netbox: allow registered users to view everything

And others nothing. Also clean up.
2024-08-15 17:09:11 +02:00 · 2024-08-15 17:09:11 +02:00 · 9084f25319
parent 8ba6959065
commit 9084f25319
1 changed files with 15 additions and 9 deletions
--- a/roles/netbox/tasks/main.yml
+++ b/roles/netbox/tasks/main.yml
@ -67,12 +67,8 @@
      line: "    'USER': '{{ user }}', # PostgreSQL username"
    - key: 'PASSWORD.*PostgreSQL password'
      line: "    'PASSWORD': '{{ password.db_pass }}', # PostgreSQL password"
-    # XXX unnecessary?
-    #- key: '(OPTIONS|PASSWORD).*PostgreSQL password'
-    #  line: "    'OPTIONS': { 'passfile': '{{ user_info.home }}/.pgpass' }, # PostgreSQL password"
-    # not yet compatible, see https://github.com/netbox-community/netbox-topology-views/issues/503
-    #- key: '^PLUGINS = '
-    #  line: "PLUGINS = ['netbox_topology_views']"
+    - key: '^PLUGINS = '
+      line: "PLUGINS = ['netbox_topology_views']"
  notify: run migrations

 - name: Configure OIDC authentication
@ -91,11 +87,22 @@
      line: "SOCIAL_AUTH_OIDC_KEY = '{{ password.oidc_client_id }}'"
    - key: "^SOCIAL_AUTH_OIDC_SECRET ="
      line: "SOCIAL_AUTH_OIDC_SECRET = '{{ password.oidc_client_secret }}'"
-    # TODO the key should really be upn but it doesn’t seem to work
    - key: "^SOCIAL_AUTH_OIDC_USERNAME_KEY ="
      line: "SOCIAL_AUTH_OIDC_USERNAME_KEY = 'email'"
  notify: run migrations

+- name: Configure various settings
+  lineinfile:
+    path: '{{ user_info.home }}/app/netbox/netbox/configuration.py'
+    regexp: '{{ item.key }}'
+    line: '{{ item.line }}'
+  loop:
+    - key: "^LOGIN_REQUIRED ="
+      line: "LOGIN_REQUIRED = True"
+    - key: "^EXEMPT_VIEW_PERMISSIONS = \\[$"
+      line: "EXEMPT_VIEW_PERMISSIONS = ['*',"
+  notify: restart netbox
+
 - name: Set additional requirements
  become: yes
  become_user: '{{ user }}'
@ -117,8 +124,7 @@
      #from django.contrib.auth.models import User
      username = '{{ password.admin_user }}'
      if not User.objects.filter(username=username):
-          User.objects.create_superuser(username, '', # TODO email
-              '{{ password.admin_pass }}')
+          User.objects.create_superuser(username, password='{{ password.admin_pass }}')
          sys.exit(1)
  register: result
  changed_when: result.rc != 0