rc/servers
2
0
Fork 0
Code Issues Pull requests Actions Packages Projects 1 Releases Wiki Activity

netbox: allow registered users to view everything

Browse source 
And others nothing. Also clean up.
This commit is contained in:
Timotej Lazar 2024-08-15 17:09:11 +02:00
parent 8ba6959065
commit 9084f25319
1 changed files with 15 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
roles/netbox/tasks/main.yml
View file

@ -67,12 +67,8 @@
line: " 'USER': '{{ user }}', # PostgreSQL username" line: " 'USER': '{{ user }}', # PostgreSQL username"
- key: 'PASSWORD.*PostgreSQL password' - key: 'PASSWORD.*PostgreSQL password'
line: " 'PASSWORD': '{{ password.db_pass }}', # PostgreSQL password" line: " 'PASSWORD': '{{ password.db_pass }}', # PostgreSQL password"
# XXX unnecessary? - key: '^PLUGINS = '
#- key: '(OPTIONS|PASSWORD).*PostgreSQL password' line: "PLUGINS = ['netbox_topology_views']"
# line: " 'OPTIONS': { 'passfile': '{{ user_info.home }}/.pgpass' }, # PostgreSQL password"
# not yet compatible, see https://github.com/netbox-community/netbox-topology-views/issues/503
#- key: '^PLUGINS = '
# line: "PLUGINS = ['netbox_topology_views']"
notify: run migrations notify: run migrations
- name: Configure OIDC authentication - name: Configure OIDC authentication
@ -91,11 +87,22 @@
line: "SOCIAL_AUTH_OIDC_KEY = '{{ password.oidc_client_id }}'" line: "SOCIAL_AUTH_OIDC_KEY = '{{ password.oidc_client_id }}'"
- key: "^SOCIAL_AUTH_OIDC_SECRET =" - key: "^SOCIAL_AUTH_OIDC_SECRET ="
line: "SOCIAL_AUTH_OIDC_SECRET = '{{ password.oidc_client_secret }}'" line: "SOCIAL_AUTH_OIDC_SECRET = '{{ password.oidc_client_secret }}'"
# TODO the key should really be upn but it doesn’t seem to work
- key: "^SOCIAL_AUTH_OIDC_USERNAME_KEY =" - key: "^SOCIAL_AUTH_OIDC_USERNAME_KEY ="
line: "SOCIAL_AUTH_OIDC_USERNAME_KEY = 'email'" line: "SOCIAL_AUTH_OIDC_USERNAME_KEY = 'email'"
notify: run migrations notify: run migrations
- name: Configure various settings
lineinfile:
path: '{{ user_info.home }}/app/netbox/netbox/configuration.py'
regexp: '{{ item.key }}'
line: '{{ item.line }}'
loop:
- key: "^LOGIN_REQUIRED ="
line: "LOGIN_REQUIRED = True"
- key: "^EXEMPT_VIEW_PERMISSIONS = \\[$"
line: "EXEMPT_VIEW_PERMISSIONS = ['*',"
notify: restart netbox
- name: Set additional requirements - name: Set additional requirements
become: yes become: yes
become_user: '{{ user }}' become_user: '{{ user }}'
@ -117,8 +124,7 @@
#from django.contrib.auth.models import User #from django.contrib.auth.models import User
username = '{{ password.admin_user }}' username = '{{ password.admin_user }}'
if not User.objects.filter(username=username): if not User.objects.filter(username=username):
User.objects.create_superuser(username, '', # TODO email User.objects.create_superuser(username, password='{{ password.admin_pass }}')
'{{ password.admin_pass }}')
sys.exit(1) sys.exit(1)
register: result register: result
changed_when: result.rc != 0 changed_when: result.rc != 0