From 23f250c981552217ab7afd952a565f3304433f18 Mon Sep 17 00:00:00 2001
From: jurgenhaas <juergen@paragon-es.de>
Date: Wed, 22 Apr 2020 15:21:52 +0200
Subject: [PATCH] Change iptables only if really required

---
 tasks/cert_generate.yml | 2 ++
 tasks/renew.yml         | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/tasks/cert_generate.yml b/tasks/cert_generate.yml
index 5934edd..9714e55 100644
--- a/tasks/cert_generate.yml
+++ b/tasks/cert_generate.yml
@@ -17,6 +17,7 @@
       protocol: tcp
       jump: ACCEPT
       state: present
+    when: groups.proxyserver is defined and inventory_hostname in groups.proxyserver
 
   - name: Install New Cert via webroot
     shell: certbot certonly --expand --non-interactive --config /etc/letsencrypt/{{ cert.domain }}.ini --cert-name {{ cert.domain }} --webroot-path /var/www/html --webroot
@@ -36,6 +37,7 @@
       protocol: tcp
       jump: ACCEPT
       state: absent
+    when: groups.proxyserver is defined and inventory_hostname in groups.proxyserver
 
   - include_tasks: cert_deploy.yml
 
diff --git a/tasks/renew.yml b/tasks/renew.yml
index 8c10d91..a91b0b9 100644
--- a/tasks/renew.yml
+++ b/tasks/renew.yml
@@ -19,6 +19,7 @@
     protocol: tcp
     jump: ACCEPT
     state: present
+  when: groups.proxyserver is defined and inventory_hostname in groups.proxyserver
 
 - name: Renew Existing Certs via webroot
   shell: certbot renew --non-interactive --webroot-path /var/www/html --webroot
@@ -42,6 +43,7 @@
     protocol: tcp
     jump: ACCEPT
     state: absent
+  when: groups.proxyserver is defined and inventory_hostname in groups.proxyserver
 
 - include_tasks: cert_deploy.yml
   with_items: '{{ letsencrypt_certificates|default([]) }}'
-- 
GitLab