converting to roles, converting from runlabels to quadlet ~ breaking change

author: spmfox <spmfox@foxwd.com> 2024-08-27 17:34:55 -0400
committer: spmfox <spmfox@foxwd.com> 2024-08-27 17:34:55 -0400
commit: 5ca4fbf2cfe781efedc7c078acaa826c6ad39b10 (patch)
tree: 598ff2c8b51948091ffa1eb1fbb6ef6f7b26b776 /roles/host/tasks/unprivileged-ports.yml
parent: 4aa6b11581718f66e711bf26fbb41e96fa3a4661 (diff)
1 files changed, 17 insertions, 0 deletions
diff --git a/roles/host/tasks/unprivileged-ports.yml b/roles/host/tasks/unprivileged-ports.yml
new file mode 100644
index 0000000..003646a
--- /dev/null
+++ b/roles/host/tasks/unprivileged-ports.yml
@@ -0,0 +1,17 @@
+- name: Unprivileged port block
+  block:
+    - name: Confirm port 80 and above is allowed for unprivileged use
+      ansible.builtin.shell: "sysctl net.ipv4.ip_unprivileged_port_start |grep 80"
+
+  rescue:
+    - name: Set sysctl parameter net.ipv4.ip_unprivileged_port_start=80
+      ansible.builtin.lineinfile:
+        path: "/etc/sysctl.conf"
+        regexp: "^net.ipv4.ip_unprivileged_port_start=80"
+        line: "net.ipv4.ip_unprivileged_port_start=80"
+
+    - name: Reload sysctl
+      ansible.builtin.shell: "sysctl -p /etc/sysctl.conf"
+
+    - name: Confirm port 80 and above is allowed for unprivileged use
+      ansible.builtin.shell: "sysctl net.ipv4.ip_unprivileged_port_start |grep 80"
author	spmfox <spmfox@foxwd.com>	2024-08-27 17:34:55 -0400
committer	spmfox <spmfox@foxwd.com>	2024-08-27 17:34:55 -0400
commit	5ca4fbf2cfe781efedc7c078acaa826c6ad39b10 (patch)
tree	598ff2c8b51948091ffa1eb1fbb6ef6f7b26b776 /roles/host/tasks/unprivileged-ports.yml
parent	4aa6b11581718f66e711bf26fbb41e96fa3a4661 (diff)