feat(security): add a way to override supervisors ip addresses for external devices

2024-08-08 00:00:00 +00:00 · 2024-08-08 00:00:00 +00:00 · 8577acb156
commit 8577acb156
parent 641bf17fa4
1 changed files with 2 additions and 2 deletions
--- a/collections/ansible_collections/nullified/infrastructure/roles/security/tasks/firewall.yml
+++ b/collections/ansible_collections/nullified/infrastructure/roles/security/tasks/firewall.yml
@ -30,8 +30,8 @@

    - name: set firewall templates facts
      ansible.builtin.set_fact:
-        security_firewall_supervisors_ip4: '{{ provisioner_facts.controllers_list.values() | list | ansible.utils.ipv4 }}'
-        security_firewall_supervisors_ip6: '{{ provisioner_facts.controllers_list.values() | list | ansible.utils.ipv6 }}'
+        security_firewall_supervisors_ip4: '{{ external_provisioner_source_ips | default(provisioner_facts.controllers_list.values()) | list | ansible.utils.ipv4 }}'
+        security_firewall_supervisors_ip6: '{{ external_provisioner_source_ips | default(provisioner_facts.controllers_list.values()) | list | ansible.utils.ipv6 }}'
        security_firewall_dns4_servers: "{{ hostvars[inventory_hostname]['global_dns_{}_dns4'.format(global_dns_type)] | default(ansible_facts.dns.nameservers | ansible.utils.ipv4, true) }}"
        security_firewall_dns6_servers: "{{ hostvars[inventory_hostname]['global_dns_{}_dns6'.format(global_dns_type)] | default(ansible_facts.dns.nameservers | ansible.utils.ipv6, true) }}"