9 changed files with 1 additions and 135 deletions
--- a/roles/firewall/templates/ip6tables.j2
+++ b/roles/firewall/templates/ip6tables.j2
@ -48,13 +48,6 @@
 -A ICMP_FLOOD -j ACCEPT
 {% endif %}
 {% if firewall_dns_whitelist is defined %}
 -N ACCEPT_DNS
 -A ACCEPT_DNS -m tcp -p tcp --dport 53 -m comment --comment "accept dns 53/tcp6" -j LOG_ACCEPT
 -A ACCEPT_DNS -m udp -p udp --dport 53 -m comment --comment "accept dns 53/udp6" -j LOG_ACCEPT
 -A ACCEPT_DNS -m comment --comment "ACCEPT_DNS default drop inet6" -j LOG_DROP
 {% endif %}
 -A INPUT -i lo -m comment --comment "lo accept all inet6" -j ACCEPT
 {% if firewall_ssh_whitelist | length %}
@ -67,14 +60,6 @@
 -A INPUT -p tcp -m tcp --dport 22 -m set --match-set mgmt_v6 src -m comment --comment "accept mgmt ssh 22/tcp6" -j ACCEPT
 {% endif %}
 {% if firewall_dns_whitelist is defined and
      firewall_dns_whitelist | length %}
 {% for ip in firewall_dns_whitelist | ipv6 %}
 -A INPUT -m tcp -p tcp --dport 53 --source {{ ip }} -m comment --comment "accept {{ ip }} dns 53/tcp6" -j ACCEPT_DNS
 -A INPUT -m udp -p udp --dport 53 --source {{ ip }} -m comment --comment "accept {{ ip }} dns 53/udp6" -j ACCEPT_DNS
 {% endfor %}
 {% endif %}
 -A INPUT -m state --state INVALID -m comment --comment "drop invalid inet6" -j DROP
 {% if firewall_ipset_blacklist | length %}
--- a/roles/firewall/templates/iptables.j2
+++ b/roles/firewall/templates/iptables.j2
@ -48,13 +48,6 @@
 -A ICMP_FLOOD -j ACCEPT
 {% endif %}
 {% if firewall_dns_whitelist is defined %}
 -N ACCEPT_DNS
 -A ACCEPT_DNS -m tcp -p tcp --dport 53 -m comment --comment "accept dns 53/tcp" -j LOG_ACCEPT
 -A ACCEPT_DNS -m udp -p udp --dport 53 -m comment --comment "accept dns 53/udp" -j LOG_ACCEPT
 -A ACCEPT_DNS -m comment --comment "ACCEPT_DNS default drop" -j LOG_DROP
 {% endif %}
 -A INPUT -i lo -m comment --comment "lo accept all" -j ACCEPT
 {% if firewall_ssh_whitelist | length %}
@ -67,14 +60,6 @@
 -A INPUT -p tcp -m tcp --dport 22 -m set --match-set mgmt_v4 src -m comment --comment "accept mgmt ssh 22/tcp" -j ACCEPT
 {% endif %}
 {% if firewall_dns_whitelist is defined and
      firewall_dns_whitelist | length %}
 {% for ip in firewall_dns_whitelist | ipv4 %}
 -A INPUT -m tcp -p tcp --dport 53 --source {{ ip }} -m comment --comment "accept {{ ip }} dns 53/tcp" -j ACCEPT_DNS
 -A INPUT -m udp -p udp --dport 53 --source {{ ip }} -m comment --comment "accept {{ ip }} dns 53/udp" -j ACCEPT_DNS
 {% endfor %}
 {% endif %}
 -A INPUT -m state --state INVALID -m comment --comment "drop invalid" -j DROP
 {% if firewall_ipset_blacklist | length %}
--- a/roles/gitea/defaults/main.yaml
+++ b/roles/gitea/defaults/main.yaml
@ -54,7 +54,6 @@ gitea_var_tree:
  - "{{ gitea_var_path }}/custom"
  - "{{ gitea_var_path }}/data"
  - "{{ gitea_var_path }}/log"
  - "{{ gitea_var_path }}/backup"
 gitea_ssl_enabled: yes
 gitea_ssl_certificate: "/etc/letsencrypt/live/{{ gitea_domain }}/fullchain.pem"
--- a/roles/nsd/defaults/main.yaml
