From 2fe05d694aeb8f4f1fb6dad0b91aced984dbc846 Mon Sep 17 00:00:00 2001 From: Fabio Bertagna Date: Wed, 28 Aug 2024 12:43:04 +0200 Subject: [PATCH 01/18] Init opnsense_configure role --- roles/opnsense_configure/README.md | 39 ++++++++++++++++++++++ roles/opnsense_configure/defaults/main.yml | 2 ++ roles/opnsense_configure/handlers/main.yml | 2 ++ roles/opnsense_configure/meta/main.yml | 9 +++++ roles/opnsense_configure/tasks/main.yml | 2 ++ roles/opnsense_configure/tests/inventory | 2 ++ roles/opnsense_configure/tests/test.yml | 5 +++ roles/opnsense_configure/vars/main.yml | 2 ++ 8 files changed, 63 insertions(+) create mode 100644 roles/opnsense_configure/README.md create mode 100644 roles/opnsense_configure/defaults/main.yml create mode 100644 roles/opnsense_configure/handlers/main.yml create mode 100644 roles/opnsense_configure/meta/main.yml create mode 100644 roles/opnsense_configure/tasks/main.yml create mode 100644 roles/opnsense_configure/tests/inventory create mode 100644 roles/opnsense_configure/tests/test.yml create mode 100644 roles/opnsense_configure/vars/main.yml diff --git a/roles/opnsense_configure/README.md b/roles/opnsense_configure/README.md new file mode 100644 index 00000000..f62600d8 --- /dev/null +++ b/roles/opnsense_configure/README.md @@ -0,0 +1,39 @@ +opnsense_configure - OPNsense configuration role +========= + +This role provides a generic apporach to configure OPNsense instances by populating host variables +according to this roles defaults specification. + +Requirements +------------ + +Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. + +Role Variables +-------------- + +A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. + +Dependencies +------------ + +A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. + +Example Playbook +---------------- + +Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: + + - hosts: servers + roles: + - { role: username.rolename, x: 42 } + +License +------- + +BSD + +Author Information +------------------ + +An optional section for the role authors to include contact information, or a website (HTML is not allowed). diff --git a/roles/opnsense_configure/defaults/main.yml b/roles/opnsense_configure/defaults/main.yml new file mode 100644 index 00000000..995d2f49 --- /dev/null +++ b/roles/opnsense_configure/defaults/main.yml @@ -0,0 +1,2 @@ +--- +# defaults file for opnsense_configure \ No newline at end of file diff --git a/roles/opnsense_configure/handlers/main.yml b/roles/opnsense_configure/handlers/main.yml new file mode 100644 index 00000000..bf6c3a97 --- /dev/null +++ b/roles/opnsense_configure/handlers/main.yml @@ -0,0 +1,2 @@ +--- +# handlers file for opnsense_configure diff --git a/roles/opnsense_configure/meta/main.yml b/roles/opnsense_configure/meta/main.yml new file mode 100644 index 00000000..07f49dc9 --- /dev/null +++ b/roles/opnsense_configure/meta/main.yml @@ -0,0 +1,9 @@ +galaxy_info: + author: Fabio Bertagna + company: Puzzle ITC + license: GPL-3.0-only + min_ansible_version: 2.1 + galaxy_tags: + - opnsense + +dependencies: [] diff --git a/roles/opnsense_configure/tasks/main.yml b/roles/opnsense_configure/tasks/main.yml new file mode 100644 index 00000000..78f1640d --- /dev/null +++ b/roles/opnsense_configure/tasks/main.yml @@ -0,0 +1,2 @@ +--- +# tasks file for opnsense_configure diff --git a/roles/opnsense_configure/tests/inventory b/roles/opnsense_configure/tests/inventory new file mode 100644 index 00000000..878877b0 --- /dev/null +++ b/roles/opnsense_configure/tests/inventory @@ -0,0 +1,2 @@ +localhost + diff --git a/roles/opnsense_configure/tests/test.yml b/roles/opnsense_configure/tests/test.yml new file mode 100644 index 00000000..a11484be --- /dev/null +++ b/roles/opnsense_configure/tests/test.yml @@ -0,0 +1,5 @@ +--- +- hosts: localhost + remote_user: root + roles: + - opnsense_configure diff --git a/roles/opnsense_configure/vars/main.yml b/roles/opnsense_configure/vars/main.yml new file mode 100644 index 00000000..bbf979e0 --- /dev/null +++ b/roles/opnsense_configure/vars/main.yml @@ -0,0 +1,2 @@ +--- +# vars file for opnsense_configure From b14e2e2c7737afd8c0da8cfc892c7dc4e324f2bc Mon Sep 17 00:00:00 2001 From: Fabio Bertagna Date: Wed, 28 Aug 2024 13:01:24 +0200 Subject: [PATCH 02/18] Init system settings tasks in opnsense_config --- molecule/opnsense_config/converge.yml | 12 +++ molecule/opnsense_config/molecule.yml | 77 +++++++++++++++++++ molecule/opnsense_config/verify.yml | 6 ++ roles/opnsense_configure/defaults/main.yml | 14 +++- roles/opnsense_configure/tasks/main.yml | 7 ++ .../tasks/system_settings.yml | 10 +++ 6 files changed, 125 insertions(+), 1 deletion(-) create mode 100644 molecule/opnsense_config/converge.yml create mode 100644 molecule/opnsense_config/molecule.yml create mode 100644 molecule/opnsense_config/verify.yml create mode 100644 roles/opnsense_configure/tasks/system_settings.yml diff --git a/molecule/opnsense_config/converge.yml b/molecule/opnsense_config/converge.yml new file mode 100644 index 00000000..47994e75 --- /dev/null +++ b/molecule/opnsense_config/converge.yml @@ -0,0 +1,12 @@ +--- +- name: converge + hosts: all + become: true + vars: + system_settings: + general: + hostname: "firewall01" + domain: "test.local" + timezone: "Europe/Zurich" + roles: + - role: puzzle.opnsense.opnsense_configure diff --git a/molecule/opnsense_config/molecule.yml b/molecule/opnsense_config/molecule.yml new file mode 100644 index 00000000..e8e1672a --- /dev/null +++ b/molecule/opnsense_config/molecule.yml @@ -0,0 +1,77 @@ +--- +scenario: + name: opnsense_config + test_sequence: + # - dependency not relevant unless we have requirements + - destroy + - syntax + - create + - converge + - idempotence + - verify + - destroy + +driver: + name: vagrant + parallel: true + +platforms: + - name: "22.7" + hostname: false + box: puzzle/opnsense + box_version: "22.7" + memory: 1024 + cpus: 2 + instance_raw_config_args: + - 'vm.guest = :freebsd' + - 'ssh.sudo_command = "%c"' + - 'ssh.shell = "/bin/sh"' + - name: "23.1" + box: puzzle/opnsense + hostname: false + box_version: "23.1" + memory: 1024 + cpus: 2 + instance_raw_config_args: + - 'vm.guest = :freebsd' + - 'ssh.sudo_command = "%c"' + - 'ssh.shell = "/bin/sh"' + - name: "23.7" + box: puzzle/opnsense + hostname: false + box_version: "23.7" + memory: 1024 + cpus: 2 + instance_raw_config_args: + - 'vm.guest = :freebsd' + - 'ssh.sudo_command = "%c"' + - 'ssh.shell = "/bin/sh"' + - name: "24.1" + box: puzzle/opnsense + hostname: false + box_version: "24.1" + memory: 1024 + cpus: 2 + instance_raw_config_args: + - 'vm.guest = :freebsd' + - 'ssh.sudo_command = "%c"' + - 'ssh.shell = "/bin/sh"' + - name: "24.7" + box: puzzle/opnsense + hostname: false + box_version: "24.7" + memory: 1024 + cpus: 2 + instance_raw_config_args: + - 'vm.guest = :freebsd' + - 'ssh.sudo_command = "%c"' + - 'ssh.shell = "/bin/sh"' + +provisioner: + name: ansible + env: + ANSIBLE_VERBOSITY: 3 +verifier: + name: ansible + options: + become: true diff --git a/molecule/opnsense_config/verify.yml b/molecule/opnsense_config/verify.yml new file mode 100644 index 00000000..b447dcf4 --- /dev/null +++ b/molecule/opnsense_config/verify.yml @@ -0,0 +1,6 @@ +--- +- name: Verify connectivity to server + hosts: all + tasks: + - name: Ping the server + ansible.builtin.ping: diff --git a/roles/opnsense_configure/defaults/main.yml b/roles/opnsense_configure/defaults/main.yml index 995d2f49..09f0d77d 100644 --- a/roles/opnsense_configure/defaults/main.yml +++ b/roles/opnsense_configure/defaults/main.yml @@ -1,2 +1,14 @@ --- -# defaults file for opnsense_configure \ No newline at end of file +# defaults file for opnsense_configure + +# +# System settings variables should be provided in this structure +# +# system_settings: +# general: +# hostname: +# domain: +# timezone: + +system_settings: + general: {} \ No newline at end of file diff --git a/roles/opnsense_configure/tasks/main.yml b/roles/opnsense_configure/tasks/main.yml index 78f1640d..b359801a 100644 --- a/roles/opnsense_configure/tasks/main.yml +++ b/roles/opnsense_configure/tasks/main.yml @@ -1,2 +1,9 @@ --- # tasks file for opnsense_configure + +- name: Configure System Settings + include_tasks: + file: system_settings.yml + apply: + tags: + - system_settings \ No newline at end of file diff --git a/roles/opnsense_configure/tasks/system_settings.yml b/roles/opnsense_configure/tasks/system_settings.yml new file mode 100644 index 00000000..d9854b9d --- /dev/null +++ b/roles/opnsense_configure/tasks/system_settings.yml @@ -0,0 +1,10 @@ +--- +- name: Configure general system settings + puzzle.opnsense.system_settings_general: + hostname: "{{ system_settings.general.hostname | default(omit) }}" + domain: "{{ system_settings.general.domain | default(omit) }}" + timezone: "{{ system_settings.general.timezone | default(omit) }}" + when: > + system_settings.general.hostname is defined or + system_settings.general.domain is defined or + system_settings.general.timezone is defined \ No newline at end of file From 592a52e3da304c87cbabf1795a465426b697079e Mon Sep 17 00:00:00 2001 From: Fabio Bertagna Date: Wed, 28 Aug 2024 16:52:23 +0200 Subject: [PATCH 03/18] Add system setting logging to opnsense_config role --- molecule/opnsense_config/converge.yml | 3 +++ roles/opnsense_configure/defaults/main.yml | 6 +++++- roles/opnsense_configure/tasks/system_settings.yml | 10 +++++++++- 3 files changed, 17 insertions(+), 2 deletions(-) diff --git a/molecule/opnsense_config/converge.yml b/molecule/opnsense_config/converge.yml index 47994e75..9e6e6f16 100644 --- a/molecule/opnsense_config/converge.yml +++ b/molecule/opnsense_config/converge.yml @@ -8,5 +8,8 @@ hostname: "firewall01" domain: "test.local" timezone: "Europe/Zurich" + logging: + max_log_file_size_mb: 8 + preserve_logs: 10 roles: - role: puzzle.opnsense.opnsense_configure diff --git a/roles/opnsense_configure/defaults/main.yml b/roles/opnsense_configure/defaults/main.yml index 09f0d77d..08956b87 100644 --- a/roles/opnsense_configure/defaults/main.yml +++ b/roles/opnsense_configure/defaults/main.yml @@ -9,6 +9,10 @@ # hostname: # domain: # timezone: +# logging: +# max_log_file_size_mb: +# preserve_logs: system_settings: - general: {} \ No newline at end of file + general: {} + logging: {} diff --git a/roles/opnsense_configure/tasks/system_settings.yml b/roles/opnsense_configure/tasks/system_settings.yml index d9854b9d..f21a9d64 100644 --- a/roles/opnsense_configure/tasks/system_settings.yml +++ b/roles/opnsense_configure/tasks/system_settings.yml @@ -7,4 +7,12 @@ when: > system_settings.general.hostname is defined or system_settings.general.domain is defined or - system_settings.general.timezone is defined \ No newline at end of file + system_settings.general.timezone is defined + +- name: Configure logging system settings + puzzle.opnsense.system_settings_logging: + max_log_file_size_mb: "{{ system_settings.logging.max_log_file_size_mb | default(omit) }}" + preserve_logs: "{{ system_settings.logging.preserve_logs | default(omit) }}" + when: > + system_settings.logging.max_log_file_size_mb is defined or + system_settings.logging.preserve_logs is defined \ No newline at end of file From e6dd142e6c380a979505702c8ad00aa7c855c861 Mon Sep 17 00:00:00 2001 From: Fabio Bertagna Date: Wed, 4 Sep 2024 16:21:36 +0200 Subject: [PATCH 04/18] Add firewall_aliases to role --- molecule/opnsense_config/converge.yml | 12 ++++++++++++ roles/opnsense_configure/defaults/main.yml | 8 ++++++++ roles/opnsense_configure/tasks/firewall.yml | 20 ++++++++++++++++++++ roles/opnsense_configure/tasks/main.yml | 9 ++++++++- 4 files changed, 48 insertions(+), 1 deletion(-) create mode 100644 roles/opnsense_configure/tasks/firewall.yml diff --git a/molecule/opnsense_config/converge.yml b/molecule/opnsense_config/converge.yml index 9e6e6f16..ba3e1834 100644 --- a/molecule/opnsense_config/converge.yml +++ b/molecule/opnsense_config/converge.yml @@ -11,5 +11,17 @@ logging: max_log_file_size_mb: 8 preserve_logs: 10 + firewall: + aliases: + - name: TestAliasTypeHost + type: host + statistics: false + description: Test Alias with type Host + content: 10.0.0.1 + - name: TestAliasTypeNetwork + type: network + statistics: false + description: Test Alias with type Network + content: 10.0.0.0/24 roles: - role: puzzle.opnsense.opnsense_configure diff --git a/roles/opnsense_configure/defaults/main.yml b/roles/opnsense_configure/defaults/main.yml index 08956b87..fa55602b 100644 --- a/roles/opnsense_configure/defaults/main.yml +++ b/roles/opnsense_configure/defaults/main.yml @@ -16,3 +16,11 @@ system_settings: general: {} logging: {} +# +# Firewall related variables should be provided in this structure +# +# firewall: +# aliases: + +firewall: + aliases: [] \ No newline at end of file diff --git a/roles/opnsense_configure/tasks/firewall.yml b/roles/opnsense_configure/tasks/firewall.yml new file mode 100644 index 00000000..161767a1 --- /dev/null +++ b/roles/opnsense_configure/tasks/firewall.yml @@ -0,0 +1,20 @@ +--- +- name: Configure firewall aliases + puzzle.opnsense.firewall_alias: + name: "{{ alias.name }}" + type: "{{ alias.type }}" + enabled: "{{ alias.enabled | default(omit) }}" + content: "{{ alias.content | default(omit) }}" + description: "{{ alias.description | default(omit) }}" + interface: "{{ alias.interface | default(omit) }}" + protocol: "{{ alias.protocol | default(omit) }}" + refreshfrequency: + days: "{{ alias.refreshfrequency.days | default(omit) }}" + hours: "{{ alias.refreshfrequency.hours | default(omit) }}" + state: "{{ alias.state | default(omit) }}" + statistics: "{{ alias.statistics | default(omit) }}" + loop: "{{ firewall.aliases }}" + loop_control: + loop_var: alias + tags: + - aliases \ No newline at end of file diff --git a/roles/opnsense_configure/tasks/main.yml b/roles/opnsense_configure/tasks/main.yml index b359801a..683e9438 100644 --- a/roles/opnsense_configure/tasks/main.yml +++ b/roles/opnsense_configure/tasks/main.yml @@ -6,4 +6,11 @@ file: system_settings.yml apply: tags: - - system_settings \ No newline at end of file + - system_settings + +- name: Configure Firewall + include_tasks: + file: firewall.yml + apply: + tags: + - firewall \ No newline at end of file From 0355e8669caff775545c769392ce123022fd7b95 Mon Sep 17 00:00:00 2001 From: Fabio Bertagna Date: Wed, 4 Sep 2024 16:31:01 +0200 Subject: [PATCH 05/18] Add firewall rules to config role --- molecule/opnsense_config/converge.yml | 6 ++++++ roles/opnsense_configure/tasks/firewall.yml | 23 ++++++++++++++++++++- 2 files changed, 28 insertions(+), 1 deletion(-) diff --git a/molecule/opnsense_config/converge.yml b/molecule/opnsense_config/converge.yml index ba3e1834..abd6a28c 100644 --- a/molecule/opnsense_config/converge.yml +++ b/molecule/opnsense_config/converge.yml @@ -23,5 +23,11 @@ statistics: false description: Test Alias with type Network content: 10.0.0.0/24 + rules: + - interface: lan + description: Block SSH on LAN + destination: + port: 22 + action: block roles: - role: puzzle.opnsense.opnsense_configure diff --git a/roles/opnsense_configure/tasks/firewall.yml b/roles/opnsense_configure/tasks/firewall.yml index 161767a1..5b9dd198 100644 --- a/roles/opnsense_configure/tasks/firewall.yml +++ b/roles/opnsense_configure/tasks/firewall.yml @@ -17,4 +17,25 @@ loop_control: loop_var: alias tags: - - aliases \ No newline at end of file + - aliases + +- name: Configure firewall rules + puzzle.opnsense.firewall_rules: + interface: "{{ rule.interface }}" + action: "{{ rule.action | default(omit) }}" + description: "{{ rule.description | default(omit) }}" + category: "{{ rule.category | default(omit) }}" + direction: "{{ rule.direction | default(omit) }}" + disabled: "{{ rule.disabled | default(omit) }}" + quick: "{{ rule.quick | default(omit) }}" + ipprotocol: "{{ rule.ipprotocol | default(omit) }}" + protocol: "{{ rule.protocol | default(omit) }}" + source: "{{ rule.source | default(omit) }}" + destination: "{{ rule.destination | default(omit) }}" + log: "{{ rule.log | default(omit) }}" + state: "{{ rule.state | default(omit) }}" + loop: "{{ firewall.rules }}" + loop_control: + loop_var: rule + tags: + - rules \ No newline at end of file From 6b87667f12fd14564b38c491838976d9afd34ffa Mon Sep 17 00:00:00 2001 From: Fabio Bertagna Date: Wed, 4 Sep 2024 16:35:12 +0200 Subject: [PATCH 06/18] Simplify role --- roles/opnsense_configure/tasks/firewall.yml | 41 ------------ roles/opnsense_configure/tasks/main.yml | 65 +++++++++++++++---- .../tasks/system_settings.yml | 18 ----- 3 files changed, 53 insertions(+), 71 deletions(-) delete mode 100644 roles/opnsense_configure/tasks/firewall.yml delete mode 100644 roles/opnsense_configure/tasks/system_settings.yml diff --git a/roles/opnsense_configure/tasks/firewall.yml b/roles/opnsense_configure/tasks/firewall.yml deleted file mode 100644 index 5b9dd198..00000000 --- a/roles/opnsense_configure/tasks/firewall.yml +++ /dev/null @@ -1,41 +0,0 @@ ---- -- name: Configure firewall aliases - puzzle.opnsense.firewall_alias: - name: "{{ alias.name }}" - type: "{{ alias.type }}" - enabled: "{{ alias.enabled | default(omit) }}" - content: "{{ alias.content | default(omit) }}" - description: "{{ alias.description | default(omit) }}" - interface: "{{ alias.interface | default(omit) }}" - protocol: "{{ alias.protocol | default(omit) }}" - refreshfrequency: - days: "{{ alias.refreshfrequency.days | default(omit) }}" - hours: "{{ alias.refreshfrequency.hours | default(omit) }}" - state: "{{ alias.state | default(omit) }}" - statistics: "{{ alias.statistics | default(omit) }}" - loop: "{{ firewall.aliases }}" - loop_control: - loop_var: alias - tags: - - aliases - -- name: Configure firewall rules - puzzle.opnsense.firewall_rules: - interface: "{{ rule.interface }}" - action: "{{ rule.action | default(omit) }}" - description: "{{ rule.description | default(omit) }}" - category: "{{ rule.category | default(omit) }}" - direction: "{{ rule.direction | default(omit) }}" - disabled: "{{ rule.disabled | default(omit) }}" - quick: "{{ rule.quick | default(omit) }}" - ipprotocol: "{{ rule.ipprotocol | default(omit) }}" - protocol: "{{ rule.protocol | default(omit) }}" - source: "{{ rule.source | default(omit) }}" - destination: "{{ rule.destination | default(omit) }}" - log: "{{ rule.log | default(omit) }}" - state: "{{ rule.state | default(omit) }}" - loop: "{{ firewall.rules }}" - loop_control: - loop_var: rule - tags: - - rules \ No newline at end of file diff --git a/roles/opnsense_configure/tasks/main.yml b/roles/opnsense_configure/tasks/main.yml index 683e9438..068712d8 100644 --- a/roles/opnsense_configure/tasks/main.yml +++ b/roles/opnsense_configure/tasks/main.yml @@ -1,16 +1,57 @@ --- # tasks file for opnsense_configure -- name: Configure System Settings - include_tasks: - file: system_settings.yml - apply: - tags: - - system_settings +- name: Configure general system settings + puzzle.opnsense.system_settings_general: + hostname: "{{ system_settings.general.hostname | default(omit) }}" + domain: "{{ system_settings.general.domain | default(omit) }}" + timezone: "{{ system_settings.general.timezone | default(omit) }}" + when: > + system_settings.general.hostname is defined or + system_settings.general.domain is defined or + system_settings.general.timezone is defined -- name: Configure Firewall - include_tasks: - file: firewall.yml - apply: - tags: - - firewall \ No newline at end of file +- name: Configure logging system settings + puzzle.opnsense.system_settings_logging: + max_log_file_size_mb: "{{ system_settings.logging.max_log_file_size_mb | default(omit) }}" + preserve_logs: "{{ system_settings.logging.preserve_logs | default(omit) }}" + when: > + system_settings.logging.max_log_file_size_mb is defined or + system_settings.logging.preserve_logs is defined + +- name: Configure firewall aliases + puzzle.opnsense.firewall_alias: + name: "{{ alias.name }}" + type: "{{ alias.type }}" + enabled: "{{ alias.enabled | default(omit) }}" + content: "{{ alias.content | default(omit) }}" + description: "{{ alias.description | default(omit) }}" + interface: "{{ alias.interface | default(omit) }}" + protocol: "{{ alias.protocol | default(omit) }}" + refreshfrequency: + days: "{{ alias.refreshfrequency.days | default(omit) }}" + hours: "{{ alias.refreshfrequency.hours | default(omit) }}" + state: "{{ alias.state | default(omit) }}" + statistics: "{{ alias.statistics | default(omit) }}" + loop: "{{ firewall.aliases }}" + loop_control: + loop_var: alias + +- name: Configure firewall rules + puzzle.opnsense.firewall_rules: + interface: "{{ rule.interface }}" + action: "{{ rule.action | default(omit) }}" + description: "{{ rule.description | default(omit) }}" + category: "{{ rule.category | default(omit) }}" + direction: "{{ rule.direction | default(omit) }}" + disabled: "{{ rule.disabled | default(omit) }}" + quick: "{{ rule.quick | default(omit) }}" + ipprotocol: "{{ rule.ipprotocol | default(omit) }}" + protocol: "{{ rule.protocol | default(omit) }}" + source: "{{ rule.source | default(omit) }}" + destination: "{{ rule.destination | default(omit) }}" + log: "{{ rule.log | default(omit) }}" + state: "{{ rule.state | default(omit) }}" + loop: "{{ firewall.rules }}" + loop_control: + loop_var: rule \ No newline at end of file diff --git a/roles/opnsense_configure/tasks/system_settings.yml b/roles/opnsense_configure/tasks/system_settings.yml deleted file mode 100644 index f21a9d64..00000000 --- a/roles/opnsense_configure/tasks/system_settings.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -- name: Configure general system settings - puzzle.opnsense.system_settings_general: - hostname: "{{ system_settings.general.hostname | default(omit) }}" - domain: "{{ system_settings.general.domain | default(omit) }}" - timezone: "{{ system_settings.general.timezone | default(omit) }}" - when: > - system_settings.general.hostname is defined or - system_settings.general.domain is defined or - system_settings.general.timezone is defined - -- name: Configure logging system settings - puzzle.opnsense.system_settings_logging: - max_log_file_size_mb: "{{ system_settings.logging.max_log_file_size_mb | default(omit) }}" - preserve_logs: "{{ system_settings.logging.preserve_logs | default(omit) }}" - when: > - system_settings.logging.max_log_file_size_mb is defined or - system_settings.logging.preserve_logs is defined \ No newline at end of file From c473390683dfd58e7d20b0cb3fd07fb1530c995c Mon Sep 17 00:00:00 2001 From: Fabio Bertagna Date: Wed, 4 Sep 2024 16:39:04 +0200 Subject: [PATCH 07/18] Add firewall rules var to default vars of role --- roles/opnsense_configure/defaults/main.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/roles/opnsense_configure/defaults/main.yml b/roles/opnsense_configure/defaults/main.yml index fa55602b..30a0ec38 100644 --- a/roles/opnsense_configure/defaults/main.yml +++ b/roles/opnsense_configure/defaults/main.yml @@ -21,6 +21,8 @@ system_settings: # # firewall: # aliases: +# rules: firewall: - aliases: [] \ No newline at end of file + aliases: [] + rules: [] \ No newline at end of file From 70ef101b4233bc2d7409d10d32a65e651877c138 Mon Sep 17 00:00:00 2001 From: Fabio Bertagna Date: Wed, 4 Sep 2024 16:43:37 +0200 Subject: [PATCH 08/18] Add user config to configure role --- molecule/opnsense_config/converge.yml | 4 ++++ roles/opnsense_configure/defaults/main.yml | 9 +++++++++ roles/opnsense_configure/tasks/main.yml | 23 ++++++++++++++++++++++ 3 files changed, 36 insertions(+) diff --git a/molecule/opnsense_config/converge.yml b/molecule/opnsense_config/converge.yml index abd6a28c..755aa909 100644 --- a/molecule/opnsense_config/converge.yml +++ b/molecule/opnsense_config/converge.yml @@ -11,6 +11,10 @@ logging: max_log_file_size_mb: 8 preserve_logs: 10 + system_access: + users: + - username: simple_user + password: pass1234 firewall: aliases: - name: TestAliasTypeHost diff --git a/roles/opnsense_configure/defaults/main.yml b/roles/opnsense_configure/defaults/main.yml index 30a0ec38..d1fd2a3d 100644 --- a/roles/opnsense_configure/defaults/main.yml +++ b/roles/opnsense_configure/defaults/main.yml @@ -17,6 +17,15 @@ system_settings: general: {} logging: {} # +# System access configuration should be provided in this structure +# +# system_access: +# users: [] # see system_access_users task args for user entry structure + +system_access: + users: [] + +# # Firewall related variables should be provided in this structure # # firewall: diff --git a/roles/opnsense_configure/tasks/main.yml b/roles/opnsense_configure/tasks/main.yml index 068712d8..553e5579 100644 --- a/roles/opnsense_configure/tasks/main.yml +++ b/roles/opnsense_configure/tasks/main.yml @@ -19,6 +19,29 @@ system_settings.logging.max_log_file_size_mb is defined or system_settings.logging.preserve_logs is defined +- name: Configure users + puzzle.opnsense.system_access_users: + username: "{{ user.username }}" + password: "{{ user.password }}" + disabled: "{{ user.disabled | default(omit) }}" + full_name: "{{ user.full_name | default(omit) }}" + email: "{{ user.email | default(omit) }}" + comment: "{{ user.comment | default(omit) }}" + landing_page: "{{ user.landing_page | default(omit) }}" + shell: "{{ user.shell | default(omit) }}" + expires: "{{ user.expires | default(omit) }}" + otp_seed: "{{ user.otp_seed | default(omit) }}" + authorizedkeys: "{{ user.authorizedkeys | default(omit) }}" + groups: "{{ user.groups | default(omit) }}" + apikeys: "{{ user.apikeys | default(omit) }}" + scope: "{{ user.scope | default(omit) }}" + uid: "{{ user.uid | default(omit) }}" + state: "{{ user.state | default(omit) }}" + loop: "{{ system_access.users }}" + loop_control: + loop_var: user + label: "{{ user.username }}" + - name: Configure firewall aliases puzzle.opnsense.firewall_alias: name: "{{ alias.name }}" From d974d1598309f978eb2bf1b1d4d958ab34c637cb Mon Sep 17 00:00:00 2001 From: Fabio Bertagna Date: Wed, 4 Sep 2024 16:57:34 +0200 Subject: [PATCH 09/18] Add interfaces assignments to role --- molecule/opnsense_config/converge.yml | 14 ++++++++++++++ roles/opnsense_configure/defaults/main.yml | 8 +++++++- roles/opnsense_configure/tasks/main.yml | 9 +++++++++ 3 files changed, 30 insertions(+), 1 deletion(-) diff --git a/molecule/opnsense_config/converge.yml b/molecule/opnsense_config/converge.yml index 755aa909..e98f231d 100644 --- a/molecule/opnsense_config/converge.yml +++ b/molecule/opnsense_config/converge.yml @@ -15,6 +15,20 @@ users: - username: simple_user password: pass1234 + interfaces: + assignments: + - device: em0 + identifier: opt2 + description: VAGRANT + - device: em1 + identifier: lan + description: LAN + - device: em2 + identifier: wan + description: WAN + - device: em3 + identifier: opt1 + description: DMZ firewall: aliases: - name: TestAliasTypeHost diff --git a/roles/opnsense_configure/defaults/main.yml b/roles/opnsense_configure/defaults/main.yml index d1fd2a3d..b10cded9 100644 --- a/roles/opnsense_configure/defaults/main.yml +++ b/roles/opnsense_configure/defaults/main.yml @@ -25,6 +25,12 @@ system_settings: system_access: users: [] +# Interface related variables: +# +# interfaces: +# assignments: [] +interfaces: + assignments: [ ] # # Firewall related variables should be provided in this structure # @@ -34,4 +40,4 @@ system_access: firewall: aliases: [] - rules: [] \ No newline at end of file + rules: [] diff --git a/roles/opnsense_configure/tasks/main.yml b/roles/opnsense_configure/tasks/main.yml index 553e5579..6ded6c7b 100644 --- a/roles/opnsense_configure/tasks/main.yml +++ b/roles/opnsense_configure/tasks/main.yml @@ -42,6 +42,15 @@ loop_var: user label: "{{ user.username }}" +- name: Configure interface assignments + puzzle.opnsense.interfaces_assignments: + identifier: "{{ interface.identifier }}" + device: "{{ interface.device }}" + description: "{{ interface.description | default(omit) }}" + loop: "{{ interfaces.assignments }}" + loop_control: + loop_var: interface + - name: Configure firewall aliases puzzle.opnsense.firewall_alias: name: "{{ alias.name }}" From 44bbcc2d65ef130b596c0f5d643af7e5fa91feac Mon Sep 17 00:00:00 2001 From: Fabio Bertagna Date: Wed, 4 Sep 2024 17:00:10 +0200 Subject: [PATCH 10/18] Refactor role variable structure --- molecule/opnsense_config/converge.yml | 25 +++++++-------- roles/opnsense_configure/defaults/main.yml | 36 +++++++++++----------- roles/opnsense_configure/tasks/main.yml | 22 ++++++------- 3 files changed, 42 insertions(+), 41 deletions(-) diff --git a/molecule/opnsense_config/converge.yml b/molecule/opnsense_config/converge.yml index e98f231d..2f2dcbad 100644 --- a/molecule/opnsense_config/converge.yml +++ b/molecule/opnsense_config/converge.yml @@ -3,18 +3,19 @@ hosts: all become: true vars: - system_settings: - general: - hostname: "firewall01" - domain: "test.local" - timezone: "Europe/Zurich" - logging: - max_log_file_size_mb: 8 - preserve_logs: 10 - system_access: - users: - - username: simple_user - password: pass1234 + system: + access: + users: + - username: simple_user + password: pass1234 + settings: + general: + hostname: "firewall01" + domain: "test.local" + timezone: "Europe/Zurich" + logging: + max_log_file_size_mb: 8 + preserve_logs: 10 interfaces: assignments: - device: em0 diff --git a/roles/opnsense_configure/defaults/main.yml b/roles/opnsense_configure/defaults/main.yml index b10cded9..4bc600e8 100644 --- a/roles/opnsense_configure/defaults/main.yml +++ b/roles/opnsense_configure/defaults/main.yml @@ -2,28 +2,27 @@ # defaults file for opnsense_configure # -# System settings variables should be provided in this structure +# System variables should be provided in this structure # -# system_settings: -# general: -# hostname: -# domain: -# timezone: -# logging: -# max_log_file_size_mb: -# preserve_logs: +# system: +# access: +# users: [] # see system_access_users task args for user entry structure +# settings: +# general: +# hostname: +# domain: +# timezone: +# logging: +# max_log_file_size_mb: +# preserve_logs: system_settings: - general: {} - logging: {} -# -# System access