netbox: allow registered users to view everything

And others nothing. Also clean up. Also enable topology views plugin.
This commit is contained in:
Timotej Lazar 2024-08-15 17:09:11 +02:00
parent 8ba6959065
commit d5db7529dd

View file

@ -67,12 +67,8 @@
line: " 'USER': '{{ user }}', # PostgreSQL username"
- key: 'PASSWORD.*PostgreSQL password'
line: " 'PASSWORD': '{{ password.db_pass }}', # PostgreSQL password"
# XXX unnecessary?
#- key: '(OPTIONS|PASSWORD).*PostgreSQL password'
# line: " 'OPTIONS': { 'passfile': '{{ user_info.home }}/.pgpass' }, # PostgreSQL password"
# not yet compatible, see https://github.com/netbox-community/netbox-topology-views/issues/503
#- key: '^PLUGINS = '
# line: "PLUGINS = ['netbox_topology_views']"
- key: '^PLUGINS = '
line: "PLUGINS = ['netbox_topology_views']"
notify: run migrations
- name: Configure OIDC authentication
@ -91,11 +87,22 @@
line: "SOCIAL_AUTH_OIDC_KEY = '{{ password.oidc_client_id }}'"
- key: "^SOCIAL_AUTH_OIDC_SECRET ="
line: "SOCIAL_AUTH_OIDC_SECRET = '{{ password.oidc_client_secret }}'"
# TODO the key should really be upn but it doesn’t seem to work
- key: "^SOCIAL_AUTH_OIDC_USERNAME_KEY ="
line: "SOCIAL_AUTH_OIDC_USERNAME_KEY = 'email'"
notify: run migrations
- name: Configure various settings
lineinfile:
path: '{{ user_info.home }}/app/netbox/netbox/configuration.py'
regexp: '{{ item.key }}'
line: '{{ item.line }}'
loop:
- key: "^LOGIN_REQUIRED ="
line: "LOGIN_REQUIRED = True"
- key: "^EXEMPT_VIEW_PERMISSIONS = \\[$"
line: "EXEMPT_VIEW_PERMISSIONS = ['*',"
notify: restart netbox
- name: Set additional requirements
become: yes
become_user: '{{ user }}'
@ -117,8 +124,7 @@
#from django.contrib.auth.models import User
username = '{{ password.admin_user }}'
if not User.objects.filter(username=username):
User.objects.create_superuser(username, '', # TODO email
'{{ password.admin_pass }}')
User.objects.create_superuser(username, password='{{ password.admin_pass }}')
sys.exit(1)
register: result
changed_when: result.rc != 0