[Policyd] Fix policyd deployment.

2020-05-17 21:10:54 +02:00 · 2020-05-17 21:10:54 +02:00 · 1080857f26
parent 11b3383972
commit 1080857f26
3 changed files with 19 additions and 11 deletions
--- a/postfix.yml
+++ b/postfix.yml
@ -16,9 +16,24 @@
    policyd:
      mail: root@crans.org
      exemptions: "{{ lookup('re2oapi', 'get_role', 'user-server')[0] }}"
-    mynetworks:
-      ipv4: "{{ lookup('re2oapi', 'cidrs', 'adherents', 'fil-new-pub', 'fil-pub', 'wifi-new-pub', 'serveurs', 'wifi-new-serveurs', 'wifi-new-federez', 'fil-new-serveurs', 'fil-new-adherents') }}"
-      ipv6: "{{ lookup('re2oapi', 'prefixv6', 'adherents', 'fil-new-pub', 'wifi-new-pub') }}"
+      mynetworks:
+        ipv4:
+          "{{ lookup('re2oapi', 'cidrs', 'serveurs',
+                                         'adherents',
+                                         'wifi-new-pub',
+                                         'fil-new-pub',
+                                         'fil-pub',
+                                         'wifi-new-serveurs',
+                                         'wifi-new-adherents',
+                                         'wifi-new-federez',
+                                         'fil-new-serveurs',
+                                         'fil-new-adherents')
+                                         | flatten }}"
+        ipv6:
+          "{{ lookup('re2oapi', 'prefixv6', 'adherents',
+                                            'fil-new-pub',
+                                            'wifi-new-pub')
+                                            | flatten }}"
  roles:
    - certbot
    - postfix
--- a/roles/policyd/tasks/main.yml
+++ b/roles/policyd/tasks/main.yml
@ -8,13 +8,6 @@
  until: apt_result is succeeded
  when: postfix.primary

-
- name: Find the local network
-  set_fact:
-    limited_networksv6: ["{{ mynetworks.ipv6}}"]
-    limited_networksv4: ["{{ mynetworks.ipv4}}"]
-    cacheable: True
-
 - name: Deploy policyd-rate-limit
  vars:
    exempt_v4: "{{ policyd.exemptions | json_query('servers[].interface[?vlan_id==`2`].ipv4[]') }}"
--- a/roles/policyd/templates/policyd/policyd-rate-limit.yaml.j2
+++ b/roles/policyd/templates/policyd/policyd-rate-limit.yaml.j2
@ -71,7 +71,7 @@ limit_by_ip: True
 # to limit_by_ip: False, put "0.0.0.0/0" and "::/0" for every ip addresses.


-limited_networks: {{ limited_networksv6 | union(limited_networksv4) }}
+limited_networks: {{ policyd.mynetworks.ipv4 | union(policyd.mynetworks.ipv6) }}

 # If not limits are reach, which action postfix should do.
 # see http://www.postfix.org/access.5.html for a list of actions.