From b1064159c000771642d108e64c6b85271d87e34f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Sachse?= <joerg.sachse@slub-dresden.de>
Date: Mon, 29 Jan 2024 08:44:51 +0100
Subject: [PATCH] fix: undo changes done with the systemd override for
 rpcbind.socket, because the 'ListenStream=' and 'ListenDatagram=' don't work
 like I thought and are useless for what we're trying to accomplish

---
 tasks/configure_rpcbind.yml | 38 ++-----------------------------------
 1 file changed, 2 insertions(+), 36 deletions(-)

diff --git a/tasks/configure_rpcbind.yml b/tasks/configure_rpcbind.yml
index c8862a7..63a12e1 100644
--- a/tasks/configure_rpcbind.yml
+++ b/tasks/configure_rpcbind.yml
@@ -11,42 +11,7 @@
 - name: create directory for Systemd unit override
   ansible.builtin.file:
     path: "/etc/systemd/system/rpcbind.socket.d/"
-    state: directory
-    mode: "0755"
-  when: rpcbind_installed
-
-- name: implement access control in rpcbind socket unit by creating an override - general settings
-  ansible.builtin.blockinfile:
-    path: "/etc/systemd/system/rpcbind.socket.d/override.conf"
-    create: true
-    mode: "0644"
-    marker: "### {mark} ANSIBLE MANAGED BLOCK - clear previous settings"
-    block: |
-      # from `man 5 systemd.socket`:
-      # "SOCK_STREAM (i.e. ListenStream=) when used for IP sockets refers to
-      # TCP sockets, SOCK_DGRAM (i.e. ListenDatagram=) to UDP."
-
-      # Clear any previously set options...
-      #ListenStream=0.0.0.0:111      # DISTRO DEFAULT
-      #ListenDatagram=0.0.0.0:111    # DISTRO DEFAULT
-      ListenStream=
-      ListenDatagram=
-      # ...and now set new stricter values in subsequent blocks.
-  when: rpcbind_installed
-  notify: daemon_reload
-
-- name: implement access control in rpcbind socket unit by creating an override - interface specific settings
-  ansible.builtin.blockinfile:
-    path: "/etc/systemd/system/rpcbind.socket.d/override.conf"
-    create: true
-    mode: "0644"
-    marker: "### {mark} ANSIBLE MANAGED BLOCK - allow access for {{ item.source }}"
-    block: |
-      ListenStream={{ item.source }}
-      ListenDatagram={{ item.source }}
-  loop: "{{ vault_nfs_server_interfaces }}"
-  when: rpcbind_installed
-  notify: daemon_reload
+    state: absent
 
 - name: implement rpcbind access control in iptables
   ansible.builtin.iptables:
@@ -57,3 +22,4 @@
     jump: "ACCEPT"
   loop: "{{ vault_nfs_server_interfaces }}"
   notify: "save iptables rules"
+  when: rpcbind_installed
-- 
GitLab