configuration should be provided in this structure -# -# system_access: -# users: [] # see system_access_users task args for user entry structure + access: + users: [] + settings: + general: {} + logging: {} -system_access: - users: [] # Interface related variables: # @@ -31,6 +30,7 @@ system_access: # assignments: [] interfaces: assignments: [ ] + # # Firewall related variables should be provided in this structure # diff --git a/roles/opnsense_configure/tasks/main.yml b/roles/opnsense_configure/tasks/main.yml index 6ded6c7b..4697242a 100644 --- a/roles/opnsense_configure/tasks/main.yml +++ b/roles/opnsense_configure/tasks/main.yml @@ -3,21 +3,21 @@ - name: Configure general system settings puzzle.opnsense.system_settings_general: - hostname: "{{ system_settings.general.hostname | default(omit) }}" - domain: "{{ system_settings.general.domain | default(omit) }}" - timezone: "{{ system_settings.general.timezone | default(omit) }}" + hostname: "{{ system.settings.general.hostname | default(omit) }}" + domain: "{{ system.settings.general.domain | default(omit) }}" + timezone: "{{ system.settings.general.timezone | default(omit) }}" when: > - system_settings.general.hostname is defined or - system_settings.general.domain is defined or - system_settings.general.timezone is defined + system.settings.general.hostname is defined or + system.settings.general.domain is defined or + system.settings.general.timezone is defined - name: Configure logging system settings puzzle.opnsense.system_settings_logging: - max_log_file_size_mb: "{{ system_settings.logging.max_log_file_size_mb | default(omit) }}" - preserve_logs: "{{ system_settings.logging.preserve_logs | default(omit) }}" + max_log_file_size_mb: "{{ system.settings.logging.max_log_file_size_mb | default(omit) }}" + preserve_logs: "{{ system.settings.logging.preserve_logs | default(omit) }}" when: > - system_settings.logging.max_log_file_size_mb is defined or - system_settings.logging.preserve_logs is defined + system.settings.logging.max_log_file_size_mb is defined or + system.settings.logging.preserve_logs is defined - name: Configure users puzzle.opnsense.system_access_users: @@ -37,7 +37,7 @@ scope: "{{ user.scope | default(omit) }}" uid: "{{ user.uid | default(omit) }}" state: "{{ user.state | default(omit) }}" - loop: "{{ system_access.users }}" + loop: "{{ system.access.users }}" loop_control: loop_var: user label: "{{ user.username }}" From 9e49298637870f8bd8aa19b1f8f8d60554efa45c Mon Sep 17 00:00:00 2001 From: Fabio Bertagna Date: Wed, 4 Sep 2024 17:06:00 +0200 Subject: [PATCH 11/18] Add system HA to config role --- molecule/opnsense_config/converge.yml | 13 +++++++++++++ roles/opnsense_configure/defaults/main.yml | 11 +++++++++++ roles/opnsense_configure/tasks/main.yml | 14 ++++++++++++++ 3 files changed, 38 insertions(+) diff --git a/molecule/opnsense_config/converge.yml b/molecule/opnsense_config/converge.yml index 2f2dcbad..0fae840c 100644 --- a/molecule/opnsense_config/converge.yml +++ b/molecule/opnsense_config/converge.yml @@ -8,6 +8,19 @@ users: - username: simple_user password: pass1234 + high_availability: + synchronize_interface: LAN + synchronize_config_to_ip: 224.0.0.240 + synchronize_peer_ip: 224.0.0.241 + disable_preempt: true + disconnect_dialup_interfaces: true + synchronize_states: true + remote_system_username: opnsense + remote_system_password: v3rys3cure + services_to_synchronize: + - aliases + - rules + - ipsec settings: general: hostname: "firewall01" diff --git a/roles/opnsense_configure/defaults/main.yml b/roles/opnsense_configure/defaults/main.yml index 4bc600e8..25b42201 100644 --- a/roles/opnsense_configure/defaults/main.yml +++ b/roles/opnsense_configure/defaults/main.yml @@ -7,6 +7,17 @@ # system: # access: # users: [] # see system_access_users task args for user entry structure +# high_availability: +# disable_preempt: +# disconnect_dialup_interfaces: +# synchronize_states: +# synchronize_interface: +# sync_compatibility: +# synchronize_peer_ip: +# synchronize_config_to_ip: +# remote_system_username: +# remote_system_password: +# services_to_synchronize: # settings: # general: # hostname: diff --git a/roles/opnsense_configure/tasks/main.yml b/roles/opnsense_configure/tasks/main.yml index 4697242a..9b798553 100644 --- a/roles/opnsense_configure/tasks/main.yml +++ b/roles/opnsense_configure/tasks/main.yml @@ -42,6 +42,20 @@ loop_var: user label: "{{ user.username }}" +- name: Configure system HA settings + puzzle.opnsense.system_high_availability_settings: + disable_preempt: "{{ system.high_availability.disable_preempt | default(omit) }}" + disconnect_dialup_interfaces: "{{ system.high_availability.disconnect_dialup_interfaces | default(omit) }}" + synchronize_states: "{{ system.high_availability.synchronize_states | default(omit) }}" + synchronize_interface: "{{ system.high_availability.synchronize_interface }}" + sync_compatibility: "{{ system.high_availability.sync_compatibility | default(omit) }}" + synchronize_peer_ip: "{{ system.high_availability.synchronize_peer_ip | default(omit) }}" + synchronize_config_to_ip: "{{ system.high_availability.synchronize_config_to_ip | default(omit) }}" + remote_system_username: "{{ system.high_availability.remote_system_username | default(omit) }}" + remote_system_password: "{{ system.high_availability.remote_system_password | default(omit) }}" + services_to_synchronize: "{{ system.high_availability.services_to_synchronize | default(omit) }}" + when: system.high_availability is defined + - name: Configure interface assignments puzzle.opnsense.interfaces_assignments: identifier: "{{ interface.identifier }}" From 38b5605ddec5cf9d92d5a3961fca53ac8ea85d74 Mon Sep 17 00:00:00 2001 From: Fabio Bertagna Date: Wed, 4 Sep 2024 17:18:20 +0200 Subject: [PATCH 12/18] Add conditionals to configurations in role --- roles/opnsense_configure/defaults/main.yml | 19 +++++------------ roles/opnsense_configure/tasks/main.yml | 24 ++++++++++++++-------- 2 files changed, 21 insertions(+), 22 deletions(-) diff --git a/roles/opnsense_configure/defaults/main.yml b/roles/opnsense_configure/defaults/main.yml index 25b42201..863caf37 100644 --- a/roles/opnsense_configure/defaults/main.yml +++ b/roles/opnsense_configure/defaults/main.yml @@ -27,28 +27,19 @@ # max_log_file_size_mb: # preserve_logs: -system_settings: - access: - users: [] +system: settings: - general: {} - logging: {} - - + access: # Interface related variables: # # interfaces: # assignments: [] interfaces: - assignments: [ ] # # Firewall related variables should be provided in this structure # # firewall: -# aliases: -# rules: - -firewall: - aliases: [] - rules: [] +# aliases: [] +# rules: [] +firewall: \ No newline at end of file diff --git a/roles/opnsense_configure/tasks/main.yml b/roles/opnsense_configure/tasks/main.yml index 9b798553..274389c4 100644 --- a/roles/opnsense_configure/tasks/main.yml +++ b/roles/opnsense_configure/tasks/main.yml @@ -6,18 +6,22 @@ hostname: "{{ system.settings.general.hostname | default(omit) }}" domain: "{{ system.settings.general.domain | default(omit) }}" timezone: "{{ system.settings.general.timezone | default(omit) }}" - when: > - system.settings.general.hostname is defined or - system.settings.general.domain is defined or - system.settings.general.timezone is defined + when: + - system.settings.general is defined + - > + system.settings.general.hostname is defined or + system.settings.general.domain is defined or + system.settings.general.timezone is defined - name: Configure logging system settings puzzle.opnsense.system_settings_logging: max_log_file_size_mb: "{{ system.settings.logging.max_log_file_size_mb | default(omit) }}" preserve_logs: "{{ system.settings.logging.preserve_logs | default(omit) }}" - when: > - system.settings.logging.max_log_file_size_mb is defined or - system.settings.logging.preserve_logs is defined + when: + - system.settings.logging is defined + - > + system.settings.logging.max_log_file_size_mb is defined or + system.settings.logging.preserve_logs is defined - name: Configure users puzzle.opnsense.system_access_users: @@ -41,6 +45,7 @@ loop_control: loop_var: user label: "{{ user.username }}" + when: system.access.users is defined - name: Configure system HA settings puzzle.opnsense.system_high_availability_settings: @@ -64,6 +69,7 @@ loop: "{{ interfaces.assignments }}" loop_control: loop_var: interface + when: interfaces.assignments is defined - name: Configure firewall aliases puzzle.opnsense.firewall_alias: @@ -82,6 +88,7 @@ loop: "{{ firewall.aliases }}" loop_control: loop_var: alias + when: firewall.aliases is defined - name: Configure firewall rules puzzle.opnsense.firewall_rules: @@ -100,4 +107,5 @@ state: "{{ rule.state | default(omit) }}" loop: "{{ firewall.rules }}" loop_control: - loop_var: rule \ No newline at end of file + loop_var: rule + when: firewall.rules is defined \ No newline at end of file From 5ddf3462e93ae9950b958b89134ec2fda76a541c Mon Sep 17 00:00:00 2001 From: Fabio Bertagna Date: Thu, 12 Sep 2024 16:35:43 +0200 Subject: [PATCH 13/18] Cleanup role --- roles/opnsense_configure/handlers/main.yml | 2 -- roles/opnsense_configure/tests/inventory | 2 -- roles/opnsense_configure/tests/test.yml | 5 ----- roles/opnsense_configure/vars/main.yml | 2 -- 4 files changed, 11 deletions(-) delete mode 100644 roles/opnsense_configure/handlers/main.yml delete mode 100644 roles/opnsense_configure/tests/inventory delete mode 100644 roles/opnsense_configure/tests/test.yml delete mode 100644 roles/opnsense_configure/vars/main.yml diff --git a/roles/opnsense_configure/handlers/main.yml b/roles/opnsense_configure/handlers/main.yml deleted file mode 100644 index bf6c3a97..00000000 --- a/roles/opnsense_configure/handlers/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -# handlers file for opnsense_configure diff --git a/roles/opnsense_configure/tests/inventory b/roles/opnsense_configure/tests/inventory deleted file mode 100644 index 878877b0..00000000 --- a/roles/opnsense_configure/tests/inventory +++ /dev/null @@ -1,2 +0,0 @@ -localhost - diff --git a/roles/opnsense_configure/tests/test.yml b/roles/opnsense_configure/tests/test.yml deleted file mode 100644 index a11484be..00000000 --- a/roles/opnsense_configure/tests/test.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- hosts: localhost - remote_user: root - roles: - - opnsense_configure diff --git a/roles/opnsense_configure/vars/main.yml b/roles/opnsense_configure/vars/main.yml deleted file mode 100644 index bbf979e0..00000000 --- a/roles/opnsense_configure/vars/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -# vars file for opnsense_configure From 7e8fb5589b833a49633ab0984ff860cd2d6fc055 Mon Sep 17 00:00:00 2001 From: Fabio Bertagna Date: Fri, 13 Sep 2024 14:09:36 +0200 Subject: [PATCH 14/18] Document config rule --- molecule/opnsense_config/converge.yml | 1 - roles/opnsense_configure/README.md | 111 ++++++++++++++++++++++---- 2 files changed, 94 insertions(+), 18 deletions(-) diff --git a/molecule/opnsense_config/converge.yml b/molecule/opnsense_config/converge.yml index 0fae840c..0305f4d3 100644 --- a/molecule/opnsense_config/converge.yml +++ b/molecule/opnsense_config/converge.yml @@ -27,7 +27,6 @@ domain: "test.local" timezone: "Europe/Zurich" logging: - max_log_file_size_mb: 8 preserve_logs: 10 interfaces: assignments: diff --git a/roles/opnsense_configure/README.md b/roles/opnsense_configure/README.md index f62600d8..6ca4a040 100644 --- a/roles/opnsense_configure/README.md +++ b/roles/opnsense_configure/README.md @@ -1,39 +1,116 @@ opnsense_configure - OPNsense configuration role ========= -This role provides a generic apporach to configure OPNsense instances by populating host variables +This role provides a generic approach to configure OPNsense instances by populating host variables according to this roles defaults specification. -Requirements ------------- - -Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required. - Role Variables -------------- -A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well. +The