friwall: don’t template settings

Let all settings including list of nodes be managed by application.
Exception is the list of networks instantiated from NetBox data.

Also add README.

roles/friwall/README.md

@@ -0,0 +1 @@
+Install and configure the [FRIwall](https://git.fri.uni-lj.si/rc/friwall) web application for managing firewall nodes. For settings and operation refer to that project.

roles/friwall/tasks/main.yml

@@ -38,17 +38,18 @@
     extra_args: --user --break-system-packages --no-warn-script-location
   notify: restart uwsgi
 
-- name: Configure base settings
-  template:
-    dest: "/srv/friwall/{{ item }}"
-    src: "{{ item }}.j2"
+- name: Ensure setting files exist
+  copy:
+    dest: "/srv/friwall/{{ item }}.json"
+    content: |
+      {}
     owner: friwall
     group: friwall
     mode: 0600
     force: no
   loop:
-    - nodes.json
-    - settings.json
+    - nodes
+    - settings
   notify: restart uwsgi
 
 - name: Configure list of networks

roles/friwall/templates/interfaces.j2

@@ -1,14 +0,0 @@
-auto lo
-iface lo inet loopback
-
-{% for iface in interfaces %}
-auto {{ iface.name }}
-iface {{ iface.name }} inet static
-{% for address in iface.ip_addresses %}
-    address {{ address.address }}
-{% endfor %}
-{% if iface.custom_fields.gateway %}
-    gateway {{ iface.custom_fields.gateway.address | ipaddr('address') }}
-{% endif %}
-
-{% endfor %}

roles/friwall/templates/nodes.json.j2

@@ -1,11 +0,0 @@
-{% set nodes = query('netbox.netbox.nb_lookup', 'devices', api_filter='role=firewall', raw_data=true)
-    | selectattr('config_context') | selectattr('config_context', 'contains', 'master')
-    | selectattr('config_context.master', '==', inventory_hostname)
-    | map(attribute='name') -%}
-
-{
-{% for node in nodes %}
-  "{{ hostvars[node] | device_address | selectattr('family.value', '==', 4)
-          | map(attribute='address') | ipaddr('address') | first }}": -1{{ '' if loop.last else ',' }}
-{% endfor %}
-}

roles/friwall/templates/settings.json.j2

@@ -1,10 +0,0 @@
-{
-  "ldap_host": "{{ domain }}",
-  "ldap_user": "{{ password.ldap_user }}",
-  "ldap_pass": "{{ password.ldap_pass }}",
-  "ldap_base_dn": "{{ ldap_base_dn }}",
-  "oidc_server": "{{ password.oidc_server }}",
-  "oidc_client_id": "{{ password.oidc_client_id }}",
-  "oidc_client_secret": "{{ password.oidc_client_secret }}",
-  "wg_net": "{{ wg_net }}"
-}