rc/servers
4
0
Fork 1
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

friwall: don’t template settings

Browse source 
Let all settings including list of nodes be managed by application.
Exception is the list of networks instantiated from NetBox data.
This commit is contained in:
Timotej Lazar 2025-11-04 16:28:44 +01:00
parent ff90d3c0a3
commit f52934cd25
4 changed files with 7 additions and 41 deletions
Download patch file Download diff file Expand all files Collapse all files

13
roles/friwall/tasks/main.yml
View file

@ -38,17 +38,18 @@
extra_args: --user --break-system-packages --no-warn-script-location extra_args: --user --break-system-packages --no-warn-script-location
notify: restart uwsgi notify: restart uwsgi
- name: Configure base settings - name: Ensure setting files exist
template: copy:
dest: "/srv/friwall/{{ item }}" dest: "/srv/friwall/{{ item }}.json"
src: "{{ item }}.j2" content: |
{}
owner: friwall owner: friwall
group: friwall group: friwall
mode: 0600 mode: 0600
force: no force: no
loop: loop:
- nodes.json - nodes
- settings.json - settings
notify: restart uwsgi notify: restart uwsgi
- name: Configure list of networks - name: Configure list of networks

14
roles/friwall/templates/interfaces.j2
View file

@ -1,14 +0,0 @@
auto lo
iface lo inet loopback
{% for iface in interfaces %}
auto {{ iface.name }}
iface {{ iface.name }} inet static
{% for address in iface.ip_addresses %}
address {{ address.address }}
{% endfor %}
{% if iface.custom_fields.gateway %}
gateway {{ iface.custom_fields.gateway.address | ipaddr('address') }}
{% endif %}
{% endfor %}

11
roles/friwall/templates/nodes.json.j2
View file

@ -1,11 +0,0 @@
{% set nodes = query('netbox.netbox.nb_lookup', 'devices', api_filter='role=firewall', raw_data=true)
| selectattr('config_context') | selectattr('config_context', 'contains', 'master')
| selectattr('config_context.master', '==', inventory_hostname)
| map(attribute='name') -%}
{
{% for node in nodes %}
"{{ hostvars[node] | device_address | selectattr('family.value', '==', 4)
| map(attribute='address') | ipaddr('address') | first }}": -1{{ '' if loop.last else ',' }}
{% endfor %}
}

10
roles/friwall/templates/settings.json.j2
View file

@ -1,10 +0,0 @@
{
"ldap_host": "{{ domain }}",
"ldap_user": "{{ password.ldap_user }}",
"ldap_pass": "{{ password.ldap_pass }}",
"ldap_base_dn": "{{ ldap_base_dn }}",
"oidc_server": "{{ password.oidc_server }}",
"oidc_client_id": "{{ password.oidc_client_id }}",
"oidc_client_secret": "{{ password.oidc_client_secret }}",
"wg_net": "{{ wg_net }}"
}