From 23163e0aa3e4c0e6b3d873ca0ff889d341f72ae0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A9mi=20-=20Le=20Filament?= <remi@le-filament.com>
Date: Thu, 3 Jun 2021 04:57:15 +0200
Subject: [PATCH] Rename variable to restrict_internet_access

---
 README.md                      | 4 ++--
 defaults/main.yml              | 2 +-
 templates/inverseproxy.yaml.j2 | 6 +++---
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/README.md b/README.md
index ecd67b2..a39ee3f 100644
--- a/README.md
+++ b/README.md
@@ -14,7 +14,7 @@ Role Variables
 Variables defined in defaults/main.yaml:
 * default_maintenance_email : default maintenance e-mail used to validate Let's Encrypt certificate (defaults to maintenance@example.org)
 * docker_userns_remap : whether remapping of user namespace is being used for Docker (security feature defaults to true)
-* docker_internet_access : whether dockers should be granted access to Internet of if networks are internal only
+* restrict_internet_access : whether dockers should be granted access to Internet of if networks are internal only (defaults to true meaning docker containers have no direct internet access, whitelisted URLs should be used to grant specific access)
 * default_sshd_port: Port on which SSH daemon listens (defaults to 10022)
 * host_user : user used to connect to the server
 * srv_proxy_pass: Password to access proxy protected pages (AUTH defaults to SuperSecureProxyP4$$)
@@ -72,7 +72,7 @@ Example Playbook
       - { default_maintenance_email: "maintenance@example.org" }
       - { default_sshd_port: 10022 }
       - { docker_userns_remap: true }
-      - { docker_internet_access: false }
+      - { restrict_internet_access: true }
       - { host_user: "testuser" }
       - { srv_proxy_pass: "SuperSecureProxyP4$$" }
       - { cloud_collabora: true }
diff --git a/defaults/main.yml b/defaults/main.yml
index fd5fe87..c911bfa 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -2,7 +2,7 @@
 default_maintenance_email: "maintenance@example.org"
 default_sshd_port: 10022
 docker_userns_remap: true
-docker_internet_access: false
+restrict_internet_access: true
 host_user: "testuser"
 srv_proxy_pass: "SuperSecureProxyP4$$"
 
diff --git a/templates/inverseproxy.yaml.j2 b/templates/inverseproxy.yaml.j2
index 4cb7768..03f33ce 100644
--- a/templates/inverseproxy.yaml.j2
+++ b/templates/inverseproxy.yaml.j2
@@ -28,7 +28,7 @@ services:
 {% endif %}
             smtp:
             private:
-{% if not docker_internet_access %}
+{% if restrict_internet_access %}
             public:
 {% endif %}
         volumes:
@@ -61,7 +61,7 @@ services:
 
 networks:
     shared:
-{% if not docker_internet_access %}
+{% if restrict_internet_access %}
         internal: true
 {% endif %}
         driver_opts:
@@ -80,7 +80,7 @@ networks:
         internal: true
         driver_opts:
             encrypted: 1
-{% if not docker_internet_access %}
+{% if restrict_internet_access %}
     public:
         driver_opts:
             encrypted: 1
-- 
GitLab