Preconfigure allowed_hosts.conf style files for plugins
set the variable vdr_allowed_hosts (must be a list of IPs/IP ranges) to preconfigure all host- or ip-range based access options. At the moment this applies to: - svdrphosts.conf - xineliboutput's allowed_hosts.conf (and the plugin's ARGSDIR configuration file) - vnsiserver's allowed_hosts.conf - streamdev-server's streamdevhosts.conf It is possible to override host settings for individual services by setting up extra lists for the following variables: - vdr_svdrphosts - xineliboutput_allowed_hosts - vnsiserver_allowed_hosts - streamdev_server_allowed_hosts
This commit is contained in:
parent
d306eb118e
commit
8f22f9bf80
128
Manual.org
128
Manual.org
@ -615,6 +615,7 @@ vdr:
|
||||
hide_first_recording_level: false
|
||||
safe_dirnames: true
|
||||
override_vdr_charset: false
|
||||
vdr_allowed_hosts: []
|
||||
#+END_SRC
|
||||
*** tasks
|
||||
:PROPERTIES:
|
||||
@ -1144,9 +1145,9 @@ The additional plugins to install can be set in the variable ~{{vdr_plugins}}~ i
|
||||
template:
|
||||
src: templates/svdrphosts.conf.j2
|
||||
dest: '/etc/vdr/svdrphosts.conf'
|
||||
owner: '{{ vdr.user }}'
|
||||
group: '{{ vdr.group }}'
|
||||
mode: 0644
|
||||
vars:
|
||||
svdrphosts: '{{ vdr_svdrphosts | default(vdr_allowed_hosts) }}'
|
||||
|
||||
- name: "vdr configuration | /etc/default/vdr"
|
||||
template:
|
||||
@ -1155,6 +1156,72 @@ The additional plugins to install can be set in the variable ~{{vdr_plugins}}~ i
|
||||
|
||||
#+END_SRC
|
||||
|
||||
**** plugin preconfiguration
|
||||
|
||||
***** xineliboutput
|
||||
#+BEGIN_SRC yaml :tangle roles/vdr/tasks/main.yml :mkdirp yes
|
||||
- name: ensure directory '/etc/vdr/xineliboutput' exists
|
||||
file:
|
||||
state: directory
|
||||
mode: 0775
|
||||
dest: '/etc/vdr/plugins/xineliboutput'
|
||||
|
||||
- name: "vdr configuration | allowed_hosts.conf for xineliboutput"
|
||||
template:
|
||||
src: templates/generic_allowed_hosts.conf.j2
|
||||
dest: '/etc/vdr/plugins/{{ vdr_service }}/allowed_hosts.conf'
|
||||
mode: 0644
|
||||
vars:
|
||||
allowed_hosts: '{{ xineliboutput_allowed_hosts | default(vdr_allowed_hosts) }}'
|
||||
vdr_service: xineliboutput
|
||||
|
||||
- name: "vdr configuration | xineliboutput.conf host settings"
|
||||
template:
|
||||
src: templates/xineliboutput.conf.j2
|
||||
dest: /etc/vdr/conf.avail/xineliboutput.conf
|
||||
mode: 0644
|
||||
vars:
|
||||
allowed_hosts: '{{ xineliboutput_allowed_hosts | default(vdr_allowed_hosts) }}'
|
||||
|
||||
#+END_SRC
|
||||
***** vnsiserver
|
||||
#+BEGIN_SRC yaml :tangle roles/vdr/tasks/main.yml :mkdirp yes