+++ b/roles/nsd/defaults/main.yaml
@ -1,17 +0,0 @@
 ---
 nsd_package_name: nsd
 nsd_package_state: present
 nsd_service_name: nsd
 nsd_service_state: started
 nsd_service_enabled: yes
 nsd_etc_path: /etc/nsd
 nsd_zone_path: "{{ nsd_etc_path }}/zones"
 nsd_server_config:
  verbosity: 2
  zonesdir: "{{ nsd_zone_path }}"
  ip-address:
    - "{{ ansible_default_ipv4.address }}"
    - "{{ ansible_default_ipv6.address }}"
--- a/roles/nsd/handlers/main.yaml
+++ b/roles/nsd/handlers/main.yaml
@ -1,10 +0,0 @@
 ---
 - name: reload nsd
  service:
    name: "{{ nsd_service_name }}"
    state: reloaded
 - name: restart nsd
  service:
    name: "{{ nsd_service_name }}"
    state: restarted
--- a/roles/nsd/tasks/main.yaml
+++ b/roles/nsd/tasks/main.yaml
@ -1,36 +0,0 @@
 ---
 - name: install package
  package:
    name: "{{ nsd_package_name }}"
    state: "{{ nsd_package_state }}"
 - name: create zone directory
  file:
    path: "{{ nsd_zone_path }}"
    state: directory
 - name: configure
  template:
    src: nsd.conf.j2
    dest: "{{ nsd_etc_path }}/nsd.conf"
    owner: root
    group: root
    mode: 0644
  notify: restart nsd
 - name: configure zones
  copy:
    src: "files/nsd/zones/{{ item.filename | default(item.name + '.zone') }}"
    dest: "{{ nsd_zone_path }}/{{ item.name }}.zone"
    owner: root
    group: nsd
    mode: 0640
    validate: "nsd-checkzone {{ item.name }} %s"
  loop: "{{ nsd_zones | default([]) }}"
  notify: reload nsd
 - name: manage service
  service:
    name: "{{ nsd_service_name }}"
    state: "{{ nsd_service_state }}"
    enabled: "{{ nsd_service_enabled }}"
--- a/roles/nsd/templates/nsd.conf.j2
+++ b/roles/nsd/templates/nsd.conf.j2
@ -1,34 +0,0 @@
 # {{ ansible_managed }}
 {% if nsd_server_config is defined and
      nsd_server_config is mapping %}
 server:
 {% for k, v in nsd_server_config.items() %}
 {% if v is string or v is number %}
    {{ k }}: {{ v }}
 {% elif v is sequence %}
 {% for vv in v %}
    {{ k }}: {{ vv }}
 {% endfor %}
 {% endif %}
 {% endfor %}
 {% endif %}
 {% if nsd_zones is defined and
      nsd_zones is sequence %}
 {% for zone in nsd_zones %}
 {% if zone is defined and
      zone is mapping %}
 zone:
 {% for k, v in zone.items() %}
 {% if v is string %}
    {{ k }}: {{ v }}
 {% elif v is sequence %}
 {% for vv in v %}
    {{ k }}: {{ vv }}
 {% endfor %}
 {% endif %}
 {% endfor %}
 {% endif %}
 {% endfor %}
 {% endif %}
--- a/roles/rsyslog/templates/archival.conf.j2
+++ b/roles/rsyslog/templates/archival.conf.j2
@ -31,4 +31,5 @@ template(
    fileGroup="{{ rsyslog_file_group }}"
    dirOwner="{{ rsyslog_file_owner }}"
    dirGroup="{{ rsyslog_file_group }}"
    umask="{{ rsyslog_umask }}"
 )
--- a/roles/util/defaults/main.yaml
+++ b/roles/util/defaults/main.yaml
@ -37,10 +37,3 @@ util_packages:
  text:
    - jq
    - crudini
  interpreters:
    - lua5.3
  python:
    - python-pip
    - python3-pip
    - python-requests
    - python3-requests