rc/servers
5
0
Fork 1
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

friwall: don’t template settings

Browse source 
Let all settings including list of nodes be managed by application.
Exception is the list of networks instantiated from NetBox data.

Also add README.
This commit is contained in:
Timotej Lazar 2025-11-04 16:28:44 +01:00 committed by Gašper Fele-Žorž
parent 927ff9758e
commit 07143b28f2
5 changed files with 8 additions and 41 deletions
Download patch file Download diff file Expand all files Collapse all files

1
roles/friwall/README.md Normal file
View file

@ -0,0 +1 @@
Install and configure the [FRIwall](https://git.fri.uni-lj.si/rc/friwall) web application for managing firewall nodes. For settings and operation refer to that project.

13
roles/friwall/tasks/main.yml
View file

@ -38,17 +38,18 @@
extra_args: --user --break-system-packages --no-warn-script-location extra_args: --user --break-system-packages --no-warn-script-location
notify: restart uwsgi notify: restart uwsgi
- name: Configure base settings - name: Ensure setting files exist
template: copy:
dest: "/srv/friwall/{{ item }}" dest: "/srv/friwall/{{ item }}.json"
src: "{{ item }}.j2" content: |
{}
owner: friwall owner: friwall
group: friwall group: friwall
mode: 0600 mode: 0600
force: no force: no
loop: loop:
- nodes.json - nodes
- settings.json - settings
notify: restart uwsgi notify: restart uwsgi
- name: Configure list of networks - name: Configure list of networks

14
roles/friwall/templates/interfaces.j2
View file

@ -1,14 +0,0 @@
auto lo
iface lo inet loopback
{% for iface in interfaces %}
auto {{ iface.name }}
iface {{ iface.name }} inet static
{% for address in iface.ip_addresses %}
address {{ address.address }}
{% endfor %}
{% if iface.custom_fields.gateway %}
gateway {{ iface.custom_fields.gateway.address | ipaddr('address') }}
{% endif %}
{% endfor %}

11
roles/friwall/templates/nodes.json.j2
View file

@ -1,11 +0,0 @@
{% set nodes = query('netbox.netbox.nb_lookup', 'devices', api_filter='role=firewall', raw_data=true)
| selectattr('config_context') | selectattr('config_context', 'contains', 'master')
| selectattr('config_context.master', '==', inventory_hostname)
| map(attribute='name') -%}
{
{% for node in nodes %}
"{{ hostvars[node] | device_address | selectattr('family.value', '==', 4)
| map(attribute='address') | ipaddr('address') | first }}": -1{{ '' if loop.last else ',' }}
{% endfor %}
}

10
roles/friwall/templates/settings.json.j2
View file

@ -1,10 +0,0 @@
{
"ldap_host": "{{ domain }}",
"ldap_user": "{{ password.ldap_user }}",
"ldap_pass": "{{ password.ldap_pass }}",
"ldap_base_dn": "{{ ldap_base_dn }}",
"oidc_server": "{{ password.oidc_server }}",
"oidc_client_id": "{{ password.oidc_client_id }}",
"oidc_client_secret": "{{ password.oidc_client_secret }}",
"wg_net": "{{ wg_net }}"
}