|
||||
- name: ensure directory '/etc/vdr/plugins/vnsiserver' exists
|
||||
file:
|
||||
state: directory
|
||||
mode: 0775
|
||||
dest: '/etc/vdr/plugins/vnsiserver'
|
||||
|
||||
- name: "vdr configuration | allowed_hosts.conf for vnsiserver"
|
||||
template:
|
||||
src: templates/generic_allowed_hosts.conf.j2
|
||||
dest: '/etc/vdr/plugins/{{ vdr_service }}/allowed_hosts.conf'
|
||||
mode: 0644
|
||||
vars:
|
||||
allowed_hosts: '{{ vnsiserver_allowed_hosts | default(vdr_allowed_hosts) }}'
|
||||
vdr_service: vnsiserver
|
||||
|
||||
#+END_SRC
|
||||
|
||||
***** streamdev-server
|
||||
#+BEGIN_SRC yaml :tangle roles/vdr/tasks/main.yml :mkdirp yes
|
||||
- name: ensure directory '/etc/vdr/plugins' exists
|
||||
file:
|
||||
state: directory
|
||||
mode: 0775
|
||||
dest: '/etc/vdr/plugins/'
|
||||
|
||||
- name: "vdr configuration | streamdevhosts.conf for streamdev-server"
|
||||
template:
|
||||
src: templates/generic_allowed_hosts.conf.j2
|
||||
dest: '/etc/vdr/plugins/streamdevhosts.conf'
|
||||
mode: 0644
|
||||
vars:
|
||||
allowed_hosts: '{{ streamdev_server_allowed_hosts | default(vdr_allowed_hosts) }}'
|
||||
vdr_service: streamdev-server
|
||||
|
||||
#+END_SRC
|
||||
|
||||
**** start vdr after network-online.target
|
||||
:PROPERTIES:
|
||||
:ID: e435efbc-0690-40cc-bf55-5516b23f4ccf
|
||||
@ -1171,8 +1238,8 @@ The additional plugins to install can be set in the variable ~{{vdr_plugins}}~ i
|
||||
template:
|
||||
src: templates/systemd/network-online.j2
|
||||
dest: /etc/systemd/system/vdr.service.d/network-online.conf
|
||||
#+END_SRC
|
||||
|
||||
#+END_SRC
|
||||
*** templates
|
||||
:PROPERTIES:
|
||||
:ID: 0c5c2e3b-57af-46a9-b69e-3499e25fce59
|
||||
@ -1205,18 +1272,57 @@ SHUTDOWNCMD="{{ vdr_shutdown_command }}"
|
||||
#
|
||||
# IP-Address[/Netmask]
|
||||
#
|
||||
# Examples:
|
||||
# 192.168.100.0/24 # any host on the local net
|
||||
# 204.152.189.113 # a specific host
|
||||
# 0.0.0.0/0 # any host on any net (USE THIS WITH CARE!)
|
||||
|
||||
127.0.0.1 # always accept localhost
|
||||
#192.168.100.0/24 # any host on the local net
|
||||
#204.152.189.113 # a specific host
|
||||
#0.0.0.0/0 # any host on any net (USE THIS WITH CARE!)
|
||||
|
||||
{% if vdr_svdrphosts is defined %}
|
||||
{% for host_or_subnet in vdr_svdrphosts %}
|
||||
127.0.0.1 # always accept localhost
|
||||
{% for host_or_subnet in svdrphosts %}
|
||||
{{ host_or_subnet }}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
#+END_SRC
|
||||
**** allowed_hosts.conf style template
|
||||
#+BEGIN_SRC jinja2 :tangle roles/vdr/templates/generic_allowed_hosts.conf.j2 :mkdirp yes
