-start organizing for roles

2019-02-19 14:05:30 -05:00
parent b0530a816b
commit 160c8867f3
3 changed files with 245 additions and 230 deletions
--- a/3
+++ b/3
@@ -29,3 +29,6 @@
 192.168.90.2
 192.168.100.2
 192.168.200.163 ansible_user=ubuntu
+
+[public]
+192.168.201.2
--- a/roles/public/tasks/ufw.yaml
+++ b/roles/public/tasks/ufw.yaml
@@ -0,0 +1,242 @@
+---
+- hosts: public
+  tasks:
+    - name: Install ufw packages
+      package:
+              name: ufw
+              state: present
+      become: true
+    - name: Allow all access from RFC1918 networks to this hosts
+      ufw:
+        rule: allow
+        src: '{{ item }}'
+      with_items:
+          - 10.0.0.0/8
+          - 172.16.0.0/12
+          - 192.168.0.0/16
+      become: true
+    - name: Allow all access from any Comcast IP Space
+      become: true
+      ufw:
+        rule: allow
+        src: '{{ item }} '        
+      with_items:
+            - 100.96.0.0/11
+            - 100.96.0.0/11
+            - 100.96.0.0/11
+            - 103.72.193.0/24
+            - 103.72.193.0/24
+            - 103.72.193.0/24
+            - 103.72.193.0/24
+            - 107.0.0.0/14
+            - 107.4.0.0/15
+            - 108.171.224.0/20
+            - 108.171.224.0/20
+            - 147.191.0.0/16
+            - 147.191.0.0/16
+            - 147.191.0.0/16
+            - 147.191.0.0/16
+            - 147.191.1.0/25
+            - 162.148.0.0/14
+            - 162.149.0.0/16
+            - 162.149.0.0/16
+            - 162.149.0.0/16
+            - 162.150.0.0/16
+            - 162.151.0.0/17
+            - 162.151.128.0/18
+            - 162.151.192.0/19
+            - 162.151.224.0/19
+            - 162.17.0.0/16
+            - 165.137.0.0/16
+            - 165.137.0.0/16
+            - 165.137.0.0/16
+            - 165.137.0.0/16
+            - 169.152.0.0/16
+            - 169.152.0.0/16
+            - 169.152.0.0/16
+            - 169.152.0.0/16
+            - 173.160.0.0/13
+            - 173.8.0.0/13
+            - 174.160.0.0/11
+            - 174.48.0.0/12
+            - 184.108.0.0/14
+            - 184.108.0.0/15
+            - 184.112.0.0/12
+            - 193.57.148.0/22
+            - 193.57.148.0/22
+            - 198.0.0.0/16
+            - 198.137.252.0/23
+            - 198.137.252.0/23
+            - 198.137.252.0/23
+            - 198.137.252.0/23
+            - 198.137.252.0/23
+            - 198.178.8.0/21
+            - 198.178.8.0/21
+            - 198.178.8.0/21
+            - 198.178.8.0/21
+            - 207.223.0.0/20
+            - 207.223.0.0/20
+            - 208.110.192.0/19
+            - 208.39.128.0/18
+            - 209.23.192.0/18
+            - 216.45.128.0/17
+            - 23.24.0.0/15
+            - 23.30.0.0/15
+            - 23.68.0.0/14
+            - 232.128.0.0/13
+            - 232.232.0.0/14
+            - 232.36.0.0/14
+            - 232.40.0.0/14
+            - 232.44.0.0/14
+            - 232.48.0.0/14
+            - 232.52.0.0/14
+            - 232.56.0.0/14
+            - 232.64.0.0/14
+            - 232.80.0.0/14
+            - 232.96.0.0/14
+            - 239.12.0.0/14
