netbox: allow registered users to view everything
And others nothing. Also clean up. Also enable topology views plugin.
This commit is contained in:
parent
8ba6959065
commit
d5db7529dd
|
@ -67,12 +67,8 @@
|
|||
line: " 'USER': '{{ user }}', # PostgreSQL username"
|
||||
- key: 'PASSWORD.*PostgreSQL password'
|
||||
line: " 'PASSWORD': '{{ password.db_pass }}', # PostgreSQL password"
|
||||
# XXX unnecessary?
|
||||
#- key: '(OPTIONS|PASSWORD).*PostgreSQL password'
|
||||
# line: " 'OPTIONS': { 'passfile': '{{ user_info.home }}/.pgpass' }, # PostgreSQL password"
|
||||
# not yet compatible, see https://github.com/netbox-community/netbox-topology-views/issues/503
|
||||
#- key: '^PLUGINS = '
|
||||
# line: "PLUGINS = ['netbox_topology_views']"
|
||||
- key: '^PLUGINS = '
|
||||
line: "PLUGINS = ['netbox_topology_views']"
|
||||
notify: run migrations
|
||||
|
||||
- name: Configure OIDC authentication
|
||||
|
@ -91,11 +87,22 @@
|
|||
line: "SOCIAL_AUTH_OIDC_KEY = '{{ password.oidc_client_id }}'"
|
||||
- key: "^SOCIAL_AUTH_OIDC_SECRET ="
|
||||
line: "SOCIAL_AUTH_OIDC_SECRET = '{{ password.oidc_client_secret }}'"
|
||||
# TODO the key should really be upn but it doesn’t seem to work
|
||||
- key: "^SOCIAL_AUTH_OIDC_USERNAME_KEY ="
|
||||
line: "SOCIAL_AUTH_OIDC_USERNAME_KEY = 'email'"
|
||||
notify: run migrations
|
||||
|
||||
- name: Configure various settings
|
||||
lineinfile:
|
||||
path: '{{ user_info.home }}/app/netbox/netbox/configuration.py'
|
||||
regexp: '{{ item.key }}'
|
||||
line: '{{ item.line }}'
|
||||
loop:
|
||||
- key: "^LOGIN_REQUIRED ="
|
||||
line: "LOGIN_REQUIRED = True"
|
||||
- key: "^EXEMPT_VIEW_PERMISSIONS = \\[$"
|
||||
line: "EXEMPT_VIEW_PERMISSIONS = ['*',"
|
||||
notify: restart netbox
|
||||
|
||||
- name: Set additional requirements
|
||||
become: yes
|
||||
become_user: '{{ user }}'
|
||||
|
@ -117,8 +124,7 @@
|
|||
#from django.contrib.auth.models import User
|
||||
username = '{{ password.admin_user }}'
|
||||
if not User.objects.filter(username=username):
|
||||
User.objects.create_superuser(username, '', # TODO email
|
||||
'{{ password.admin_pass }}')
|
||||
User.objects.create_superuser(username, password='{{ password.admin_pass }}')
|
||||
sys.exit(1)
|
||||
register: result
|
||||
changed_when: result.rc != 0
|
||||
|
|
Loading…
Reference in a new issue