From 8577acb15679959fcd88780d646fe512387050e6 Mon Sep 17 00:00:00 2001
From: NaeiKinDus <git@0x2a.ninja>
Date: Thu, 8 Aug 2024 00:00:00 +0000
Subject: [PATCH] feat(security): add a way to override supervisors ip
 addresses for external devices

---
 .../infrastructure/roles/security/tasks/firewall.yml          | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/collections/ansible_collections/nullified/infrastructure/roles/security/tasks/firewall.yml b/collections/ansible_collections/nullified/infrastructure/roles/security/tasks/firewall.yml
index 1640854..d8d342f 100644
--- a/collections/ansible_collections/nullified/infrastructure/roles/security/tasks/firewall.yml
+++ b/collections/ansible_collections/nullified/infrastructure/roles/security/tasks/firewall.yml
@@ -30,8 +30,8 @@
 
     - name: set firewall templates facts
       ansible.builtin.set_fact:
-        security_firewall_supervisors_ip4: '{{ provisioner_facts.controllers_list.values() | list | ansible.utils.ipv4 }}'
-        security_firewall_supervisors_ip6: '{{ provisioner_facts.controllers_list.values() | list | ansible.utils.ipv6 }}'
+        security_firewall_supervisors_ip4: '{{ external_provisioner_source_ips | default(provisioner_facts.controllers_list.values()) | list | ansible.utils.ipv4 }}'
+        security_firewall_supervisors_ip6: '{{ external_provisioner_source_ips | default(provisioner_facts.controllers_list.values()) | list | ansible.utils.ipv6 }}'
         security_firewall_dns4_servers: "{{ hostvars[inventory_hostname]['global_dns_{}_dns4'.format(global_dns_type)] | default(ansible_facts.dns.nameservers | ansible.utils.ipv4, true) }}"
         security_firewall_dns6_servers: "{{ hostvars[inventory_hostname]['global_dns_{}_dns6'.format(global_dns_type)] | default(ansible_facts.dns.nameservers | ansible.utils.ipv6, true) }}"