+            - 239.16.0.0/14
+            - 239.20.0.0/14
+            - 239.24.0.0/14
+            - 239.28.0.0/14
+            - 239.32.0.0/14
+            - 24.0.0.0/12
+            - 24.104.0.0/17
+            - 24.104.128.0/19
+            - 24.118.0.0/16
+            - 24.124.128.0/17
+            - 24.125.0.0/16
+            - 24.126.0.0/15
+            - 24.128.0.0/16
+            - 24.129.0.0/17
+            - 24.130.0.0/15
+            - 24.147.0.0/16
+            - 24.149.128.0/17
+            - 24.153.64.0/19
+            - 24.153.72.0/21
+            - 24.16.0.0/13
+            - 24.218.0.0/16
+            - 24.245.0.0/18
+            - 24.30.0.0/17
+            - 24.34.0.0/16
+            - 24.40.0.0/18
+            - 24.40.0.0/18
+            - 24.40.0.0/18
+            - 24.40.0.0/18
+            - 24.40.64.0/20
+            - 24.40.64.0/20
+            - 24.40.64.0/20
+            - 24.40.64.0/20
+            - 24.60.0.0/14
+            - 24.91.0.0/16
+            - 24.98.0.0/15
+            - 3.81.241.149
+            - 50.128.0.0/9
+            - 50.73.0.0/16
+            - 50.76.0.0/14
+            - 64.139.64.0/19
+            - 64.235.160.0/19
+            - 64.56.32.0/19
+            - 64.78.64.0/18
+            - 65.34.128.0/17
+            - 65.96.0.0/16
+            - 66.176.0.0/15
+            - 66.208.192.0/18
+            - 66.229.0.0/16
+            - 66.240.0.0/18
+            - 66.30.0.0/15
+            - 66.41.0.0/16
+            - 66.56.0.0/18
+            - 67.160.0.0/11
+            - 67.178.0.0/17
+            - 67.178.128.0/17
+            - 67.179.0.0/16
+            - 68.32.0.0/11
+            - 68.80.0.0/13
+            - 68.85.0.0/20
+            - 68.85.128.0/17
+            - 68.85.16.0/20
+            - 68.85.32.0/19
+            - 68.85.64.0/18
+            - 68.86.0.0/18
+            - 68.86.128.0/17
+            - 68.86.64.0/18
+            - 68.87.0.0/20
+            - 68.87.128.0/18
+            - 68.87.16.0/20
+            - 68.87.192.0/19
+            - 68.87.224.0/20
+            - 68.87.240.0/20
+            - 68.87.32.0/19
+            - 68.87.64.0/18
+            - 69.136.0.0/13
+            - 69.139.128.0/20
+            - 69.139.144.0/20
+            - 69.139.160.0/19
+            - 69.139.192.0/18
+            - 69.180.0.0/15
+            - 69.240.0.0/12
+            - 69.240.0.0/16
+            - 69.241.0.0/17
+            - 69.241.128.0/17
+            - 69.252.0.0/17
+            - 69.252.128.0/18
+            - 69.252.192.0/18
+            - 69.252.80.0/23
+            - 70.88.0.0/14
+            - 71.192.0.0/12
+            - 71.224.0.0/12
+            - 71.24.0.0/14
+            - 71.56.0.0/13
+            - 72.55.0.0/17
+            - 73.0.0.0/8
+            - 73.0.0.0/8
+            - 74.144.0.0/12
+            - 74.16.0.0/12
+            - 74.81.128.0/19
+            - 74.92.0.0/14
+            - 75.144.0.0/13
+            - 75.64.0.0/13
+            - 75.72.0.0/15
+            - 75.74.0.0/16
+            - 75.75.0.0/17
+            - 75.75.128.0/18
+            - 75.75.72.0/21
+            - 76.128.0.0/11
+            - 76.16.0.0/12
