Skip to content

Commit

Permalink
adding ansible.builtin.fail checks to catch people still using outdat…
Browse files Browse the repository at this point in the history 
…ed *whitelist settings as per PR feedback
  • Loading branch information
@nickjones33
nickjones33 committed Aug 9, 2024
1 parent dadc544 commit 5da5978
Show file tree
Hide file tree
Showing 4 changed files with 13 additions and 1 deletion.
1 change: 1 addition & 0 deletions roles/bitwarden/defaults/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ bitwarden_data_directory: "{{ docker_home }}/bitwarden"
bitwarden_port_a: "19080"
bitwarden_port_b: "3012"
bitwarden_hostname: "bitwarden"
bitwarden_ip_whitelist: "deprecated"
bitwarden_ip_allowlist: "0.0.0.0/0"

# Keep this token secret, this is password to access admin area of your server!
Expand Down
7 changes: 6 additions & 1 deletion roles/bitwarden/tasks/main.yml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,11 @@
---
- name: Start Bitwarden
block:
- name: Check for Deprecated IP Whitelist setting
ansible.builtin.fail:
msg: "Use bitwarden_ip_allowlist instead of bitwarden_ip_whitelist! Read https://traefik.io/blog/announcing-traefik-proxy-v2-11/ for more information."
when: bitwarden_ip_whitelist != "deprecated"

- name: Create Bitwarden Directories
ansible.builtin.file:
path: "{{ item }}"
Expand Down Expand Up @@ -40,7 +45,7 @@
traefik.http.routers.bitwarden-ws.service: "bitwarden-ws"
traefik.http.routers.bitwarden-ws.middlewares: "bitwarden-ipallowlist@docker"
traefik.http.services.bitwarden-ws.loadbalancer.server.port: "3012"
traefik.http.middlewares.bitwarden-ipallowlist.ipallowlist.sourcerange: "{{ bitwarden_ip_whitelist }}"
traefik.http.middlewares.bitwarden-ipallowlist.ipallowlist.sourcerange: "{{ bitwarden_ip_allowlist }}"
memory: "{{ bitwarden_memory }}"
restart_policy: unless-stopped

Expand Down
1 change: 1 addition & 0 deletions roles/portainer/defaults/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ portainer_data_directory: "{{ docker_home }}/portainer/config"
# network
portainer_port: "9000"
portainer_hostname: "portainer"
portainer_ip_whitelist: "deprecated"
portainer_ip_allowlist: "0.0.0.0/0"

# docker
Expand Down
5 changes: 5 additions & 0 deletions roles/portainer/tasks/main.yml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,11 @@
---
- name: Start Portainer
block:
- name: Check for Deprecated IP Whitelist setting
ansible.builtin.fail:
msg: "Use portainer_ip_allowlist instead of portainer_ip_whitelist! Read https://traefik.io/blog/announcing-traefik-proxy-v2-11/ for more information."
when: portainer_ip_whitelist != "deprecated"

- name: Create Portainer Directories
ansible.builtin.file:
path: "{{ item }}"
Expand Down

0 comments on commit 5da5978

Please sign in to comment.