|
||||
{{ ansible_managed | comment }}
|
||||
# This file describes a number of host addresses that
|
||||
# are allowed to connect to the {{ vdr_service }}
|
||||
# running with the Video Disk Recorder (VDR) on this system.
|
||||
#
|
||||
# Syntax:
|
||||
#
|
||||
# IP-Address[/Netmask]
|
||||
#
|
||||
# Examples:
|
||||
#
|
||||
# 192.168.100.0/24 # any host on the local net
|
||||
# 204.152.189.113 # a specific host
|
||||
{% if vdr_service == 'streamdev-server' %}
|
||||
# 239.255.0.0/16 # uncomment for IGMP multicast streaming
|
||||
{% endif %}
|
||||
# 0.0.0.0/0 # any host on any net (USE THIS WITH CARE!)
|
||||
|
||||
127.0.0.1 # always accept localhost
|
||||
{% for host_or_subnet in allowed_hosts %}
|
||||
{{ host_or_subnet }}
|
||||
{% endfor %}
|
||||
#+END_SRC
|
||||
**** xineliboutput.conf template
|
||||
#+BEGIN_SRC jinja2 :tangle roles/vdr/templates/xineliboutput.conf.j2 :mkdirp yes
|
||||
#
|
||||
# Command line parameters for vdr-plugin-xineliboutput
|
||||
#
|
||||
# For more details see:
|
||||
# - /usr/share/doc/vdr-plugin-xineliboutput/README.Debian
|
||||
# - `vdr --help -Pxineliboutput`
|
||||
# - /usr/share/doc/vdr-plugin-xineliboutput/README
|
||||
#
|
||||
[xineliboutput]
|
||||
--local=none
|
||||
--primary
|
||||
--remote={{ "" if allowed_hosts else "127.0.0.1" }}:37890
|
||||
--truecolor
|
||||
#+END_SRC
|
||||
*** files
|
||||
:PROPERTIES:
|
||||
|
@ -99,14 +99,64 @@
|
||||
template:
|
||||
src: templates/svdrphosts.conf.j2
|
||||
dest: '/etc/vdr/svdrphosts.conf'
|
||||
owner: '{{ vdr.user }}'
|
||||
group: '{{ vdr.group }}'
|
||||
mode: 0644
|
||||
vars:
|
||||
svdrphosts: '{{ vdr_svdrphosts | default(vdr_allowed_hosts) }}'
|
||||
|
||||
- name: "vdr configuration | /etc/default/vdr"
|
||||
template:
|
||||
src: templates/default_vdr.j2
|
||||
dest: /etc/default/vdr
|
||||
- name: ensure directory '/etc/vdr/xineliboutput' exists
|
||||
file:
|
||||
state: directory
|
||||
mode: 0775
|
||||
dest: '/etc/vdr/plugins/xineliboutput'
|
||||
|
||||
- name: "vdr configuration | allowed_hosts.conf for xineliboutput"
|
||||
template:
|
||||
src: templates/generic_allowed_hosts.conf.j2
|
||||
dest: '/etc/vdr/plugins/{{ vdr_service }}/allowed_hosts.conf'
|
||||
mode: 0644
|
||||
vars:
|
||||
allowed_hosts: '{{ xineliboutput_allowed_hosts | default(vdr_allowed_hosts) }}'
|
||||
vdr_service: xineliboutput
|
||||
|
||||
- name: "vdr configuration | xineliboutput.conf host settings"
|
||||
template:
|
||||
src: templates/xineliboutput.conf.j2
|
||||
dest: /etc/vdr/conf.avail/xineliboutput.conf
|
||||
mode: 0644
|
||||
vars:
|
||||
allowed_hosts: '{{ xineliboutput_allowed_hosts | default(vdr_allowed_hosts) }}'
|
||||
- name: ensure directory '/etc/vdr/plugins/vnsiserver' exists
|
||||
file:
|
||||
state: directory
|
||||
mode: 0775
|
||||
dest: '/etc/vdr/plugins/vnsiserver'
|
||||
|
||||
- name: "vdr configuration | allowed_hosts.conf for vnsiserver"
|
||||
template:
|
||||
src: templates/generic_allowed_hosts.conf.j2
|
||||
dest: '/etc/vdr/plugins/{{ vdr_service }}/allowed_hosts.conf'
|
||||
mode: 0644
|
||||
vars:
|
||||
allowed_hosts: '{{ vnsiserver_allowed_hosts | default(vdr_allowed_hosts) }}'
|
||||
vdr_service: vnsiserver
|
||||
- name: ensure directory '/etc/vdr/plugins' exists
|
||||
file:
|
||||
state: directory
|
||||
mode: 0775
|
||||
dest: '/etc/vdr/plugins/'
|
||||
|
||||
- name: "vdr configuration | streamdevhosts.conf for streamdev-server"
|
||||
template:
|
||||
src: templates/generic_allowed_hosts.conf.j2
|
||||
dest: '/etc/vdr/plugins/streamdevhosts.conf'
|
||||
mode: 0644
|
||||
vars:
|
||||
allowed_hosts: '{{ streamdev_server_allowed_hosts | default(vdr_allowed_hosts) }}'
|
||||
vdr_service: streamdev-server
|
||||
- name: create directory for vdr.service systemd drop-in files
|
||||
file:
|
||||
dest: '{{ item }}'