+            - 76.96.0.0/11
+            - 76.96.0.0/17
+            - 76.96.128.0/17
+            - 96.100.0.0/14
+            - 96.106.0.0/15
+            - 96.108.0.0/17
+            - 96.108.128.0/18
+            - 96.108.192.0/19
+            - 96.108.224.0/19
+            - 96.109.0.0/16
+            - 96.110.0.0/16
+            - 96.111.0.0/16
+            - 96.112.0.0/13
+            - 96.112.0.0/14
+            - 96.114.40.0/21
+            - 96.116.0.0/14
+            - 96.120.0.0/14
+            - 96.124.0.0/16
+            - 96.128.0.0/10
+            - 96.192.0.0/11
+            - 96.64.0.0/11
+            - 96.96.0.0/12
+            - 96.96.0.0/14
+            - 96.98.0.0/16
+            - 96.99.208.0/20
+            - 96.99.224.0/19
+            - 98.192.0.0/10
+            - 98.205.0.0/16
+            - 98.241.0.0/16
+            - 98.32.0.0/11
+
+    - name: Enable UFW
+      ufw:
+        state: enabled
+        policy: deny
+      become: true
--- a/ufw.yaml
+++ b/ufw.yaml
@@ -1,230 +0,0 @@
- hosts: public
-  - name: Allow all access from RFC1918 networks to this hosts
-    ufw:
-	  rule: allow
-	  src: '{{ item }}'
-	with_items:
-	  - 10.0.0.0/8
-	  - 172.16.0.0/12
-	  - 192.168.0.0/16
-
-  - name: Allow all access from any Comcast IP Space
-    ufw:
-      rule: allow
-      src: '{{ item }} '	  
-	with_items:
-      - 100.96.0.0/11
-      - 100.96.0.0/11
-      - 100.96.0.0/11
-      - 103.72.193.0/24
-      - 103.72.193.0/24
-      - 103.72.193.0/24
-      - 103.72.193.0/24
-      - 107.0.0.0/14
-      - 107.4.0.0/15
-      - 108.171.224.0/20
-      - 108.171.224.0/20
-      - 147.191.0.0/16
-      - 147.191.0.0/16
-      - 147.191.0.0/16
-      - 147.191.0.0/16
-      - 147.191.1.0/25
-      - 162.148.0.0/14
-      - 162.149.0.0/16
-      - 162.149.0.0/16
-      - 162.149.0.0/16
-      - 162.150.0.0/16
-      - 162.151.0.0/17
-      - 162.151.128.0/18
-      - 162.151.192.0/19
-      - 162.151.224.0/19
-      - 162.17.0.0/16
-      - 165.137.0.0/16
-      - 165.137.0.0/16
-      - 165.137.0.0/16
-      - 165.137.0.0/16
-      - 169.152.0.0/16
-      - 169.152.0.0/16
-      - 169.152.0.0/16
-      - 169.152.0.0/16
-      - 173.160.0.0/13
-      - 173.8.0.0/13
-      - 174.160.0.0/11
-      - 174.48.0.0/12
-      - 184.108.0.0/14
-      - 184.108.0.0/15
-      - 184.112.0.0/12
-      - 193.57.148.0/22
-      - 193.57.148.0/22
-      - 198.0.0.0/16
-      - 198.137.252.0/23
-      - 198.137.252.0/23
-      - 198.137.252.0/23
-      - 198.137.252.0/23
-      - 198.137.252.0/23
-      - 198.178.8.0/21
-      - 198.178.8.0/21
-      - 198.178.8.0/21
-      - 198.178.8.0/21
-      - 207.223.0.0/20
-      - 207.223.0.0/20
-      - 208.110.192.0/19
-      - 208.39.128.0/18
-      - 209.23.192.0/18
-      - 216.45.128.0/17
-      - 23.24.0.0/15
-      - 23.30.0.0/15
-      - 23.68.0.0/14
-      - 232.128.0.0/13
-      - 232.232.0.0/14
-      - 232.36.0.0/14
-      - 232.40.0.0/14
-      - 232.44.0.0/14
-      - 232.48.0.0/14
-      - 232.52.0.0/14
-      - 232.56.0.0/14
-      - 232.64.0.0/14
-      - 232.80.0.0/14
-      - 232.96.0.0/14
-      - 239.12.0.0/14
-      - 239.16.0.0/14
-      - 239.20.0.0/14
