Rename variable to restrict_internet_access

23163e0a · Rémi - Le Filament · 59cb624a · 23163e0a · 23163e0a · 23163e0a
--- a/README.md
+++ b/README.md
@@ -14,7 +14,7 @@ Role Variables
 Variables defined in defaults/main.yaml:
 * default_maintenance_email : default maintenance e-mail used to validate Let's Encrypt certificate (defaults to maintenance@example.org)
 * docker_userns_remap : whether remapping of user namespace is being used for Docker (security feature defaults to true)
-* docker_internet_access : whether dockers should be granted access to Internet of if networks are internal only
+* restrict_internet_access : whether dockers should be granted access to Internet of if networks are internal only (defaults to true meaning docker containers have no direct internet access, whitelisted URLs should be used to grant specific access)
 * default_sshd_port: Port on which SSH daemon listens (defaults to 10022)
 * host_user : user used to connect to the server
 * srv_proxy_pass: Password to access proxy protected pages (AUTH defaults to SuperSecureProxyP4$$)
@@ -72,7 +72,7 @@ Example Playbook
      - { default_maintenance_email: "maintenance@example.org" }
      - { default_sshd_port: 10022 }
      - { docker_userns_remap: true }
-      - { docker_internet_access: false }
+      - { restrict_internet_access: true }
      - { host_user: "testuser" }
      - { srv_proxy_pass: "SuperSecureProxyP4$$" }
      - { cloud_collabora: true }

--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -2,7 +2,7 @@
 default_maintenance_email: "maintenance@example.org"
 default_sshd_port: 10022
 docker_userns_remap: true
-docker_internet_access: false
+restrict_internet_access: true
 host_user: "testuser"
 srv_proxy_pass: "SuperSecureProxyP4$$"


--- a/templates/inverseproxy.yaml.j2
+++ b/templates/inverseproxy.yaml.j2
@@ -28,7 +28,7 @@ services:
 {% endif %}
            smtp:
            private:
-{% if not docker_internet_access %}
+{% if restrict_internet_access %}
            public:
 {% endif %}
        volumes:
@@ -61,7 +61,7 @@ services:

 networks:
    shared:
-{% if not docker_internet_access %}
+{% if restrict_internet_access %}
        internal: true
 {% endif %}
        driver_opts:
@@ -80,7 +80,7 @@ networks:
        internal: true
        driver_opts:
            encrypted: 1
-{% if not docker_internet_access %}
+{% if restrict_internet_access %}
    public:
        driver_opts:
            encrypted: 1