[Policyd] Fix policyd deployment.

postfix.yml

@@ -16,9 +16,24 @@
     policyd:
       mail: root@crans.org
       exemptions: "{{ lookup('re2oapi', 'get_role', 'user-server')[0] }}"
-    mynetworks:
+      mynetworks:
-      ipv4: "{{ lookup('re2oapi', 'cidrs', 'adherents', 'fil-new-pub', 'fil-pub', 'wifi-new-pub', 'serveurs', 'wifi-new-serveurs', 'wifi-new-federez', 'fil-new-serveurs', 'fil-new-adherents') }}"
+        ipv4:
-      ipv6: "{{ lookup('re2oapi', 'prefixv6', 'adherents', 'fil-new-pub', 'wifi-new-pub') }}"
+          "{{ lookup('re2oapi', 'cidrs', 'serveurs',
+                                         'adherents',
+                                         'wifi-new-pub',
+                                         'fil-new-pub',
+                                         'fil-pub',
+                                         'wifi-new-serveurs',
+                                         'wifi-new-adherents',
+                                         'wifi-new-federez',
+                                         'fil-new-serveurs',
+                                         'fil-new-adherents')
+                                         | flatten }}"
+        ipv6:
+          "{{ lookup('re2oapi', 'prefixv6', 'adherents',
+                                            'fil-new-pub',
+                                            'wifi-new-pub')
+                                            | flatten }}"
   roles:
     - certbot
     - postfix

roles/policyd/tasks/main.yml

@@ -8,13 +8,6 @@
   until: apt_result is succeeded
   when: postfix.primary
 
-
-- name: Find the local network
-  set_fact:
-    limited_networksv6: ["{{ mynetworks.ipv6}}"]
-    limited_networksv4: ["{{ mynetworks.ipv4}}"]
-    cacheable: True
-
 - name: Deploy policyd-rate-limit
   vars:
     exempt_v4: "{{ policyd.exemptions | json_query('servers[].interface[?vlan_id==`2`].ipv4[]') }}"

roles/policyd/templates/policyd/policyd-rate-limit.yaml.j2

@@ -71,7 +71,7 @@ limit_by_ip: True
 # to limit_by_ip: False, put "0.0.0.0/0" and "::/0" for every ip addresses.
 
 
-limited_networks: {{ limited_networksv6 | union(limited_networksv4) }}
+limited_networks: {{ policyd.mynetworks.ipv4 | union(policyd.mynetworks.ipv6) }}
 
 # If not limits are reach, which action postfix should do.
 # see http://www.postfix.org/access.5.html for a list of actions.