Add manage_firewall conditional

Allow us to enroll machines in Salt which do not yet have their firewall
configuration imported without having their rules overwritten.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>

pillar/cluster/denc/web-proxy.sls

@@ -212,6 +212,7 @@ nginx:
             - error_log: /var/log/nginx/libsso_public.error.log
             - access_log: /var/log/nginx/libsso_public.access.log combined
 
+manage_firewall: True
 firewalld:
   zones:
     public:

pillar/id/dericom02_rigel_lysergic_dev.sls

@@ -267,6 +267,7 @@ profile:
         host: 'chillnet\.matterbridge\.dericom02\.rigel\.lysergic\.dev'
         root: {{ mediapath }}chill
 
+manage_firewall: True
 firewalld:
   zones:
     web:

pillar/id/derimisc01_rigel_lysergic_dev.sls

@@ -12,3 +12,5 @@ tor:
       hostname: cr36xbvmgjwnfw4sly4kuc6c3ozhesjre3y5pggq5xdkkmbrq6dz4fad.onion
       hs_ed25519_public_key: PT0gZWQyNTUxOXYxLXB1YmxpYzogdHlwZTAgPT0AAAAUd+uGrDJs0tuSXjiqC8LbsnJJMSbx15jQ7calMDGHhw==
       hs_ed25519_secret_key: ${'secret_tor:hidden_services:irc:key'}
+
+manage_firewall: True

pillar/id/deriweb01_rigel_lysergic_dev.sls

@@ -441,3 +441,4 @@ nginx:
                 - sub_filter_types: application/xml
                 - sub_filter: takahe.rigel.lysergic.dev:8000 exhausted.life
 
+manage_firewall: True

pillar/id/moni_lysergic_dev.sls

@@ -108,3 +108,5 @@ prometheus:
               require_tls: false
               smarthost: 'zz0.email:465'
               send_resolved: yes
+
+manage_firewall: True

pillar/id/themis_lysergic_dev.sls

@@ -142,6 +142,7 @@ profile:
       pwd: ${'secret_privatebin:model_options:pwd'}
       opt[12]: true
 
+manage_firewall: True
 firewalld:
   zones:
     backend:

salt/common/suse.sls

@@ -1,5 +1,8 @@
 include:
+  {#- drop pillar check after all firewall configurations have been imported #}
+  {%- if salt['pillar.get']('manage_firewall'), False %}
   - firewalld
+  {%- endif %}
   - profile.seccheck
   - profile.zypp
   - profile.prometheus.node_exporter