-      - 239.24.0.0/14
-      - 239.28.0.0/14
-      - 239.32.0.0/14
-      - 24.0.0.0/12
-      - 24.104.0.0/17
-      - 24.104.128.0/19
-      - 24.118.0.0/16
-      - 24.124.128.0/17
-      - 24.125.0.0/16
-      - 24.126.0.0/15
-      - 24.128.0.0/16
-      - 24.129.0.0/17
-      - 24.130.0.0/15
-      - 24.147.0.0/16
-      - 24.149.128.0/17
-      - 24.153.64.0/19
-      - 24.153.72.0/21
-      - 24.16.0.0/13
-      - 24.218.0.0/16
-      - 24.245.0.0/18
-      - 24.30.0.0/17
-      - 24.34.0.0/16
-      - 24.40.0.0/18
-      - 24.40.0.0/18
-      - 24.40.0.0/18
-      - 24.40.0.0/18
-      - 24.40.64.0/20
-      - 24.40.64.0/20
-      - 24.40.64.0/20
-      - 24.40.64.0/20
-      - 24.60.0.0/14
-      - 24.91.0.0/16
-      - 24.98.0.0/15
-      - 3.81.241.149
-      - 50.128.0.0/9
-      - 50.73.0.0/16
-      - 50.76.0.0/14
-      - 64.139.64.0/19
-      - 64.235.160.0/19
-      - 64.56.32.0/19
-      - 64.78.64.0/18
-      - 65.34.128.0/17
-      - 65.96.0.0/16
-      - 66.176.0.0/15
-      - 66.208.192.0/18
-      - 66.229.0.0/16
-      - 66.240.0.0/18
-      - 66.30.0.0/15
-      - 66.41.0.0/16
-      - 66.56.0.0/18
-      - 67.160.0.0/11
-      - 67.178.0.0/17
-      - 67.178.128.0/17
-      - 67.179.0.0/16
-      - 68.32.0.0/11
-      - 68.80.0.0/13
-      - 68.85.0.0/20
-      - 68.85.128.0/17
-      - 68.85.16.0/20
-      - 68.85.32.0/19
-      - 68.85.64.0/18
-      - 68.86.0.0/18
-      - 68.86.128.0/17
-      - 68.86.64.0/18
-      - 68.87.0.0/20
-      - 68.87.128.0/18
-      - 68.87.16.0/20
-      - 68.87.192.0/19
-      - 68.87.224.0/20
-      - 68.87.240.0/20
-      - 68.87.32.0/19
-      - 68.87.64.0/18
-      - 69.136.0.0/13
-      - 69.139.128.0/20
-      - 69.139.144.0/20
-      - 69.139.160.0/19
-      - 69.139.192.0/18
-      - 69.180.0.0/15
-      - 69.240.0.0/12
-      - 69.240.0.0/16
-      - 69.241.0.0/17
-      - 69.241.128.0/17
-      - 69.252.0.0/17
-      - 69.252.128.0/18
-      - 69.252.192.0/18
-      - 69.252.80.0/23
-      - 70.88.0.0/14
-      - 71.192.0.0/12
-      - 71.224.0.0/12
-      - 71.24.0.0/14
-      - 71.56.0.0/13
-      - 72.55.0.0/17
-      - 73.0.0.0/8
-      - 73.0.0.0/8
-      - 74.144.0.0/12
-      - 74.16.0.0/12
-      - 74.81.128.0/19
-      - 74.92.0.0/14
-      - 75.144.0.0/13
-      - 75.64.0.0/13
-      - 75.72.0.0/15
-      - 75.74.0.0/16
-      - 75.75.0.0/17
-      - 75.75.128.0/18
-      - 75.75.72.0/21
-      - 76.128.0.0/11
-      - 76.16.0.0/12
-      - 76.96.0.0/11
-      - 76.96.0.0/17
-      - 76.96.128.0/17
-      - 96.100.0.0/14
-      - 96.106.0.0/15
-      - 96.108.0.0/17
-      - 96.108.128.0/18
-      - 96.108.192.0/19
-      - 96.108.224.0/19
-      - 96.109.0.0/16
-      - 96.110.0.0/16
-      - 96.111.0.0/16
-      - 96.112.0.0/13
-      - 96.112.0.0/14
-      - 96.114.40.0/21
-      - 96.116.0.0/14
-      - 96.120.0.0/14
-      - 96.124.0.0/16
-      - 96.128.0.0/10
-      - 96.192.0.0/11
-      - 96.64.0.0/11
-      - 96.96.0.0/12
-      - 96.96.0.0/14
-      - 96.98.0.0/16
-      - 96.99.208.0/20
-      - 96.99.224.0/19
-      - 98.192.0.0/10
-      - 98.205.0.0/16
-      - 98.241.0.0/16
-      - 98.32.0.0/11
-
-