From 9084f25319bcf16fe1e5e9e4dfa0c16628a76521 Mon Sep 17 00:00:00 2001 From: Timotej Lazar Date: Thu, 15 Aug 2024 17:09:11 +0200 Subject: [PATCH] netbox: allow registered users to view everything And others nothing. Also clean up. --- roles/netbox/tasks/main.yml | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/roles/netbox/tasks/main.yml b/roles/netbox/tasks/main.yml index 5475b0c..04fa6c6 100644 --- a/roles/netbox/tasks/main.yml +++ b/roles/netbox/tasks/main.yml @@ -67,12 +67,8 @@ line: " 'USER': '{{ user }}', # PostgreSQL username" - key: 'PASSWORD.*PostgreSQL password' line: " 'PASSWORD': '{{ password.db_pass }}', # PostgreSQL password" - # XXX unnecessary? - #- key: '(OPTIONS|PASSWORD).*PostgreSQL password' - # line: " 'OPTIONS': { 'passfile': '{{ user_info.home }}/.pgpass' }, # PostgreSQL password" - # not yet compatible, see https://github.com/netbox-community/netbox-topology-views/issues/503 - #- key: '^PLUGINS = ' - # line: "PLUGINS = ['netbox_topology_views']" + - key: '^PLUGINS = ' + line: "PLUGINS = ['netbox_topology_views']" notify: run migrations - name: Configure OIDC authentication @@ -91,11 +87,22 @@ line: "SOCIAL_AUTH_OIDC_KEY = '{{ password.oidc_client_id }}'" - key: "^SOCIAL_AUTH_OIDC_SECRET =" line: "SOCIAL_AUTH_OIDC_SECRET = '{{ password.oidc_client_secret }}'" - # TODO the key should really be upn but it doesn’t seem to work - key: "^SOCIAL_AUTH_OIDC_USERNAME_KEY =" line: "SOCIAL_AUTH_OIDC_USERNAME_KEY = 'email'" notify: run migrations +- name: Configure various settings + lineinfile: + path: '{{ user_info.home }}/app/netbox/netbox/configuration.py' + regexp: '{{ item.key }}' + line: '{{ item.line }}' + loop: + - key: "^LOGIN_REQUIRED =" + line: "LOGIN_REQUIRED = True" + - key: "^EXEMPT_VIEW_PERMISSIONS = \\[$" + line: "EXEMPT_VIEW_PERMISSIONS = ['*'," + notify: restart netbox + - name: Set additional requirements become: yes become_user: '{{ user }}' @@ -117,8 +124,7 @@ #from django.contrib.auth.models import User username = '{{ password.admin_user }}' if not User.objects.filter(username=username): - User.objects.create_superuser(username, '', # TODO email - '{{ password.admin_pass }}') + User.objects.create_superuser(username, password='{{ password.admin_pass }}') sys.exit(1) register: result changed_when: result.rc != 0