rc/servers
4
0
Fork 1
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

master #2

Open
polz wants to merge 32 commits from polz/servers:master into master
pull from: polz/servers:master
merge into: rc:master
Conversation 1 Commits 32 Files changed 60 +8 -41
5 changed files with 8 additions and 41 deletions
Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit 07143b28f2 - Show all commits

1
roles/friwall/README.md Normal file
View file

@ -0,0 +1 @@
Install and configure the [FRIwall](https://git.fri.uni-lj.si/rc/friwall) web application for managing firewall nodes. For settings and operation refer to that project.

13
roles/friwall/tasks/main.yml
View file

@ -38,17 +38,18 @@
extra_args: --user --break-system-packages --no-warn-script-location
notify: restart uwsgi
- name: Configure base settings
template:
dest: "/srv/friwall/{{ item }}"
src: "{{ item }}.j2"
- name: Ensure setting files exist
copy:
dest: "/srv/friwall/{{ item }}.json"
content: |
{}
owner: friwall
group: friwall
mode: 0600
force: no
loop:
- nodes.json
- settings.json
- nodes
- settings
notify: restart uwsgi
- name: Configure list of networks

14
roles/friwall/templates/interfaces.j2
View file

@ -1,14 +0,0 @@
auto lo
iface lo inet loopback
{% for iface in interfaces %}
auto {{ iface.name }}
iface {{ iface.name }} inet static
{% for address in iface.ip_addresses %}
address {{ address.address }}
{% endfor %}
{% if iface.custom_fields.gateway %}
gateway {{ iface.custom_fields.gateway.address | ipaddr('address') }}
{% endif %}
{% endfor %}

11
roles/friwall/templates/nodes.json.j2
View file

@ -1,11 +0,0 @@
{% set nodes = query('netbox.netbox.nb_lookup', 'devices', api_filter='role=firewall', raw_data=true)
| selectattr('config_context') | selectattr('config_context', 'contains', 'master')
| selectattr('config_context.master', '==', inventory_hostname)
| map(attribute='name') -%}
{
{% for node in nodes %}
"{{ hostvars[node] | device_address | selectattr('family.value', '==', 4)
| map(attribute='address') | ipaddr('address') | first }}": -1{{ '' if loop.last else ',' }}
{% endfor %}
}

10
roles/friwall/templates/settings.json.j2
View file

@ -1,10 +0,0 @@
{
"ldap_host": "{{ domain }}",
"ldap_user": "{{ password.ldap_user }}",
"ldap_pass": "{{ password.ldap_pass }}",
"ldap_base_dn": "{{ ldap_base_dn }}",
"oidc_server": "{{ password.oidc_server }}",
"oidc_client_id": "{{ password.oidc_client_id }}",
"oidc_client_secret": "{{ password.oidc_client_secret }}",
"wg_net": "{{ wg_net }}"
}