From c11a7664f5318ed265309ec604e76eadb6d42170 Mon Sep 17 00:00:00 2001
From: shirenn <shirenn@crans.org>
Date: Wed, 30 Nov 2022 15:56:52 +0100
Subject: [PATCH] [gitlab] gardening

---
 .../templates/systemd/system/docker.service.d/override.conf.j2  | 2 +-
 roles/gitlab-runner/tasks/main.yml                              | 2 +-
 roles/irker/tasks/main.yml                                      | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/roles/docker/templates/systemd/system/docker.service.d/override.conf.j2 b/roles/docker/templates/systemd/system/docker.service.d/override.conf.j2
index e34dd43b..e44121da 100644
--- a/roles/docker/templates/systemd/system/docker.service.d/override.conf.j2
+++ b/roles/docker/templates/systemd/system/docker.service.d/override.conf.j2
@@ -1,4 +1,4 @@
 [Service]
 # Allow domain resolution, don't use adm network for anything else
-ExecStartPost=/bin/sh -c "/usr/sbin/iptables -I FORWARD 1 -i docker0 -d {{ docker.dns_network }} -p udp --dport 53 -j ACCEPT; /usr/sbin/iptables -I FORWARD 2 -d {{ docker.adm_network }} -i docker0 -j REJECT --reject-with icmp-port-unreachable"
+ExecStartPost=/bin/sh -c "/usr/sbin/iptables -I FORWARD 1 -i docker0 -d 172.16.10.128/32 -p udp --dport 53 -j ACCEPT; /usr/sbin/iptables -I FORWARD 2 -d 172.16.0.0/16 -i docker0 -j REJECT --reject-with icmp-port-unreachable"
 ExecStopPost=/usr/sbin/iptables --flush FORWARD
diff --git a/roles/gitlab-runner/tasks/main.yml b/roles/gitlab-runner/tasks/main.yml
index 8ee0eafe..34f6f80c 100644
--- a/roles/gitlab-runner/tasks/main.yml
+++ b/roles/gitlab-runner/tasks/main.yml
@@ -26,7 +26,7 @@
 # Add the repository into source list
 - name: Configure Gitlab repository
   apt_repository:
-    repo: deb https://packages.gitlab.com/runner/gitlab-runner/debian/ buster main
+    repo: "deb https://packages.gitlab.com/runner/gitlab-runner/debian/ {{ ansible_distribution_release }} main"
     state: present
 
 - name: Install gitlab-runner
diff --git a/roles/irker/tasks/main.yml b/roles/irker/tasks/main.yml
index f0efd019..979478c2 100644
--- a/roles/irker/tasks/main.yml
+++ b/roles/irker/tasks/main.yml
@@ -37,7 +37,7 @@
   lineinfile:
     path: /etc/default/irker
     regexp: ^IRKER_OPTIONS=
-    line: IRKER_OPTIONS="-n {{ irker.name }} -d warning"
+    line: IRKER_OPTIONS="-n {{ irker.name }}"
     create: true
     owner: root
     group: root