|
||||
|
22
roles/vdr/templates/generic_allowed_hosts.conf.j2
Normal file
22
roles/vdr/templates/generic_allowed_hosts.conf.j2
Normal file
@ -0,0 +1,22 @@
|
||||
{{ ansible_managed | comment }}
|
||||
# This file describes a number of host addresses that
|
||||
# are allowed to connect to the {{ vdr_service }}
|
||||
# running with the Video Disk Recorder (VDR) on this system.
|
||||
#
|
||||
# Syntax:
|
||||
#
|
||||
# IP-Address[/Netmask]
|
||||
#
|
||||
# Examples:
|
||||
#
|
||||
# 192.168.100.0/24 # any host on the local net
|
||||
# 204.152.189.113 # a specific host
|
||||
{% if vdr_service == 'streamdev-server' %}
|
||||
# 239.255.0.0/16 # uncomment for IGMP multicast streaming
|
||||
{% endif %}
|
||||
# 0.0.0.0/0 # any host on any net (USE THIS WITH CARE!)
|
||||
|
||||
127.0.0.1 # always accept localhost
|
||||
{% for host_or_subnet in allowed_hosts %}
|
||||
{{ host_or_subnet }}
|
||||
{% endfor %}
|
@ -7,14 +7,12 @@
|
||||
#
|
||||
# IP-Address[/Netmask]
|
||||
#
|
||||
# Examples:
|
||||
# 192.168.100.0/24 # any host on the local net
|
||||
# 204.152.189.113 # a specific host
|
||||
# 0.0.0.0/0 # any host on any net (USE THIS WITH CARE!)
|
||||
|
||||
127.0.0.1 # always accept localhost
|
||||
#192.168.100.0/24 # any host on the local net
|
||||
#204.152.189.113 # a specific host
|
||||
#0.0.0.0/0 # any host on any net (USE THIS WITH CARE!)
|
||||
|
||||
{% if vdr_svdrphosts is defined %}
|
||||
{% for host_or_subnet in vdr_svdrphosts %}
|
||||
127.0.0.1 # always accept localhost
|
||||
{% for host_or_subnet in svdrphosts %}
|
||||
{{ host_or_subnet }}
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
13
roles/vdr/templates/xineliboutput.conf.j2
Normal file
13
roles/vdr/templates/xineliboutput.conf.j2
Normal file
@ -0,0 +1,13 @@
|
||||
#
|
||||
# Command line parameters for vdr-plugin-xineliboutput
|
||||
#
|
||||
# For more details see:
|
||||
# - /usr/share/doc/vdr-plugin-xineliboutput/README.Debian
|
||||
# - `vdr --help -Pxineliboutput`
|
||||
# - /usr/share/doc/vdr-plugin-xineliboutput/README
|
||||
#
|
||||
[xineliboutput]
|
||||
--local=none
|
||||
--primary
|
||||
--remote={{ "" if allowed_hosts else "127.0.0.1" }}:37890
|
||||
--truecolor
|
@ -28,3 +28,4 @@ vdr:
|
||||
hide_first_recording_level: false
|
||||
safe_dirnames: true
|
||||
override_vdr_charset: false
|
||||
vdr_allowed_hosts: []
|
||||
|
Loading…
Reference in New Issue
Block a user