From 1080857f26012ef3d4cfab518320d5cdba3aa94a Mon Sep 17 00:00:00 2001
From: Bombar Maxime <bombar@crans.org>
Date: Sun, 17 May 2020 21:10:54 +0200
Subject: [PATCH] [Policyd] Fix policyd deployment.

---
 postfix.yml                                   | 21 ++++++++++++++++---
 roles/policyd/tasks/main.yml                  |  7 -------
 .../policyd/policyd-rate-limit.yaml.j2        |  2 +-
 3 files changed, 19 insertions(+), 11 deletions(-)

diff --git a/postfix.yml b/postfix.yml
index e588531f..8f66e28b 100755
--- a/postfix.yml
+++ b/postfix.yml
@@ -16,9 +16,24 @@
     policyd:
       mail: root@crans.org
       exemptions: "{{ lookup('re2oapi', 'get_role', 'user-server')[0] }}"
-    mynetworks:
-      ipv4: "{{ lookup('re2oapi', 'cidrs', 'adherents', 'fil-new-pub', 'fil-pub', 'wifi-new-pub', 'serveurs', 'wifi-new-serveurs', 'wifi-new-federez', 'fil-new-serveurs', 'fil-new-adherents') }}"
-      ipv6: "{{ lookup('re2oapi', 'prefixv6', 'adherents', 'fil-new-pub', 'wifi-new-pub') }}"
+      mynetworks:
+        ipv4:
+          "{{ lookup('re2oapi', 'cidrs', 'serveurs',
+                                         'adherents',
+                                         'wifi-new-pub',
+                                         'fil-new-pub',
+                                         'fil-pub',
+                                         'wifi-new-serveurs',
+                                         'wifi-new-adherents',
+                                         'wifi-new-federez',
+                                         'fil-new-serveurs',
+                                         'fil-new-adherents')
+                                         | flatten }}"
+        ipv6:
+          "{{ lookup('re2oapi', 'prefixv6', 'adherents',
+                                            'fil-new-pub',
+                                            'wifi-new-pub')
+                                            | flatten }}"
   roles:
     - certbot
     - postfix
diff --git a/roles/policyd/tasks/main.yml b/roles/policyd/tasks/main.yml
index 586a8125..cb045076 100644
--- a/roles/policyd/tasks/main.yml
+++ b/roles/policyd/tasks/main.yml
@@ -8,13 +8,6 @@
   until: apt_result is succeeded
   when: postfix.primary
 
-
-- name: Find the local network
-  set_fact:
-    limited_networksv6: ["{{ mynetworks.ipv6}}"]
-    limited_networksv4: ["{{ mynetworks.ipv4}}"]
-    cacheable: True
-
 - name: Deploy policyd-rate-limit
   vars:
     exempt_v4: "{{ policyd.exemptions | json_query('servers[].interface[?vlan_id==`2`].ipv4[]') }}"
diff --git a/roles/policyd/templates/policyd/policyd-rate-limit.yaml.j2 b/roles/policyd/templates/policyd/policyd-rate-limit.yaml.j2
index f15eb7af..b6d3ea9e 100644
--- a/roles/policyd/templates/policyd/policyd-rate-limit.yaml.j2
+++ b/roles/policyd/templates/policyd/policyd-rate-limit.yaml.j2
@@ -71,7 +71,7 @@ limit_by_ip: True
 # to limit_by_ip: False, put "0.0.0.0/0" and "::/0" for every ip addresses.
 
 
-limited_networks: {{ limited_networksv6 | union(limited_networksv4) }}
+limited_networks: {{ policyd.mynetworks.ipv4 | union(policyd.mynetworks.ipv6) }}
 
 # If not limits are reach, which action postfix should do.
 # see http://www.postfix.org/access.5.html for a list of actions.