.bash
+    owner: root
+    group: root
+    mode: 0744
+  notify: restart firewall
+
+- name: Copy firewall init script into place.
+  template:
+    src: firewall.init.j2
+    dest: /etc/init.d/firewall
+    owner: root
+    group: root
+    mode: 0755
+  when: "ansible_service_mgr != 'systemd'"
+
+- name: Copy firewall systemd unit file into place (for systemd systems).
+  template:
+    src: firewall.unit.j2
+    dest: /etc/systemd/system/firewall.service
+    owner: root
+    group: root
+    mode: 0644
+  when: "ansible_service_mgr == 'systemd'"
+
+- name: Configure the firewall service.
+  service:
+    name: firewall
+    state: "{{ firewall_state }}"
+    enabled: "{{ firewall_enabled_at_boot }}"
+
+- include: disable-other-firewalls.yml
+  when: firewall_disable_firewalld or firewall_disable_ufw