add ability to loop over campus network

pulibrary · Dec 20, 2024 · 1a767d7 · 1a767d7
1 parent db67906
commit 1a767d7
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 0 deletions.
diff --git a/playbooks/utils/ufw_firewall.yml b/playbooks/utils/ufw_firewall.yml
@@ -8,6 +8,8 @@
   become: true
   vars:
     running_on_server: true
+  vars_files:
+    - ../../group_vars/all/vars.yml
 
   pre_tasks:
     - name: stop playbook if you didn't pass --limit

diff --git a/roles/ufw_firewall/vars/main.yml b/roles/ufw_firewall/vars/main.yml
@@ -1,2 +1,8 @@
 ---
 # vars file for roles/ufw_firewall
+ufw_firewall_rules: >
+    {%- set rules = [] -%}
+    {%- for network in ufw_campus_and_vpn -%}
+    {{ rules.append({'protocol': 'tcp', 'source': network, 'port': 22, 'action': 'ACCEPT'}) }}
+    {%- endfor -%}
+    {{ rules }}