SUNET/soc-ops
9
0
Fork 1
Code Activity

fixes.

Browse source
This commit is contained in:
Johan Björklund 2024-10-31 14:05:47 +01:00
parent 48201c92cb
commit 2f0343cfa5
Signed by: bjorklund
GPG key ID: 5E8401339C7F5037
1 changed files with 1 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
global/overlay/etc/puppet/modules/soc/manifests/sso.pp
View file

@ -22,11 +22,7 @@
# We use this only for Graylog at the time of writing. # We use this only for Graylog at the time of writing.
# #
/ @param swamid_testing Set this to true if your SP is registered in swamid-testing. / @param swamid_testing Set this to true if your SP is registered in swamid-testing.
#
# @param front_clients
# Hiera field, defined at common.yaml, with the the frontend IP prefixes that require access
# to port 443. Defaults to empty string.
#
class soc::sso( class soc::sso(
$hostname, $hostname,
$email, $email,
@ -36,7 +32,6 @@ class soc::sso(
$x_remote_user = false, $x_remote_user = false,
$swamid_testing = false, $swamid_testing = false,
$single_user = false, $single_user = false,
$front_clients = '',
$satosa = true, $satosa = true,
$satosa_certbot = false, $satosa_certbot = false,
$translog = 'INFO', $translog = 'INFO',
@ -189,17 +184,6 @@ class soc::sso(
# NFT Rules # NFT Rules
# #
if 'wg0' in $facts['networking']['interfaces'].keys {
if $front_clients != '' {
$front_clients_exposed = hiera_array($front_clients,[])
sunet::nftables::docker_expose { 'clients_https' :
allow_clients => $front_clients_exposed,
port => 443,
iif => 'wg0',
}
}
}
sunet::nftables::docker_expose { 'apache_sso_https' : sunet::nftables::docker_expose { 'apache_sso_https' :
allow_clients => ['0.0.0.0/0'], allow_clients => ['0.0.0.0/0'],
port => 443, port => 443,