From 8e41769f4bc65c9596699c58a50c906a75ffe0b1 Mon Sep 17 00:00:00 2001
From: Lucas <116588+hairmare@users.noreply.github.com>
Date: Sun, 1 Dec 2024 15:35:46 +0100
Subject: [PATCH] chore(agent): Move hardcoded fw zone to defaults (#38)

---
 roles/agent/defaults/main.yml | 2 ++
 roles/agent/tasks/main.yaml   | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/roles/agent/defaults/main.yml b/roles/agent/defaults/main.yml
index df37b9a..75cb3ec 100644
--- a/roles/agent/defaults/main.yml
+++ b/roles/agent/defaults/main.yml
@@ -14,3 +14,5 @@ _radiorabe_zabbix_agent_zabbix_agent_tls: cert
 _radiorabe_zabbix_agent_zabbix_agent_cafile: /etc/ipa/ca.crt
 _radiorabe_zabbix_agent_zabbix_agent_tlscertfile: /etc/pki/tls/certs/zabbix-agent.crt
 _radiorabe_zabbix_agent_zabbix_agent_tlskeyfile: /etc/pki/tls/private/zabbix-agent.key
+
+_radiorabe_zabbix_agent_firewall_zone: service
diff --git a/roles/agent/tasks/main.yaml b/roles/agent/tasks/main.yaml
index 025010a..969d66e 100644
--- a/roles/agent/tasks/main.yaml
+++ b/roles/agent/tasks/main.yaml
@@ -98,7 +98,7 @@
   vars:
     firewall:
       - rich_rule: ['rule family="ipv4" source address="{{ _rabe_zabbix_server_ip }}" service name="zabbix-agent" accept']
-        zone: service
+        zone: "{{ _radiorabe_zabbix_agent_firewall_zone }}"
         state: enabled
   tags:
     - role::rabe_zabbix.agent