variables must be structured in a way that each puzzle.opnsense module has its own block. Each module related block +is then structured just like the corresponding module parameters as documented in the modules themselves. +The top level structure must be structured as follows: +```yaml +--- +system: + access: + users: [] # list of users, where the users follows the system_access_users module parameter structure + high_availability: + # system_high_availability_settings module parameters + settings: + general: + # system_settings_general module parameters + logging: + # system_settings_logging module parameters + +interfaces: + assignments: [] # list of interface assignments, where the users follows the interfaces_assignments module parameter structure -Dependencies ------------- +firewall: + aliases: [] # list of aliases, where the users follows the firewall_alias module parameter structure + rules: [] # list of rules, where the users follows the firewall_rules module parameter structure +``` -A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles. Example Playbook ---------------- -Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too: +The usage of the role is straight forward, however the main thought should go into the building of the +host variables. An example execution could look like this: - - hosts: servers - roles: - - { role: username.rolename, x: 42 } +```yaml +--- +- name: converge + hosts: all + become: true + vars: + system: + access: + users: + - username: simple_user + password: pass1234 + high_availability: + synchronize_interface: LAN + synchronize_config_to_ip: 224.0.0.240 + synchronize_peer_ip: 224.0.0.241 + disable_preempt: true + disconnect_dialup_interfaces: true + synchronize_states: true + remote_system_username: opnsense + remote_system_password: v3rys3cure + services_to_synchronize: + - aliases + - rules + - ipsec + settings: + general: + hostname: "firewall01" + domain: "test.local" + timezone: "Europe/Zurich" + logging: + preserve_logs: 10 + interfaces: + assignments: + - device: em0 + identifier: opt2 + description: VAGRANT + - device: em1 + identifier: lan + description: LAN + - device: em2 + identifier: wan + description: WAN + - device: em3 + identifier: opt1 + description: DMZ + firewall: + aliases: + - name: TestAliasTypeHost + type: host + statistics: false + description: Test Alias with type Host + content: 10.0.0.1 + - name: TestAliasTypeNetwork + type: network + statistics: false + description: Test Alias with type Network + content: 10.0.0.0/24 + rules: + - interface: lan + description: Block SSH on LAN + destination: + port: 22 + action: block + roles: + - role: puzzle.opnsense.opnsense_configure + +``` License ------- -BSD +GPLv3 Author Information ------------------ - -An optional section for the role authors to include contact information, or a website (HTML is not allowed). + - Fabio Bertagna (github.com/dongiovanni83) From 66e5f2e6b7d6ff33564617d428515aa698480375 Mon Sep 17 00:00:00 2001 From: Fabio Bertagna Date: Fri, 13 Sep 2024 14:14:39 +0200 Subject: [PATCH 15/18] Add changelog fragment for new role --- changelogs/fragments/155-add-opnsense-confi-role.yml | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 changelogs/fragments/155-add-opnsense-confi-role.yml diff --git a/changelogs/fragments/155-add-opnsense-confi-role.yml b/changelogs/fragments/155-add-opnsense-confi-role.yml new file mode 100644 index 00000000..2aaeec5b --- /dev/null +++ b/changelogs/fragments/155-add-opnsense-confi-role.yml @@ -0,0 +1,3 @@ +--- +minor_changes: + - puzzle.opnsense.opnsense_configure - Addition of an ansible role to the collection From a81c0500776c29051dd59f2f37ee2164a60889f5 Mon Sep 17 00:00:00 2001 From: Fabio Bertagna Date: Fri, 13 Sep 2024 14:16:06 +0200 Subject: [PATCH 16/18] Lint role meta.yml --- roles/opnsense_configure/meta/main.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/roles/opnsense_configure/meta/main.yml b/roles/opnsense_configure/meta/main.yml index 07f49dc9..6dfb7b34 100644 --- a/roles/opnsense_configure/meta/main.yml +++ b/roles/opnsense_configure/meta/main.yml @@ -1,9 +1,9 @@ galaxy_info: author: Fabio Bertagna company: Puzzle ITC - license: GPL-3.0-only + license: GPL-3.0-only min_ansible_version: 2.1 galaxy_tags: - opnsense -dependencies: [] +dependencies: [ ] From 1cb9347da1e1b98bc62463ccf409e232191d2a66 Mon Sep 17 00:00:00 2001 From: Fabio Bertagna Date: Mon, 25 Nov 2024 10:33:31 +0100 Subject: [PATCH 17/18] Fix changelog fragment file name typo --- ...d-opnsense-confi-role.yml => 155-add-opnsense-config-role.yml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename changelogs/fragments/{155-add-opnsense-confi-role.yml => 155-add-opnsense-config-role.yml} (100%) diff --git a/changelogs/fragments/155-add-opnsense-confi-role.yml b/changelogs/fragments/155-add-opnsense-config-role.yml similarity index 100% rename from changelogs/fragments/155-add-opnsense-confi-role.yml rename to changelogs/fragments/155-add-opnsense-config-role.yml From 965ca36a6514a9effc6f22164dd407d26df457e5 Mon Sep 17 00:00:00 2001 From: Fabio Bertagna Date: Mon, 25 Nov 2024 10:52:03 +0100 Subject: [PATCH 18/18] Use clearer variable wording in role README --- roles/opnsense_configure/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/opnsense_configure/README.md b/roles/opnsense_configure/README.md index 6ca4a040..434d1bb5 100644 --- a/roles/opnsense_configure/README.md +++ b/roles/opnsense_configure/README.md @@ -7,7 +7,7 @@ according to this roles defaults specification. Role Variables -------------- -The variables must be structured in a way that each puzzle.opnsense module has its own block. Each module related block +The variables must be structured in a way that each puzzle.opnsense module has its own variable section . Each module related variable section is then structured just like the corresponding module parameters as documented in the modules themselves. The top level structure must be structured as follows: ```yaml