From 3eeb9baa57a64c30a2d8f7f125a139a3399b6a26 Mon Sep 17 00:00:00 2001
From: hygienic-books <hygienic-books@tentic.net>
Date: Wed, 6 Jul 2022 01:11:22 +0200
Subject: [PATCH] feat(firewall): Add dependencies for firewalld helper script

---
 README.md                                     |  2 +-
 .../tasks/40-install-mailcow.yml              | 28 +++++++++++--------
 2 files changed, 17 insertions(+), 13 deletions(-)

diff --git a/README.md b/README.md
index 3b423d6..cad224a 100644
--- a/README.md
+++ b/README.md
@@ -11,7 +11,7 @@ We're assuming that you're running Ansible as a Python package inside a virtual
 pip install ansible
 ```
 
-We're also assuming that secrets are stored in a HashiCorp Vault instance to which you have access. These role access Vault via `hvac`, the HashiCorp Vault API client for Python 3.x, see [github.com/hvac/hvac](https://github.com/hvac/hvac) for reference. Install it like so:
+We're also assuming that secrets are stored in a HashiCorp Vault instance to which you have access. These roles access Vault via `hvac`, the HashiCorp Vault API client for Python 3.x, see [github.com/hvac/hvac](https://github.com/hvac/hvac) for reference. Install it like so:
 ```
 pip install hvac
 ```
diff --git a/ansible/roles/50-service-mailcow/tasks/40-install-mailcow.yml b/ansible/roles/50-service-mailcow/tasks/40-install-mailcow.yml
index 926b5db..6db3fbe 100644
--- a/ansible/roles/50-service-mailcow/tasks/40-install-mailcow.yml
+++ b/ansible/roles/50-service-mailcow/tasks/40-install-mailcow.yml
@@ -13,28 +13,34 @@
 
 
 - name: 'Install Docker engine basics'
+  tags:
+    - 'testing'
   ansible.builtin.dnf:
     name:
-      - 'yum-utils'
-      - 'docker-ce'
-      - 'docker-ce-cli'
-      - 'containerd.io'
-      - 'docker-compose-plugin'
-      - 'git'
+      - 'docker-ce'             # Docker
+      - 'docker-ce-cli'         #
+      - 'containerd.io'         #
+      - 'docker-compose-plugin' #
+      - 'git'                   # git clone Mailcow repo
+      - '@Development tools'    # Install 'update-firewall-source' Python package
     state: 'latest'
 
 
 
+- name: 'Start systemd iptables.service'
+  ansible.builtin.systemd:
+    name: 'iptables.service'
+    state: 'started'
+    enabled: 'yes'
+
+
+
 - name: 'Populate service facts'
-  tags:
-    - 'testing'
   ansible.builtin.service_facts:
 
 
 
 - name: 'Store Docker daemon.json'
-  tags:
-    - 'testing'
   register: 'rv_upload_daemonjson'
   ansible.builtin.copy:
     src: 'etc/docker/daemon.json'
@@ -48,8 +54,6 @@
 
 
 - name: 'Start systemd docker.service'
-  tags:
-    - 'testing'
   when: '(ansible_facts.services[''docker.service''].state != ''running'')'
   ansible.builtin.systemd:
     name: 'docker.service'