From f52934cd255f9be24c9e6490074006cb9c0600ee Mon Sep 17 00:00:00 2001 From: Timotej Lazar Date: Tue, 4 Nov 2025 16:28:44 +0100 Subject: [PATCH] =?UTF-8?q?friwall:=20don=E2=80=99t=20template=20settings?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Let all settings including list of nodes be managed by application. Exception is the list of networks instantiated from NetBox data. --- roles/friwall/tasks/main.yml | 13 +++++++------ roles/friwall/templates/interfaces.j2 | 14 -------------- roles/friwall/templates/nodes.json.j2 | 11 ----------- roles/friwall/templates/settings.json.j2 | 10 ---------- 4 files changed, 7 insertions(+), 41 deletions(-) delete mode 100644 roles/friwall/templates/interfaces.j2 delete mode 100644 roles/friwall/templates/nodes.json.j2 delete mode 100644 roles/friwall/templates/settings.json.j2 diff --git a/roles/friwall/tasks/main.yml b/roles/friwall/tasks/main.yml index 0164136..d0f85ae 100644 --- a/roles/friwall/tasks/main.yml +++ b/roles/friwall/tasks/main.yml @@ -38,17 +38,18 @@ extra_args: --user --break-system-packages --no-warn-script-location notify: restart uwsgi -- name: Configure base settings - template: - dest: "/srv/friwall/{{ item }}" - src: "{{ item }}.j2" +- name: Ensure setting files exist + copy: + dest: "/srv/friwall/{{ item }}.json" + content: | + {} owner: friwall group: friwall mode: 0600 force: no loop: - - nodes.json - - settings.json + - nodes + - settings notify: restart uwsgi - name: Configure list of networks diff --git a/roles/friwall/templates/interfaces.j2 b/roles/friwall/templates/interfaces.j2 deleted file mode 100644 index d738c99..0000000 --- a/roles/friwall/templates/interfaces.j2 +++ /dev/null @@ -1,14 +0,0 @@ -auto lo -iface lo inet loopback - -{% for iface in interfaces %} -auto {{ iface.name }} -iface {{ iface.name }} inet static -{% for address in iface.ip_addresses %} - address {{ address.address }} -{% endfor %} -{% if iface.custom_fields.gateway %} - gateway {{ iface.custom_fields.gateway.address | ipaddr('address') }} -{% endif %} - -{% endfor %} diff --git a/roles/friwall/templates/nodes.json.j2 b/roles/friwall/templates/nodes.json.j2 deleted file mode 100644 index c4ba065..0000000 --- a/roles/friwall/templates/nodes.json.j2 +++ /dev/null @@ -1,11 +0,0 @@ -{% set nodes = query('netbox.netbox.nb_lookup', 'devices', api_filter='role=firewall', raw_data=true) - | selectattr('config_context') | selectattr('config_context', 'contains', 'master') - | selectattr('config_context.master', '==', inventory_hostname) - | map(attribute='name') -%} - -{ -{% for node in nodes %} - "{{ hostvars[node] | device_address | selectattr('family.value', '==', 4) - | map(attribute='address') | ipaddr('address') | first }}": -1{{ '' if loop.last else ',' }} -{% endfor %} -} diff --git a/roles/friwall/templates/settings.json.j2 b/roles/friwall/templates/settings.json.j2 deleted file mode 100644 index 3086ff3..0000000 --- a/roles/friwall/templates/settings.json.j2 +++ /dev/null @@ -1,10 +0,0 @@ -{ - "ldap_host": "{{ domain }}", - "ldap_user": "{{ password.ldap_user }}", - "ldap_pass": "{{ password.ldap_pass }}", - "ldap_base_dn": "{{ ldap_base_dn }}", - "oidc_server": "{{ password.oidc_server }}", - "oidc_client_id": "{{ password.oidc_client_id }}", - "oidc_client_secret": "{{ password.oidc_client_secret }}", - "wg_net": "{{ wg_net }}" -}